Adminvol 2

software
Lotus Domino 6
Administering the Domino System, Volume 2

Disclaimer
THIS DOCUMENTATION IS PROVIDED FOR REFERENCE PURPOSES ONLY. WHILE EFFORTS
WERE MADE TO VERIFY THE COMPLETENESS AND ACCURACY OF THE INFORMATION
CONTAINED IN THIS DOCUMENTATION, THIS DOCUMENTATION IS PROVIDED “AS IS”
WITHOUT ANY WARRANTY WHATSOEVER AND TO THE MAXIMUM EXTENT PERMITTED,
IBM DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION THE
IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A
PARTICULAR PURPOSE, WITH RESPECT TO THE SAME. IBM SHALL NOT BE RESPONSIBLE FOR
ANY DAMAGES, INCLUDING WITHOUT LIMITATION, DIRECT, INDIRECT, CONSEQUENTIAL
OR INCIDENTAL DAMAGES, ARISING OUT OF THE USE OF, OR OTHERWISE RELATED TO,
THIS DOCUMENTATION OR ANY OTHER DOCUMENTATION. NOTWITHSTANDING
ANYTHING TO THE CONTRARY, NOTHING CONTAINED IN THIS DOCUMENTATION OR ANY
OTHER DOCUMENTATION IS INTENDED TO, NOR SHALL HAVE THE EFFECT OF, CREATING
ANY WARRANTIES OR REPRESENTATIONS FROM IBM (OR ITS SUPPLIERS OR LICENSORS), OR
ALTERING THE TERMS AND CONDITIONS OF THE APPLICABLE LICENSE AGREEMENT
GOVERNING THE USE OF THIS SOFTWARE.
Copyright
Under the copyright laws, neither the documentation nor the software may be copied, photocopied,
reproduced, translated, or reduced to any electronic medium or machine-readable form, in whole or
in part, without the prior written consent of IBM, except in the manner described in the documenta-
tion or the applicable licensing agreement governing the use of the software.
© Copyright IBM Corporation 1985, 2002
All rights reserved.
Lotus Software
IBM Software Group
One Rogers Street
Cambridge, MA 02142
US Government Users Restricted Rights — Use, duplication or disclosure restricted by GS ADP
Schedule Contract with IBM Corp.
List of Trademarks
1-2-3, cc:Mail, Domino, Domino Designer, Freelance Graphics, iNotes, Lotus, Lotus Discovery Server,
Lotus Enterprise Integrator, Lotus Mobile Notes, Lotus Notes, Lotus Organizer, LotusScript, Notes,
QuickPlace, Sametime, SmartSuite, and Word Pro are trademarks or registered trademarks of Lotus
Development Corporation and/or IBM Corporation in the United States, other countries, or both.
AIX, AS/400, DB2, IBM, iSeries, MQSeries, Netfinity, OfficeVision, OS/2, OS/390, OS/400, S/390,
Tivoli, and WebSphere are registered trademarks of International Business Machines Corporation in
the United States, other countries, or both. Pentium is a trademark of Intel Corporation in the United
States, other countries, or both. Microsoft, Windows, and Windows NT are registered trademarks of
Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark
of The Open Group in the United States and other countries. Java and all Java-based trademarks and
logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States, other
countries, or both.
All other trademarks are the property of their respective owners.
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . xv Starting and shutting down the Domino

server . . . . . . . . . . . . . . . . . . ... 3-46
Volume 1 4 Setting Up Server-to-Server
1 Deploying Domino . . . . . . . . . . . . 1-1 Connections . . . . . . . . . . . . . . . . . . . 4-1
Guidepost for deploying Domino . . . . . . . . 1-1 Planning server-to-server connections . . . . . 4-1
Building the Domino environment . . . . . . 1-14 How a server connects to another server . . . 4-4
2 Setting Up the Domino Internet connections . . . . . . . . . . . . . . . 4-21

Network . . . . . . . . . . . . . . . . . . . . . . 2-1 Passthru servers and hunt groups . . . . . . 4-23
Lotus Domino and networks . . . . . . . . . . . 2-1 Planning the use of passthru servers . . . . . 4-25
Network security . . . . . . . . . . . . . . . . . . 2-6 Setting up a server as a passthru server . . . 4-27
Planning the TCP/IP network . . . . . . . . . 2-10 Setting up a server as a passthru destination . . 4-28
Planning the NetBIOS network . . . . . . . . 2-26 Planning for modem use . . . . . . . . . . . . 4-33
Planning the IPX/SPX network . . . . . . . . 2-29 Commands for acquire and connect scripts . . 4-53
Setting up Domino servers on the network . . 2-32 Connecting Notes clients to servers . . . . . . 4-55
Server setup tasks specific to TCP/IP . . . . 2-43 5 Setting Up and Managing
Server setup tasks specific to NetBIOS . . . . 2-58 Notes Users . . . . . . . . . . . . . . . . . . . 5-1
Server setup tasks specific to IPX/SPX . . . . 2-61 Setting up Notes users ............... 5-1
NOTES.INI settings for networks . . . . . . . 2-64 Adding an alternate language and name
to a user ID . . . . . . . . . . . . . .... 5-38
3 Installing and Setting Up
Setting up client installation for users . . . . 5-41
Domino Servers . . . . . . . . . . . . . . . . 3-1
Managing users . . . . . . . . . . . . . . . . . . 5-54
Installing and setting up Domino servers ... 3-1
License Tracking . . . . . . . . . . . . . . . . . 5-85
Server installation . . . . . . . . . . . . . . . . . . 3-3
Custom welcome page deployment . . . . . 5-87
The Domino Server Setup program . . . . . . . 3-8
Using Domino Off-Line Services (DOLS) 6 Setting Up and Managing
and iNotes Web Access . . . . . . ... 3-10 Groups . . . . . . . . . . . . . . . . . . . . . . . 6-1
Using the Domino Server Setup program . . 3-17 Using groups ..................... 6-1
The Certification Log . . . . . . . . . . . . . . . 3-28 Creating and modifying groups . . . . . . . . . 6-2
Server registration . . . . . . . . . . . . . . . . 3-29 Managing groups . . . . . . . . . . . . . . . . . . 6-8
Optional tasks to perform after server setup . . 3-34 Assiging a policy to a group . . . . . . . . . . . 6-9
iii
7 Creating Replicas and Collecting detailed information from user
Scheduling Replication . . . . . . . . . . 7-1 calendars . . . . . . . . . . . . . . . . . . 8-20
Replicas ........................ 7-1 9 Using Policies . . . . . . . . . . . . . . . 9-1
How server-to-server replication works . . . . 7-3 Policies . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Guidelines for setting server access to Policy hierarchy and the effective policy . . . 9-3
databases . . . . . . . . . . . . . ...... 7-5 Planning and assigning policies . . . . . . . . . 9-6
Setting up a database ACL for Creating policies . . . . . . . . . . . . . . . . . . 9-7
server-to-server replication . . . . . . . . 7-6
Mail archiving and policies . . . . . . . . . . . 9-22
Table of replication settings . . . . . . . . . . 7-11
Managing policies . . . . . . . . . . . . . . . . 9-35
Specifying replication settings for one
replica . . . . . . . . . . . . . . . .
.... 7-17 Viewing policy relationships . . . . . . . . . . 9-37
Scheduling server-to-server replication . . . 7-20 10 Setting Up Domain Search . . . 10-1

Customizing server-to-server replication . . 7-22 Domain Search . . . . . . . . . . . . . . . . . . . 10-1
Specifying replication direction . . . . . . . . 7-23 Planning the Domain Index . . . . . . . . . . 10-4
Scheduling times for replication . . . . . . . . 7-24 Creating and updating the Domain Index . 10-14
Replicating only specific databases . . . . . . 7-27 Customizing Domain Search forms . . . . . 10-18
Replicating databases by priority . . . . . . . 7-28 Setting up Notes users for Domain Search . 10-19
Limiting replication time . . . . . . . . . . . . 7-29 Setting up Web users for Domain Search . 10-20
Using multiple replicators . . . . . . . . . . . 7-30 Using content maps with Domain Search . 10-21
Refusing replication requests . . . . . . . . . . 7-31 NOTES.INI settings for Domain Search . . 10-23
Forcing immediate replication . . . . . . . . . 7-31 11 Setting Up Domino Off-Line
Disabling database replication . . . . . . . . . 7-32 Services . . . . . . . . . . . . . . . . . . . . . 11-1
Forcing a server database to replicate . . . . 7-33 Domino Off-Line Services ............ 11-1
Viewing replication schedules and 12 Planning the Service
topology maps . . . . . . . . . ...... 7-34 Provider Environment . . . . . . . . . . 12-1
8 Setting Up Calendars and Planning the xSP server environment .... 12-1
Scheduling . . . . . . . . . . . . . . . . . . . . 8-1 Using Domino features in a hosted server
Calendars and scheduling ............ 8-1 environment . . . . . . . . . . . . . . .. 12-4
Setting up scheduling ............... 8-5 Example of planning a hosted

environment . . . . . . ......... 12-16
Setting up the Resource Reservations
database . . . . . . . . . . . . . . ...... 8-7 13 Setting Up the Service
Creating Site Profile and Resource Provider Environment . . . . . . . . . . 13-1
documents . . . . . . . . . .
. . . . . . . . 8-9 Setting up the service provider environment . . 13-1
Editing and deleting Resource documents . . 8-13 Installing the first server or additional
Creating Holiday documents . . . . . . . . . . 8-17 servers for hosted environments ... 13-2
Setting up a hosted organization ....... 13-3
iv Administering the Domino System, Volume 2

Setting up the Domino certificate 15 Setting Up the
authority for hosted organizations .. 13-3 Administration Process . . . . . . . . 15-1
Using policies in a hosted environment ... 13-4 The Administration Process .......... 15-1
What happens when you register a hosted Setting up the Administration Process . . . . 15-5
organization? . . . . . . . . . . . . . . .
. 13-5
Administration Process support of
Example of registering a hosted organization . . 13-8 secondary Domino Directories ..... 15-7
Registering a hosted organization . . . . . 13-11 Processing administration requests across
Using Internet and Web Site documents in domains . . . . . . . . . . . . . . . . . .. 15-8
a hosted environment . . . . . . . . . 13-18 Setting up ACLs for the Administration
Global Web Settings documents and the Process . . . . . . . . . . . . . . . . .
.. 15-13
service provider environment . . .. 13-21 The Administration Requests database . . 15-19
Configuring activity logging for billing Customizing the Administration Process . 15-29
hosted organizations . . . . . . . ... 13-23
Adminstration Process Statistics . . . . . . . 15-35
14 Managing a Hosted
Administration request messages . . . . . . 15-36
Environment . . . . . . . . . . . . . . . . . 14-1
Maintaining hosted organizations ...... 14-1 16 Setting Up and Using
Domino Administration Tools . . . 16-1
Adding a hosted organization to an
additional server to provide new The Domino Administrator ........... 16-1
Web applications . . . . . . . . . .... 14-2 Installing the Domino Administrator . . . . 16-1
Deleting a hosted organization ........ 14-3 Setting up the Domino Administrator . . . . 16-2
Temporarily disabling services for a Starting the Domino Administrator . . . . . 16-2
hosted organization . . . . . . ...... 14-4
Navigating Domino Administrator . . . . . . 16-3
Enabling anonymous access to a hosted
organization’s database . . . . . . ... 14-4 Selecting a server to administer in the
Domino Administrator . . . . . . . . . . 16-4
Moving a hosted organization to another
server . . . . . . . . . . . . . . . . . . . .. 14-5 Setting Domino Administration preferences . . 16-5
Removing a hosted organization from a Domino Administrator tabs . . . . . . . . . 16-13

backup or load-balancing server . .. 14-10 Web Administrator . . . . . . . . . . . . . . . 16-17
Restoring a hosted environment after a Setting up the Web Administrator . . . . . 16-17
server crash . . . . . . . . . . . . . ... 14-11
Starting the Web Administrator . . . . . . . 16-22
Using a browser to access a hosted
Using the Web Administrator . . . . . . . . 16-23
organization’s Web site . . . ..... 14-12
The Server Controller and the Domino
Using the Resource Reservations database
Console . . . . . . . . . . . . . . . ... 16-28
in a hosted environment . . . . . . . . 14-12
Viewing hosted organizations . . . . . . . . 14-14 17 Using Domino with
Windows Synchronization Tools . . 17-1
Managing users at a hosted organization . 14-14
Using the Web Administrator to manage
Setting up Windows NT User Manager ... 17-1
users at a hosted organization . . . . 14-15 Setting policy-based registration options
for use with Notes synchronization .. 17-6
Contents v
Using the Windows NT Performance Customizing the Directory Profile ..... 19-16
Monitor to view Domino . . . .... 17-23
Scheduling replication of the Domino
Setting up Domino Active Directory Directory . . . . . . . . . . . . . . . . . 19-17
synchronization . . . . . . . .
. . . . . 17-25
20 Setting Up the LDAP Service . . 20-1
18 Planning Directory Services . . 18-1 The LDAP service . . . . . . . . . . . . . . . . . 20-1
Overview of Domino directory services . . . 18-1
How the LDAP service works . . . . . . . . . 20-2
Using directory servers in a Domino
Setting up the LDAP service . . . . . . . . . . 20-7
domain . . . . . . . . . . . . . . .
..... 18-1
Starting and stopping the LDAP service . . . 20-8
Planning LDAP features . . . . . . . . . . . . . 18-3
Customizing the LDAP service
Planning directory access control . . . . . . . 18-7
configuration . . . . . . . . . . . . . . . . 20-9
Planning new entries in the Domino
Setting up clients to use the LDAP service . 20-34
Directory . . . . . . . . . . . . . ..... 18-7
Using LDAP to search a Domain index . . 20-36
Planning the management of entries in the
Domino Directory . . . . . . . . . . . . . 18-9 Monitoring the LDAP service . . . . . . . . 20-37
Planning directory services for Notes NOTES.INI settings for the LDAP service . 20-41
clients . . . . . . . . . . . . . . . .... 18-10 RFCs supported by the LDAP service . . . 20-42
Planning directory services in a
multiple-directory environment ... 18-12
21 Managing the LDAP Schema . . 21-1
LDAP schema . . . . . . . . . . . . . . . . . . . 21-1
Directory search order ............. 18-15
The Domino LDAP schema . . . . . . . . . . . 21-2
Planning internationalized directory
services . . . . . . . . . . . . . ..... 18-18 The schema daemon . . . . . . . . . . . . . . . 21-5
Planning directory customization . . . . . . 18-19 Domino LDAP Schema database . . . . . . . 21-7
Directory services terms . . . . . . . . . . . . 18-20 Methods for extending the schema . . . . . 21-10
19 Setting Up the Domino Extending the schema using the Schema

database . . . . . . . . . . . . . . . .
.. 21-13
Directory . . . . . . . . . . . . . . . . . . . . . 19-1
Schema-checking . . . . . . . . . . . . . . . . 21-18
The Domino Directory .............. 19-1
Searching the root DSE and schema entry . 21-19
Setting up the Domino Directory for a
domain . . . . . . . . . . . . . . . . .... 19-2 NOTES.INI settings related to the schema
daemon . . . . . . . . . . . . . . . . .
. 21-21
Using a central directory architecture in a
Domino domain . . . . . . . . . . . . .. 19-2 22 Using the ldapsearch Utility . . 22-1
Managing Domino Directories in a central Using the ldapsearch utility to search
directory architecture . . . . . . . . .. 19-5 LDAP directories . . . . . . . ...... 22-1
Controlling access to the Domino Table of ldapsearch parameters . . . . . . . . 22-2
Directory . . . . . . . . . . . . . . . . . . 19-9
Using search filters with ldapsearch . . . . . 22-4
Corporate hierarchies . . . . . . . . . . . . . 19-13
Using ldapsearch to return operational
Setting up Notes clients to use a directory attributes . . . . . . . . . . . . . .
.... 22-5
server . . . . . . . . . . . . . . . . . . . . 19-15
Examples of using ldapsearch ......... 22-6
vi Administering the Domino System, Volume 2

23 Setting Up Directory Specifying the Domino Directories for the
Assistance . . . . . . . . . . . . . . . . . . . 23-1 Dircat task to aggregate . . . . . . . . 24-15
Directory assistance . . . . . . . . . . . . . . . 23-1 Controlling which information is

aggregated into a directory catalog . 24-16
How directory assistance works . . . . . . . . 23-2
Full-text indexing directory catalogs .... 24-25
Directory assistance services . . . . . . . . . . 23-3
Planning issues specific to Extended
Directory assistance concepts . . . . . . . . 23-12 Directory Catalogs . . . . . . . .... 24-26
Directory assistance and naming rules . . . 23-12 Planning issues specific to condensed
Directory assistance and domain names . . 23-18 Directory Catalogs . . . . . . . .... 24-29
Directory assistance and failover for a Multiple directory catalogs .......... 24-33
directory . . . . . . . . . . . . . . . ... 23-19 Overview of setting up a condensed
Directory assistance for an Extended Directory Catalog . . . . . . .
..... 24-34
Directory Catalog . . . . . . . . .... 23-22 The Dircat task .................. 24-45
Directory assistance in conjunction with a Opening the configuration document for a
condensed Directory Catalog . . . . . 23-24 directory catalog . . . . . . . . . . . . . 24-48
Directory assistance for the primary Monitoring directory catalogs . . . . . . . . 24-49
Domino Directory . . . . . . . ..... 23-26
25 Setting Up Extended ACLs . . . 25-1
Number of directory assistance databases . 23-29
Extended ACL . . . . . . . . . . . . . . . . . . . 25-1
Setting up directory assistance . . . . . . . . 23-29
How other database security features
Directory assistance examples . . . . . . . . 23-51 restrict extended ACL access
Monitoring directory assistance . . . . . . . 23-60 settings . . . . . . . . . . . . . . .
. . . . . 25-2
24 Setting Up Directory Elements of an extended ACL . . . . . . . . . 25-3
Catalogs . . . . . . . . . . . . . . . . . . . . . 24-1 Extended ACL access settings . . . . . . . . . 25-3
Directory catalogs................. 24-1 Extended ACL subject . . . . . . . . . . . . . . 25-9
Condensed Directory Catalogs . . . . . . . . 24-2 Extended ACL target . . . . . . . . . . . . . . 25-12
Directory catalogs on servers compared to Extended ACL examples . . . . . . . . . . . 25-19
directory assistance for individual
Extended ACL guidelines . . . . . . . . . . . 25-22
Domino Directories . . . . . . . . . . .. 24-4
Setting up and managing an extended
Extended Directory Catalogs . . . . . . . . . . 24-5
ACL . . . . . . . . . . . . . . . . . ... 25-22
Overview of directory catalog setup . . . . . 24-8
26 Overview of the Domino Mail
Planning directory catalogs . . . . . . . . . . . 24-9 System . . . . . . . . . . . . . . . . . . . . . . 26-1
Directory catalogs and client Messaging overview ............... 26-1
authentication . . . . . .......... 24-9
Supported routing, format, and access
Directory catalogs and Notes mail protocols . . . . . . . . . . . . . . .
.... 26-2
encryption . . . . . . . . . . ...... 24-14
The Domino mail server and mail routing . . 26-5
Picking the server(s) to run the Dircat task . 24-14
Overview of routing mail using Notes
routing . . . . . . . . . . . . . . . . ... 26-17
Contents vii
Overview of routing mail using SMTP ... 26-21 Restricting outbound mail routing . . . . . 28-98
The Domain Name System (DNS) and Mail journaling . . . . . . . . . . . . . . . . . 28-105
SMTP mail routing . . . . . . . . . . . 26-25 Setting inbound and outbound MIME and
27 Setting Up Mail Routing . . . . . 27-1 character set options . . . . . . . . . . 28-115
The Domino mail router . . . . . . . . . . . . . 27-1 29 Setting Up Shared Mail . . . . . . 29-1
Planning a mail routing topology . . . . . . . 27-2 Shared mail overview . . . . . . . . . . . . . . 29-1
Sample mail routing configurations . . . . . 27-9 Setting up shared mail databases . . . . . . . 29-5
Creating a Configuration Settings Managing a shared mail database . . . . . 29-11
document . . . . . . . . . . ....... 27-18
Disabling shared mail . . . . . . . . . . . . . 29-25
Setting up Notes routing ........... 27-20
30 Setting Up the POP3 Service . . 30-1
Configuring Domino to send and receive
mail over SMTP . . . . . . . . . . . . . 27-37 The POP3 service . . . . . . . . . . . . . . . . . 30-1
Setting up how addresses are resolved on Setting up the POP3 service . . . . . . . . . . 30-2
inbound and outbound mail . . . . . 27-42 Setting up POP3 users . . . . . . . . . . . . . . 30-7
Configuring Domino to send mail to a 31 Setting Up the IMAP Service . . 31-1
relay host or firewall . . . . . . .
... 27-58
The IMAP service . . . . . . . . . . . . . . . . . 31-1
Routing mail over transient connections . 27-59
Setting up the IMAP service . . . . . . . . . . 31-4
28 Customizing the Domino Customizing the IMAP service . . . . . . . . 31-5
Mail System . . . . . . . . . . . . . . . . . . 28-1
Setting up IMAP users . . . . . . . . . . . . . 31-22
Customizing mail . . . . . . . . . . . . . . . . . 28-1
IMAP settings in the server NOTES.INI
Controlling messaging . . . . . . . . . . . . . . 28-1 file . . . . . . . . . . . . . . . . . . . . .. 31-39
Improving mail performance . . . . . . . . . . 28-2
32 Setting Up iNotes Web
Controlling message delivery . . . . . . . . . 28-8 Access . . . . . . . . . . . . . . . . . . . . . . 32-1
Setting server mail rules . . . . . . . . . . . . 28-20 iNotes Web Access . . . . . . . . . . . . . . . . 32-1
Customizing message transfer . . . . . . . . 28-26 iNotes Access for Microsoft Outlook . . . . 32-11
Setting transfer limits . . . . . . . . . . . . . 28-33
33 Monitoring Mail . . . . . . . . . . . . 33-1
Setting advanced transfer and delivery
Tools for mail monitoring . . . . . . . . . . . . 33-1
controls . . . . . . . . . . . . . . .
... 28-39
Setting up mail monitoring . . . . . . . . . . . 33-3
Customizing Notes routing . . . . . . . . . . 28-50
Viewing mail usage reports . . . . . . . . . 33-16
Customizing SMTP Routing . . . . . . . . . 28-57
Changing SMTP port settings . . . . . . . . 28-58 34 Setting Up the Domino Web
Server . . . . . . . . . . . . . . . . . . . . . . . 34-1
Restricting SMTP inbound routing . . . . . 28-70
The Domino Web server ............. 34-1
Preventing unauthorized SMTP hosts
from using Domino as a relay .... 28-75 Setting up a Domino server as a Web
server . . . . . . . . . . . . . . . . . . . . . 34-4
Enabling DNS blacklist filters for SMTP
connections . . . . . . . . . . . . . . .. 28-86 Setting up WebDAV . . . . . . . . . . . . . . 34-15
viii Administering the Domino System, Volume 2

Hosting Web sites ................ 34-17 Certificates ..................... 39-2
Web Site rules and global Web settings . . 34-34 Password-protection for Notes and
Domino IDs . . . . . . . . . . . ...... 39-4
Custom Web server messages . . . . . . . . 34-48
Verifying user passwords during
Improving Web server performance . . . . 34-52
authentication . . . . . . . . . . . . . . . 39-8
35 Setting Up Domino to Work ID recovery . . . . . . . . . . . . . . . . . . . . 39-14
with Other Web Servers . . . . . . . . 35-1
Public key security . . . . . . . . . . . . . . . 39-22
Setting up Domino to work with other
Web servers . . . . . . . . . . . . . .... 35-1 Using cross-certificates to access servers
and send secure S/MIME messages . 39-27
36 Setting Up the Web Adding cross-certificates to the Domino
Navigator . . . . . . . . . . . . . . . . . . . . 36-1 Directory or Personal Address Book . 39-29
The Web Navigator . . . . . . . . . . . . . . . . 36-1 40 Controlling User Access to
Setting up a Web Navigator server . . . . . . 36-2 Domino Databases . . . . . . . . . . . . 40-1
Customizing the Web Navigator . . . . . . . 36-6 The database access control list . . . . . . . . 40-1
The Web Navigator database . . . . . . . . . 36-10 Default ACL entries . . . . . . . . . . . . . . . 40-2
Customizing the Web Navigator database . 36-11 Acceptable entries in the ACL . . . . . . . . . 40-4
Configuring a database ACL . . . . . . . . . 40-11
Volume 2
Access levels in the ACL . . . . . . . . . . . 40-13
37 Planning Security . . . . . . . . . . 37-1
Access level privileges in the ACL . . . . . 40-16
Overview of Domino security . . . . . . . . . 37-1
User types in the ACL . . . . . . . . . . . . . 40-19
The Domino security model . . . . . . . . . . 37-5
Roles in the ACL . . . . . . . . . . . . . . . . 40-20
The Domino security team . . . . . . . . . . . 37-8
Managing database ACLs . . . . . . . . . . . 40-22
Security planning checklists . . . . . . . . . 37-11
Using the Administration Process to
38 Controlling Access to update ACLs . . . . . . . . . . . .... 40-23
Domino Servers . . . . . . . . . . . . . . . 38-1 Setting up the Administration Process for
Validation and authentication for Notes database ACLs . . . . . . . . . . . . . . 40-24
and Domino . . . . . . . . . . . . . ... 38-1 Managing database ACLs with the Web
Server access for Notes users, Internet Administrator . . . . . . . . . . . . .. 40-24
users, and Domino servers . . . .... 38-2 Editing entries in multiple ACLs ...... 40-25
Setting up Notes user, Domino server, Enforcing a consistent access control list . 40-28
and Internet user access to a
Domino server . . . . . . . . . . .
. . . . 38-4 Setting up database access for Internet users . 40-30
Customizing access to a Domino server . . . 38-7 Maximum Internet name-and-password

access . . . . . . . . . . . . . . . . . . .. 40-30
Physically securing the Domino server . . 38-23
41 Protecting User Workstations
39 Protecting and Managing with Execution Control Lists . . . . . 41-1
Notes IDs . . . . . . . . . . . . . . . . . . . . 39-1
The execution control list ............ 41-1
Domino server and Notes user IDs ...... 39-1
Contents ix
The administration ECL ............. 41-6 Default Domino SSL trusted roots ..... 46-11
42 Setting Up SSL port configuration ............. 46-14

Name-and-Password and Managing server certificates and
Anonymous Access to Domino certificate requests . . . . ....... 46-20
Servers . . . . . . . . . . . . . . . . . . . . . . 42-1 Authenticating Web SSL clients in
Name-and-password authentication for secondary Domino and LDAP
Internet/intranet clients . . . . . . ... 42-1 directories . . . . . . . . . . . . . .... 46-25
Session-based name-and-password 47 Setting Up Clients for

authentication for Web clients ..... 42-6 S/MIME and SSL . . . . . . . . . . . . . . 47-1
Multi-server session-based SSL and S/MIME for clients .......... 47-1
name-and-password authentication
Setting up Notes and Internet clients for
for Web users (single sign-on) . . .. 42-12
SSL authentication . . . . . . . . .
. . . 47-3
Managing Internet passwords . . . . . . . . 42-24
Internet certificates for SSL and S/MIME . . 47-5
Anonymous Internet/intranet access . . . 42-25
Setting up Notes clients for S/MIME . . . . 47-13
Validation and authentication for
Dual Internet certificates for S/MIME
Internet/intranet clients . . ...... 42-27
encryption and signatures . . .... 47-17
43 Encryption and Electronic Setting up Notes and Internet clients for
Signatures . . . . . . . . . . . . . . . . . . . 43-1 SSL client authentication . . . . . .. 47-18
Encryption ..................... 43-1 Using SSL when setting up directory
Mail encryption . . . . . . . . . . . . . . . . . . 43-4 . . . 47-23
assistance for LDAP directories
Electronic signatures . . . . . . . . . . . . . . . 43-9 48 Rolling Out Databases . . . . . . 48-1

44 Setting Up a Domino Database design, management, and
administration . . . . . . . . . ...... 48-1
Server-Based Certification
Authority . . . . . . . . . . . . . . . . . . . . 44-1 Rolling out a database . . . . . . . . . . . . . . 48-1
Domino server-based certification Copying a new database to a server . . . . . 48-4

authority . . . . . . . . . . . ....... 44-1 Creating a Mail-In Database document for
Setting up a server-based Domino a new database . . . . . . . . . . . . .
.. 48-5
certification authority . . . ....... 44-5 Adding a database to the Domain Index . . 48-7
45 Setting Up a Domino 5 Signing a database or template . . . . . . . . 48-7
Certificate Authority . . . . . . . . . . . 45-1 49 Organizing Databases on a
Using a Domino 5 certificate authority .... 45-1 Server . . . . . . . . . . . . . . . . . . . . . . . 49-1
Setting up a Domino 5 certificate authority . . 45-1 Organizing databases on a server ....... 49-1
46 Setting Up SSL on a Domino 50 Setting Up and Managing
Server . . . . . . . . . . . . . . . . . . . . . . . 46-1 Full-text Indexes . . . . . . . . . . . . . . 50-1
SSL security ..................... 46-1 Full-text indexes for single databases .... 50-1
Setting up SSL on a Domino server . . . . . . 46-2
x Administering the Domino System, Volume 2

51 Setting Up Database 54 Using IBM Tivoli Analyzer
Libraries and Catalogs . . . . . . . . . 51-1 for Lotus Domino . . . . . . . . . . . . . 54-1
Database libraries ................. 51-1 IBM Tivoli Analyzer for Lotus Domino ... 54-1
Creating a database library and assigning Server Health Monitor . . . . . . . . . . . . . . 54-2
librarians . . . . . . . . . . . . . . . ... 51-2
Table of Server Health Monitor statistics . . 54-3
Publishing databases in a library . . . . . . . 51-3
Table of Server Health Monitor ratings . . . 54-5
Database catalogs . . . . . . . . . . . . . . . . . 51-4
Server Health Monitor configuration . . . . . 54-6
Setting up a server’s database catalog . . . . 51-5
Using the Server Health Monitor . . . . . . . 54-8
52 Monitoring the Domino Working with Server Health Monitor
Server . . . . . . . . . . . . . . . . . . . . . . . 52-1 statistics . . . . . . . . . . . . . .
.... 54-13
Monitoring the Domino system . . . . . . . . 52-1 Activity Trends . . . . . . . . . . . . . . . . . 54-17
Monitoring events on the Domino system . . 52-2 Setting up Activity Trends . . . . . . . . . . 54-18
Event generators . . . . . . . . . . . . . . . . . 52-3 Activity Trends server and statistics
Event handlers . . . . . . . . . . . . . . . . . . 52-14 profiles . . . . . . . . . . . . . .
..... 54-22
Viewing an event report . . . . . . . . . . . . 52-20 Resource balancing in Activity Trends . . . 54-26
Viewing event messages, causes, and Setting up resource balancing in Activity

solutions . . . . . . . . . . . . . . .... 52-20 Trends . . . . . . . . . . . . . . . . . . . 54-27
Customizing the appearance of the Understanding resource-balancing

Domino server console and Domino behavior . . . . . . . . . . . . . ..... 54-34
Administrator console . . . . . . . . . 52-21 Analyzing resource-balancing
Statistics and the Domino system . . . . . . 52-24 distributions . . . . . . . ........ 54-37
Platform statistics . . . . . . . . . . . . . . . . 52-26 Domino Change Manager ........... 54-48
Using the Domino Administrator to ACLs for the Domino Change Control
monitor statistics . . . . . . . ..... 52-31 database . . . . . . . . . . . . . . .
... 54-51
Charting statistics . . . . . . . . . . . . . . . . 52-36 Resource-balancing plans ........... 54-53
Domino server monitor . . . . . . . . . . . . 52-40 Setting up plan documents for resource

balancing . . . . . . . . . . . . . . . .. 54-61
Profiles and the Domino server monitor . 52-43
55 Transaction Logging and
53 Using the Domino SNMP Recovery . . . . . . . . . . . . . . . . . . . . 55-1
Agent . . . . . . . . . . . . . . . . . . . . . . . 53-1
Transaction logging ............... 55-1
The Domino SNMP Agent ........... 53-1
How transaction logging works . . . . . . . . 55-3
Configuring the Domino SNMP Agent . . . 53-8
Planning for transaction logging . . . . . . . 55-4
Using the Domino MIB with your SNMP
management station . . . . . . . . . . 53-21 Setting up a Domino server for
transaction logging . . .......... 55-5
Troubleshooting the Domino SNMP
Agent . . . . . . . . . . . . . . . ..... 53-24 Changing transaction logging settings . . . . 55-7
Contents xi
Disabling transaction logging for a 59 Maintaining Domino Servers . . 59-1
specific database . . . . . . . . . . . . . . 55-8
Managing servers . . . . . . . . . . . . . . . . . 59-1
View logging . . . . . . . . . . . . . . . . . . . . 55-9
Decommissioning a Domain Search server . 59-12
Using transaction logging for recovery . . . 55-9
Uninstalling a Domino partitioned server . 59-13
Fault recovery . . . . . . . . . . . . . . . . . . 55-10
60 Improving Server
56 Using Log Files . . . . . . . . . . . . 56-1 Performance . . . . . . . . . . . . . . . . . 60-1
The Domino server log (LOG.NSF) . . . . . . 56-1 Improving Domino server performance ... 60-1
Controlling the size of the log file Tools for measuring server performance .. 60-2
(LOG.NSF) . . . . . . . . . .
....... 56-1
Improving basic server performance and
Logging Domino Web server requests . . . . 56-8 capacity . . . . . . . . . . . . . . . . . .. 60-3
The Domino Web server log Improving partitioned server performance
(DOMLOG.NSF) . . . . . . . . . . . . . . 56-8 and capacity . . . . . . . . . . . . . . . . 60-5
Domino Web server logging to text files . . 56-10 Improving Agent Manager performance .. 60-6
57 Setting Up Activity Logging . . 57-1 Improving database and Domino
Activity logging . . . . . . . . . . . . . . . . . . 57-1 Directory performance . . . . . . . . . . 60-9
The information in the log file . . . . . . . . . 57-1 Tips for tuning mail performance . . . . . . 60-11
Configuring activity logging . . . . . . . . . 57-12 Improving Windows NT and Windows
2000 server performance . . . . . .. 60-13
Viewing activity logging data . . . . . . . . 57-13
Improving UNIX server performance ... 60-14
58 Maintaining Databases . . . . . . 58-1
61 Improving Database
Database maintenance . . . . . . . . . . . . . . 58-1
Performance . . . . . . . . . . . . . . . . . 61-1
The Files tab in the Domino Administrator . . 58-2
Setting advanced database properties .... 61-1
Monitoring replication of a database . . . . . 58-6
Database properties that optimize
Replication or save conflicts . . . . . . . . . . 58-8 database performance . . . . . . . . . . 61-3
Monitoring database activity . . . . . . . . . 58-11 The database cache . . . . . . . . . . . . . . . . 61-9
Updating database indexes and views . . . 58-14 Controlling database size . . . . . . . . . . . 61-12
Managing view indexes . . . . . . . . . . . . 58-23 Tools for monitoring database size . . . . . 61-13
Synchronizing databases with master Monitoring database size . . . . . . . . . . . 61-13
templates . . . . . . . . . . . . . .... 58-24
Compacting databases . . . . . . . . . . . . . 61-13
Fixing corrupted databases . . . . . . . . . . 58-25
Ways to compact databases . . . . . . . . . . 61-16
Using Fixup . . . . . . . . . . . . . . . . . . . 58-26
Database size quotas . . . . . . . . . . . . . . 61-23
Moving databases . . . . . . . . . . . . . . . . 58-33
Deleting inactive documents . . . . . . . . . 61-25
Deleting databases . . . . . . . . . . . . . . . 58-36
Using an agent to delete and archive
Database analysis . . . . . . . . . . . . . . . . 58-37 documents . . . . . . . . . . . . .... 61-27
Allowing more fields in a database ..... 61-29
xii Administering the Domino System, Volume 2

62 Using Server.Load . . . . . . . . . . 62-1 Partitioned servers — Troubleshooting .. 63-78
Server.Load ..................... 62-1 Passthru connections — Troubleshooting . 63-79
Server.Load agents . . . . . . . . . . . . . . . . 62-4 Replication — Troubleshooting . . . . . . . 63-80
Server.Load metrics . . . . . . . . . . . . . . . 62-7 You see the message “Database is not
fully initialized yet” . . . . . .
. . . . 63-89
Setting up clients and servers for
Server.Load . . . . . . . . . . . . . . . . 62-12 Server access — Troubleshooting . . . . . . 63-91
Idle Workload script . . . . . . . . . . . . . . 62-14 Server crashes — Troubleshooting . . . . . 63-96
R5 IMAP Workload test . . . . . . . . . . . . 62-15 Transaction logging — Troubleshooting . 63-102
R5 Simple Mail Routing test . . . . . . . . . 62-20 Web server, Web Navigator, and the Web
Administrator — Troubleshooting . 63-104
R5 Shared Database test . . . . . . . . . . . . 62-24
Server.Load — Troubleshooting . . . . . . . 63-110
SMTP and POP3 Workload test . . . . . . . 62-26
Web Idle Workload test . . . . . . . . . . . . 62-30
Appendix A Server Commands . . A-1
Web Mail test . . . . . . . . . . . . . . . . . . 62-31 Appendix B Server Tasks . . . . . . . B-1
63 Troubleshooting . . . . . . . . . . . 63-1 Appendix C NOTES.INI File . . . . . C-1
Troubleshooting the Domino system . . . . . 63-1 Appendix D System and
Troubleshooting tools . . . . . . . . . . . . . . 63-2 Application Templates . . . . . . . . . D-1
Overview of server maintenance . . . . . . . 63-6 Appendix E Customizing the
Server maintenance checklist . . . . . . . . . . 63-6 Domino Directory . . . . . . . . . . . . . . E-1
Backing up the Domino server . . . . . . . . . 63-7 Appendix F Administration
Administration Process —
Process Requests . . . . . . . . . . . . . . F-1
Troubleshooting . . ............ 63-8 Appendix G Novell Directory
Agent Manager and agents — Service for the IPX/SPX Network . . G-1
Troubleshooting . . . . ......... 63-12
Appendix H Accessibility and
Database performance — Troubleshooting . 63-16 Keyboard Shortcuts in Domino
Directories — Troubleshooting . . . . . . . 63-21 Administrator . . . . . . . . . . . . . . . . . H-1
Mail routing — Troubleshooting . . . . . . 63-36 Appendix I Server.Load
Meeting and resource scheduling — Command Language . . . . . . . . . . . . I-1
Troubleshooting . . . . . . . . . .... 63-45
Appendix J Server.Load Scripts . . . J-1
Modems and remote connections —
Troubleshooting . . . . . . . . ..... 63-48 Index . . . . . . . . . . . . . . . . . . . . . . Index-1
Platform statistics — Troubleshooting . . . 63-52
Network connections over NRPC —
Troubleshooting . . . . . . . . . .... 63-55
Network dialup connections —
Troubleshooting . . . . . ........ 63-74
Contents xiii
Preface
The documentation for IBM Lotus Notes, IBM Lotus Domino, and IBM
Lotus Domino Designer is available online in Help databases and, with the
exception of the Notes client documentation, in print format.
License information
Any information or reference related to license terms in this document is
provided to you for your information. However, your use of Notes and
Domino, and any other IBM program referenced in this document, is solely
subject to the terms and conditions of the IBM International Program
License Agreement (IPLA) and related License Information (LI) document
accompanying each such program. You may not rely on this document
should there be any questions concerning your right to use Notes and
Domino. Please refer to the IPLA and LI for Notes and Domino that is
located in the file LICENSE.TXT.
System requirements
Information about the system requirements for Lotus Notes and Domino is
listed in the Release Notes.
Printed documentation and PDF files

The same documentation for Domino and Domino Designer that is avail-
able in online Help is also available in printed books and PDF files.
You can order printed books from the IBM Publications Center at
www.ibm.com/shop/publications/order.
You can download PDF files from the IBM Publications Center and from
the Documentation Library at the Lotus Developer Domain at
www-10.lotus.com/ldd.
Related information
In addition to the documentation that is available with the product, other
information about Notes and Domino is available on the Web sites listed
here.
• IBM Redbooks are available at www.redbooks.ibm.com.
xv
• A technical journal, discussion forums, demos, and other information is
available on the Lotus Developer Domain site at
www-10.lotus.com/ldd.
Table of conventions
This table lists conventions used in the Notes and Domino documentation.
Convention Description
italics Variables and book titles are shown in italic type.
monospaced type Code examples and console commands are
shown in monospaced type.
file names File names are shown in uppercase, for example
NAMES.NSF.
hyphens in menu names Hyphens are used between menu names, to show
(File - Database - Open) the sequence of menus.
Structure of Notes and Domino documentation

This section describes the documentation for Notes, Domino, and Domino
Designer. The online Help databases are available with the software
products. Print documentation can be downloaded from the Web or
purchased separately.
Release Notes
The Release Notes describe new features and enhancements, platform
requirements, known issues, and documentation updates for Lotus Notes 6,
Lotus Domino 6, and Lotus Domino Designer 6. The Release Notes are
available online in the Release Notes database (README.NSF). You can
also download them as a PDF file.
Documentation for the Notes client

The Lotus Notes 6 Help database (HELP6_CLIENT.NSF) contains the
documentation for Notes users. This database describes user tasks such as
sending mail, using the Personal Address Book, using the Calendar and
Scheduling features, using the To Do list, and searching for information.
Documentation for Domino administration

The following table describes the books that comprise the Domino Admin-
istration documentation set. The information in these books is also found
online in the Lotus Domino Administrator 6 Help database
(HELP6_ADMIN.NSF).
The book Installing Domino Servers ships with Domino. The other books are
available for purchase, or for free download as PDF files.
xvi Administering the Domino System, Volume 2

Title Description
Upgrade Guide Describes how to upgrade existing Domino servers and
Notes clients to Notes and Domino 6. Also describes how
to move users from other messaging and directory
systems to Notes and Domino 6.
Installing Domino Describes how to plan a Domino installation; how to
Servers configure Domino to work with network protocols such
as Novell SPX, TCP/IP, and NetBIOS; how to install
servers; and how to install and begin using Domino
Administrator and the Web Administrator.
Administering the Describes how to register and manage users and groups,
Domino System, and how to register and manage servers including
Volumes 1 and 2 managing directories, connections, mail, replication,
security, calendars and scheduling, activity logging,
databases, and system monitoring. This book also
describes how to use Domino in a service provider
environment, how to use Domino Off-Line Services, and
how to use IBM Tivoli Analyzer for Lotus Domino.
Administering Domino Describes how to set up, manage, and troubleshoot
Clusters Domino clusters.
Documentation for Domino Designer

The following table describes the books that comprise the Domino Designer
documentation set. The information in these books is also found online in
the Lotus Domino Designer 6 Help database (HELP6_DESIGNER.NSF)
with one exception: Domino Enterprise Connection Services (DECS) Installation
and User Guide is available online in a separate database, DECS User Guide
Template (DECSDOC6.NSF). The printed documentation set also includes
Domino Objects posters.
In addition to the books listed here, the Domino Designer Templates Guide is
available for download in NSF or PDF format. This guide presents an
in-depth look at three commonly used Designer templates: TeamRoom,
Discussion, and Documentation Library.
Title Description
Application Development with Explains how to create all the design elements
Domino Designer used in building Domino applications, how to
share information with other applications, and
how to customize and manage applications.
Domino Designer Programming Introduces programming in Domino Designer and
Guide, describes the formula language.
Volume 1: Overview and
Formula Language
continued
Preface xvii
Title Description
Domino Designer Programming Describes the LotusScript/COM/OLE classes for
Guide, access to databases and other Domino structures.
Volumes 2A and 2B:
LotusScript/COM/OLE Classes
Domino Designer Programming Provides reference information on using the Java
Guide, and CORBA classes to provide access to databases
Volume 3: Java/CORBA Classes and other Domino structures.
Domino Designer Programming Describes the XML and JSP interfaces for access to
Guide, databases and other Domino structures.
Volume 4: XML Domino DTD
and JSP Tags
LotusScript Language Guide Describes the LotusScript programming language.
Domino Enterprise Connection Describes how to use Domino Enterprise
Services (DECS) Installation Connection Services (DECS) to access enterprise
and User Guide data in real time.
Lotus Connectors and Describes how to configure Lotus Connectors for
Connectivity Guide use with either DECS or IBM Lotus Enterprise
Integrator for Domino (LEI). It also describes how
to test connectivity between DECS or LEI and an
external system, such as DB2, Oracle, or Sybase.
Lastly, it describes usage and feature options for
all of the base connection types that are supplied
with LEI and DECS. This online documentation
file name is LCCON6.NSF.
Lotus Connector LotusScript Describes how to use the LC LSX to
Extensions Guide programmatically perform Lotus
Connector-related tasks outside of, or in
conjunction with, either LEI or DECS. This online
documentation file name is LSXLC6.NSF.
IBM Lotus Enterprise Describes installation, configuration, and
Integrator for Domino (LEI) migration information and instructions for LEI.
Installation Guide The online documentation file names are
LEIIG.NSF and LEIIG.PDF. This document is for
LEI customers only and is supplied with LEI, not
with Domino.
IBM Lotus Enterprise Provides information and instructions for using
Integrator for Domino (LEI) LEI and its activities. The online documentation
Activities and User Guide file names are LEIDOC.NSF and LEIDOC.PDF.
This document is for LEI customers only and is
supplied with LEI, not with Domino.
xviii Administering the Domino System, Volume 2

Security
Chapter 37
Planning Security
This chapter includes information you need to know before setting up

security and provides lists to help you plan security at your organization.
Overview of Domino security

Setting up security for your organization is a critical task. Your security
infrastructure is critical for protecting your organization’s Domino
resources and assets. As an administrator, you need to give careful
consideration to your organization’s security requirements before you set
up any Domino servers or Notes users. Upfront planning pays off later in
minimizing the risks of compromised security.
Use the following tasks to guide you through your security planning:
• Know the business.
• Identify assets and threats (risk analysis).
• Develop strategies to protect your computing environment.
• Develop incident-handling procedures.
• Plan and deliver employee training.
• Keep processes current.
Know the business

This is the process of understanding your organization’s business
requirements and the service levels that need to be met. Identify all of the
components of the business, including those that are not your direct
responsibility. Include new acquisitions and any recent spin-offs. As part
of this process, identify the trusted network and the non-trusted
network. In some cases an extranet may be an extension of a trusted
network.
37-1
Once you have an understanding of the business requirements, you can
then begin to plan the specifics of your Domino infrastructure, including:
• Will more than one Domino domain be needed, or will the new
domain need to interact with existing domains?
• What is the best method to expose Domino data to the Internet?
• What service levels are needed to support the business?
• Who should have what level of access to the Domino Directory?
Identify assets and threats (risk analysis)

Identify the value of the assets you are trying to protect. Applications in
your organization have different values. For example, in most
organizations, the availability of the e-mail infrastructure is essential to
business, but instant availability of all previous e-mails is less important.
Then identify the threats from an internal as well as external perspective.
Make sure you understand the potential loss to your organization in the
event that any one of the threats is successful. Finally, determine the
probability of the threat. For example, an automated attack from a
compromised system is a near certainty, a server room failure from water
damage is a distinct possibility, while the theft of a server’s hard drive
from the data center is usually not likely.
There are many different types of threats to any computing
infrastructure:
• Environmental destruction
• Automated attacks or hackers on the Internet
• Automated attacks from compromised systems in your intranet
• Interfaces with less secure systems
• Mistakes made by untrained or poorly trained users and
administrators
• Data interception or alteration for criminal profit
• Malicious activity by former employees
You should also understand the Domino security model, in order to
better understand the Domino assets you need to protect and how they
can be protected. For more information, see the topic “The Domino
security model” later in this chapter.
37-2 Administering the Domino System, Volume 2

Security
Develop strategies to protect your computing environment
Once you understand the potential threats to your Domino environment,
you can create policies to protect each part of your Domino computing
infrastructure. This may include developing policies for the following
areas:
• Limits on physical access to your servers
• Network access and protection
• Messaging infrastructure, through the use of execution control lists
and anti-virus products
• Application security, through encryption and ACL management
• Encryption key management, including ID recovery
• Change control, through the use of the Domino Change Manager (or
you can build your own)
• User training for organizational security rules and technology
• Security incident reporting
For more information on change control, see the chapter “Using IBM
Tivoli Analyzer for Lotus Domino.”
Develop incident handling procedures

An incident is an unplanned and unexpected event that requires
immediate action to prevent a loss of business, assets, or public
confidence. All security plans must have an incident handling
component, as well as a feedback component for how incidents have
been handled. Feedback helps to keep security plans and policies current.
Note One of the best documents that describes the importance of
incident handling is the National Institute of Standards and Technology’s
Contingency Planning Guide for Information Technology Systems (NIST
Special Publication 800-34).
Incident handling includes:
• Incident reporting plans and methods
• Response procedures for each incident type
• Incident response tests
Planning Security 37-3

Once you have your incident-handling plans in place, you will be better
able to determine your requirements for:
• Domino logging
• Domino HTTP logging
• Domino backup and restoring
• Parameters for Domino event monitoring
For more information on the Domino server and Web server logs, see the
chapter “Using Log Files.”
For information on backing up Domino, see the chapter “Troubleshooting.”
For more information on event monitoring, see the chapter “Monitoring
the Domino Server.”
Plan and deliver employee training

Make sure that your users know that security is everyone’s
responsibility. Based on your business needs, your should train your
users on:
• Domino security basics
• Notes IDs and how to them
• Notes Execution Control Lists and Execution Security Alerts
• Use of encryption and how to encrypt a mail message
• Who to call in the event of a problem or a security incident
Note The National Institute of Standards and Technology published a
document about the relationship among security awareness, training,
and education, titled Information Technology Security Training
Requirements: A Role- and Performance-Based Model (NIST Special
Publication 800-16).
Keep processes current

This step is normally the most difficult, but is as critical as any of the
other steps. Take the time to establish a program that will review security
processes and procedures on a regular basis. Be sure to link the review to
employee training. If changes are made, then employee training may
need to be updated.

Security
The Domino security model
The Domino security model is based on the premise of protecting
resources, such as the Domino server itself, databases, workstation data,
and documents. The resources, or objects, that are being protected are set
up to define the rights of users to access and change the object.
Information about access rights and privileges are stored with each
protected resource. Thus, a given user or server may have different sets
of access rights, depending on the resources to which that user or server
requires access.
The following includes brief descriptions of the various resources that
you need to protect in a Domino environment. Some of the topics are not
specific to Domino security, but are included here in the interest of
thoroughness.
Physical security
Physically securing servers and databases is equally as important as
preventing unauthorized user and server access. It is the first line of
defense against unauthorized or malicious users, by preventing them
from having direct access to your Domino servers. Therefore, we
strongly recommend that you locate all Domino servers in a ventilated,
secure area, such as a locked room. If servers are not physically secure,
unauthorized users might circumvent security features — for example,
ACL settings — and access applications directly on the server, use the
operating system to copy or delete files, or physically damage the server
hardware itself.
Physical network security concerns should also include disaster planning
and recovery.
Operating system security

Unauthorized or malicious users often take advantage of operating
system vulnerabilities. As a system administrator, you should safeguard
the operating system on which your Domino server runs. For example,
you should limit administrator login/rights, disable FTP (on NT), and
avoid the use of mapped directory links to file servers or shared NAS
server for Domino servers. Stay informed about your operating system of
choice, and keep current with security updates and patches.

Network security
The goal for securing your network is to prevent unauthorized users
from gaining access to servers, users, and data. Physical network security
is beyond the scope of this book, but you must set it up before you set up
Notes and Domino connection security. Physical network security is
established through the use of devices — such as filtering routers,
firewalls, and proxy servers — that enable network connections for
various network services (such as LDAP, POP3, FTP, and STMP) that
you want to provide for your users. Network connection security access
is also controlled using these devices, as you can define what connections
can be accessed, and who is authorized to used them.
Properly configured, these devices prevent unauthorized users from:
• Breaking through into the network and accessing the server via the
operating system and its native services (such as file sharing).
• Impersonating an authorized Notes user
• Eavesdropping on the network to collect data
Server security
The Domino server is the most critical resource to secure and is the first
level of security that Domino enforces after a user or server gains access
to the server on the network. You can specify which users and servers
have access to the server and restrict activities on the server — for
example, you can restrict who can create new replicas and use passthru
connections.
You can also restrict and define administrator access, by delegating
access based on the administrator duties and tasks. For example, you can
enable access to operating system commands through the server console
for system administrators, and grant database access to those
administrators who are responsible for maintaining Domino databases.
If you set up servers for Internet/intranet access, you should set up SSL
and name-and-password authentication to secure network data
transmitted over the network and to authenticate servers and clients.
For more information, see the topic “Server security” later in this chapter.
ID security
A Notes or Domino ID uniquely identifies a user or server. Domino uses
the information contained in IDs to control the access that users and
servers have to other servers and applications. One of the responsibilities
of the administrator is to protect IDs and make sure that unauthorized
users do not use them to gain access to the Domino environment.

Security
Some sites may require multiple administrators to enter passwords before
gaining access to a certifier or server ID file. This prevents one person
from controlling an ID. In such cases, each administrator should ensure
each password is secure to prevent unauthorized access to the ID file.
For more information, see the topic “Notes and Domino ID security”
later in this chapter.
You can also secure Notes user IDs with Smartcards. Smartcards reduce
the threat of user ID theft, as a user who has a Smartcard needs their user
ID, their Smartcard, and their Smartcard PIN to access Notes.
For more information on Smartcards, see Lotus Notes 6 Help.
Application security
Once users and servers gain access to a Domino server, you can use the
database access control list (ACL) to restrict access that specific users and
servers have to individual Domino applications on the server. In
addition, to provide data privacy, encrypt the database with an ID so
unauthorized users cannot access a locally stored copy of the database,
sign or encrypt mail messages users send and receive, and sign the
database or template to protect workstations from formulas.
For more information on database ACLs, see the topic “Application
security” later in this chapter.
Application design element security

Although users may have access to an application, they may not have
access to specific design elements in the application — for example,
forms, views, and folders. When designing a Domino application, an
application developer can use access lists and special fields to restrict
access to specific design elements.
For more information on securing design elements, see the topic
“Application design element security” later in this chapter.
Workstation data security

Notes users may keep and use important applications and information
on their workstations. This information can be protected through the use
of an execution control lists (ECL), which defines the access that active
content from other users has to the user workstation.
For more information on execution control lists, see the topic
“Workstation data security” later in this chapter.

The Domino security team
Every organization should have a security team that is responsible for
building, implementing, and managing the security infrastructure. The
team provides central security focus, so that everyone is looking at the
problems and solutions in the same way. However, departments in your
organization also need to be involved in developing the questions and
the answers for implementation of your Domino security system.
Getting started
You need to develop a set of security documentation for your
organization. There are four basic types of security documents needed
for any security implementation:
• Policies are the driving documents for the business. These are
typically high level statements about the security needs of the
business. Your organization probably already has policy documents
for the organization as a whole. You build and, if necessary, expand
on these to develop the security policies for your Domino
environment.
• Guidelines provide overall guidance on how to support and
maintain security in the enterprise.
• Standards are established rules on what will and will not happen in
an enterprise. Audits may cover all four types of documents, but the
auditor will really focus on the standards set down by a company.
Standards typically cover things like minimum password strength,
password expiration intervals, server operating systems and physical
environments, Internet and dial-in access controls, background
checks for administrators, and auditing requirements.
• Procedures typically include specific steps on how to implement
security within an enterprise. This will be the bulk of your Domino
security documentation, covering everything from how to control
Domino and X.509 certifiers to what to do when users have forgotten
their Notes or Internet passwords to what steps to take when an
employee leaves an organization. Procedures are developed after the
security framework is in place.
The Domino security team is responsible for initial direction, feedback,
and auditing of these documents. The team must include representatives
from each department within the enterprise. With this approach, the
security documents created will meet the needs of the entire company.
This has the added benefit of creating buy-in from the participating
departments.

Security
Most companies will have a matrix of responsibility similar to the one
below:
Role Responsibility
CEO The CEO needs to be a virtual member of the team.
Security must flow from the both the top-down and
the bottom-up.
CIO / CTO All technology officers need to be members of the
team. It is appropriate for these members to
delegate their role to someone else, as long as the
delegate has the authority to make decisions.
Security officer This person will be the driver of security in the
organization.
Representatives from each These representatives specify business needs and
functional department requirements. They must have decision-making
authority.
Accounting They will provide the information for risk analysis.
IT Department These team members can translate business needs
and requirements into technology.
HR / Training HR needs to assist with user training. HR is also
involved with background checks, privacy of
personal information, and termination policies and
procedures.
Legal These team members provide information on the
legal implications of anything to do with
employees, risk management, or publication of
information.
Documentation experts/ This group creates and edits the documents.
technical writers
Incident Response Team This team will handle incidents that are not covered
by implemented security practices.
Communication specialists Communication to the end users about security is
critical.
Domino administrators Provide expertise on the Domino computing
environment.
Leveraging end users

Your users are a critical part of your security implementation. You
should communicate to them the importance of your security planning
efforts, as well as security guidelines and standards that you develop.
Technology alone cannot keep your organization secure. Your users are
as important as any firewall or certificate authority in ensuring the
success of your security infrastructure.

One way to involve users in security planning is to conduct a survey to
determine the level of enterprise security that users expect, as well as the
assets they feel should be protected. An anonymous survey is a good
way to discover security issues that users may not be willing to express
openly.
Note The most respected and commonly used standard source for
security policies and procedures is the ISO17799 standard. The National
Institute for Standards and Technology has multiple guidelines for
developing security policies, standards, and procedures, including
information about ISO I7799.
The core team

Once the framework is built, implement the core security team, which
should include the following people:
Server administrators
Server administrators are responsible for managing the overall health
and well-being of Domino servers. A major responsibility of a server
administrator includes defining and managing server access lists and
server restrictions, both for Notes clients and Web users. In large
organizations, administration duties may be delegated among several
server administrators. In small organizations, a server administrator
might serve as the Domino certification administrator and the database
manager for system databases, such as the Domino Directory and the log
file (LOG.NSF). A server administrator might also be responsible for
creating and maintaining File Protection documents for HTTP access and
implementing other Web-related security measures.
It is a best practice to separate Domino server administration from
operating system server administration, if your organization’s IT
structure allows this.
You can define several levels of administrator for your organization,
depending on the access required to various administration resources.
For example, you can set up an administrator for remote console access
only, or for system administration access only. These levels of
administrative access are defined in the Server document on the Domino
server.
For more information on setting up administrator access to a Domino
server, see the chapter “Controlling Access to Domino Servers.”

Security
Database managers
Database managers are responsible for one or more Lotus Notes
databases or database applications. A major responsibility of a database
manager includes managing database access control lists (ACLs). Some
organizations will use the concept of a database owner for management
of sensitive data.
Certificate authority administrators

Certificate authority administrators create and manage Domino
server-based certification authorities and Domino 5 certificate
authorities. They have access to all certifier ID files. For the server-based
certification authority, CA administrators can delegate user registration
and certificate approval to registration authorities. Otherwise, they are
responsible for approving and issuing Internet server and client
certificates. Since certification is the cornerstone of Notes and Domino
security, delegate responsibility for it with the utmost care.
For more information on the server-based certification authority, see the
chapter “Setting Up a Domino Server-Based Certification Authority.”
Registration authority administrators

The registration authority role is new for Domino 6 and is unique to the
server-based certification authority. A registration authority can register
new Notes users and Domino servers without requiring access to the
certifier ID and password. Registration authorities can also recertifiy
users and, for Internet certifiers, approve client certificate requests and
revoke certificates.
For more information on the registration authority role, see the chapter
“Setting Up a Domino Server-Based Certification Authority.”
Security planning checklists

An important aspect of planning security for your Domino environment
is understanding the tasks and features involved with securing each type
of resource.
• Server security
• Application security
• Application design element security
• Notes and Domino ID security
• Workstation security

Server security
To secure Domino servers, you allow and prevent user and server access.
In addition, you restrict the activities that users and servers may perform
on the server.
Task Use
Choose an internal or Set up a certifier that will be used to issue Internet
external Internet certificates in your organization.
certificate authority
Cross-certify Notes Allow Notes users and Domino servers in different
user IDs and Domino hierarchically certified organizations to ascertain the
server and certifier IDs identity of users and servers in other Notes
organizations.
Allow or deny access to Specify which Notes users, Internet clients, and
a server Domino servers are authorized to access the server.
Allow anonymous Give server access to Notes users and Domino servers
server access outside of the organization without issuing a
cross-certificate.
Allow anonymous Determine whether Internet/intranet users are
Internet/Intranet client allowed to access the server anonymously.
access
Secure the server with Identify Internet and intranet users accessing the
name-and-password server and control access to applications based on the
authentication user name.
Enable session-based Allow Web browser clients to authenticate and
authentication maintain state with the server by using cookies. using
session-based name-and-password authentication.
Session-based authentication lets administrators
provide a customized sign-in form and configure
session expiration to log users off the server after a
specified period of inactivity. Also provides capability
for single single-on between Domino and WebSphere
servers, using the same cookie.
Controlling the level of Specify the level of refinement that the server should
authentication for Web use when searching for names and authenticating
clients Web users.
Limit access to create Allow specified Notes users and Domino servers to
new databases, create databases and replica databases on the server.
replicas, or templates Limiting this access avoids a proliferation of databases
and replicas on the server.
Control access to a Allow specified Notes users and Domino servers to
server’s network port access the server over a port.
continued

Security
Task Use
Encrypt server’s Encrypt data sent from the server’s network port to
network port prevent network eavesdropping.
Password protect the Prevent unauthorized users from entering commands
server console at the server console.
Restrict administrator Assign different types of administrator access to
access individuals based on the tasks they need to do on the
Domino server.
Restrict server agents Specify which Notes users and Domino servers are
allowed to run which kinds of agents on the server.
Restrict passthru access Specify which Notes users and Domino servers can
access the server as a passthru server and specify the
destinations they may access.
Restrict server access Specify which Web browser users can use Domino
by browser users ORBs to run Java or JavaScript programs on the
running Java or server.
JavaScript programs
Secure the server with Set up SSL security for Internet/intranet users to
SSL authenticate the server, encrypt data, prevent message
tampering, and, optionally, authenticate clients. This
is mandatory for e-commerce and secure
business-to-business messaging.
Set mail router Restrict mail routing based on Domino domains,
restrictions organizations, and organizational units.
Set inbound SMTP Restrict inbound mail to prevent Domino from
restrictions accepting unwanted commercial e-mail.
Use S/MIME Use S/MIME to encrypt outgoing mail. This is often
mandatory for secure business-to-business messaging.
Prevent relaying Enhance SMTP router security.
through MTA
Use file protection Specify who can access files — for example, HTML,
documents GIF, or JPEG — on a server’s hard drive.
Authenticate Internet Authenticate Web clients who use
clients using a name-and-password or SSL client authentication in
secondary Domino secondary Domino or LDAP Directories marked as
Directory or LDAP “trusted” by your domain.
directory
Authenticate Web Allow Web users to access a certain drive, directory,
clients for a specific or file on a Domino server and prevent Domino from
realm prompting users for a name-and-password for
different realms.
continued

Task Use
Locate the server in a Prevent unauthorized access to unencrypted data and
secure area server and certifier IDs that are stored on the server’s
hard drive.
Secure the server Prevent unauthorized access to the server console by
console with a requiring the use of a Smartcard to log in to Domino.
Smartcard
Use a firewall to protect Control unauthorized access to a private network
access to a server from the public Internet.
For more information on securing Domino servers, see the chapter

“Controlling Access to Domino Servers.”
Application security
Restrict access to Domino applications to prevent unauthorized users
from gaining access to information.
Task Use
Use the ACL to restrict Control Notes and Internet/intranet user
application access and Domino server access to an application.
Enforce a consistent ACL Protects databases and templates on the
server by forcing all changes to the ACL at a
single location.
Encrypt applications Prevent unauthorized users from accessing
an application locally on a server or
workstation.
Sign an application or template Identify the creator of an application or
template. When a user accesses the
application, the signature is checked to
determined whether the action is allowed.
For example, on a Domino server the Agent
Manager verifies the signature of an agent
and checks whether the signer has the rights
to perform the action. On a Notes client, the
signature is checked against the signer’s
rights in the workstation ECL.
Encrypt incoming and outgoing Ensure that only the intended recipient can
Notes mail read mail.
Electronically sign mail messages Verify that the person who sends the
message is the author and that no one has
tampered with the data.
For more information on securing Domino applications, see the chapter

“Controlling User Access to Databases.”

Security
For more information on securing Notes mail, see the chapter
“Encryption and Electronic Signatures.”
Application design element security

An application developer can further restrict access to design elements
within an application using the Domino Designer. Application design
security takes effect once users gain access to an application.
Task Use
Create Read access lists for views Specify which Notes and Internet/intranet
users can see a view
Create Read and Edit access lists Specify which Notes and Internet/intranet
for folders users can see a folder or update the
contents of a folder
for forms users can create, modify, or read
documents created with a form
Create Readers and Authors fields Specify which Notes and Internet/intranet
users can create, modify, or read specified
documents
Create signed fields Verify that the Notes user who originated
the data is the author and that no one has
tampered with the data
Create encrypted fields Control which Notes users can access a
field in a form
Create hidden fields Control which Notes and Internet/intranet
users can access a field in a form
for sections users can access a section in a document
For more information on securing application design elements, see the

book Application Development with Domino Designer.

Notes and Domino ID security
To prevent unauthorized access to servers and applications, secure Notes
and Domino IDs. These tasks apply only to Notes users and Domino
servers.
Task Use
Require a password for all Prevent an unauthorized user from using an
user and server IDs illicitly obtained ID to authenticate with a server
Enforce password quality Prevent unauthorized users from guessing
testing for IDs passwords
Assign multiple passwords Require multiple users to enter passwords before
to server and certifier IDs gaining access to the ID file to prevent one
person from controlling a server or certifier ID
Compare a password with Prevent an unauthorized user from using an
the password stored in the illicitly obtained ID to authenticate with a server
Domino Directory and
require users to change their
passwords periodically
Compare a Domino public Prevent an unauthorized user from using an
key with the public key illicitly obtained ID to authenticate with a server
stored in the Domino
Directory
Recover lost or damaged IDs Regain access to a user ID file instead of issuing
a new ID
Set up a security settings Manage Notes and Internet password properties,
policy document such as password synchronization and
expiration settings, on an organizational level
Lock the user ID after x Automatically log off servers to prevent an
minutes of inactivity unauthorized user from using the workstation
Use F5 to log off Immediately log off servers to prevent an
unauthorized user from using the workstation
Save user IDs on a disk Physically protect user IDs
instead of on the workstation
and keep disks in a safe
place
Locate workstations in a Prevent unauthorized access to the ID files
secure area — for example, a
locked room
Install Smartcard readers on Physically protect user IDs and private Internet
user workstations and have keys
users log in to Notes with
Smartcards

Security
For more information on execution control lists, see the chapter
“Protecting and Managing Notes IDs.”
Workstation data security

To prevent unauthorized access to user workstation information and
applications, secure Notes user workstations.
Task Use
Configure the Administration ECL Prevent unauthorized users from gaining
and deploy to client workstations. access to data and applications on client
workstations, by defining authorized users
and authorized actions
Set up a security settings policy Use security settings policy documents to:
document • Set up and configure one or more
administration ECLs
• Specify how and when you want
workstation ECLs to be refreshed or
replaced
Encourage users to use operating Discourage unauthorized workstation
system and screen saver passwords access
Encourage users to shut off Discourage unauthorized workstation
workstations before leaving access
For more information on execution control lists, see the chapter

“Protecting User Workstations with Execution Control Lists.”
Security policies
Domino policies are a way of distributing administrative settings,
standards, and configurations to users, groups, or entire organizations. A
policy is a collection of administrative settings that addresses an
administrative area, such as security. You then use this document to
establish and enforce administrative standards, and to distribute them
throughout the organization. In addition, you can easily modify and
maintain standards across an organization by simply editing a settings
document.
You can set up a security settings document to manage and deploy
execution control lists (ECLs) and Notes and Internet password settings
and synchronization. As these two areas of security are user-specific and
are frequently changed by users, you can use a security policy to enforce
settings for these areas across the organization, and control the extent to
which users can adjust or change these settings.
For more information, see the chapter “Using Policies.”

Setting up an Internet certificate authority
A critical area in security planning is determining whether and how to
set up a certificate authority to issue Internet certificates. A certificate
authority (CA), or certifier, is a trusted administration tool that issues
and maintains digital certificates. Certificates verify the identity of an
individual, a server, or an organization, and allow them to use SSL to
communicate and to use S/MIME to exchange mail. Certificates are
stamped with the certifier’s digital signature, which assures the
recipients of the certificate that the bearer of the certificate is the entity
named in the certificate.
Certifiers can also issue trusted root certificates, which allow clients and
servers with certificates created by different CAs to communicate with
one another.
Note It’s important to distinguish between Notes certifiers and Internet
certifiers. When you install and set up the first Domino server in a
domain, a Notes certifier is automatically set up to issue Notes
certificates to Notes clients. These certificates are essential for Notes
clients to authenticate with a Domino server and for Domino servers to
authenticate one another. Hence Notes certifiers are important even in an
environment with all Web clients. An Internet certifier, such as those
discussed here, issues Internet (X.509) certificates, which are required for
secure communication over the Internet. You set up Internet certifiers on
an as-needed basis.
Choosing the right Internet certifier for your organization

You have several options for setting up an Internet certifier for your
organization (for the rest of this topic, all references to certifier mean
“Internet” certifier). You can use a third-party commercial certifier, such
as VeriSign, or you can use one of the two types of Domino Internet
certifiers. There are advantages and disadvantages involved with each
type of certifier; the choice you make should be determined by business
requirements of your organization, as well as the time and resources
available for managing the certifier.

Security
Internet certifiers: Domino vs. third-party
Domino certifier • Avoid the expenses that a third-party certifier charges
to issue and renew client and server certificates.
• Many administrators are already familiar with
Domino, they will not require additional training that
would be needed to use a third-party certifier.
• Easier and quicker to set up and deploy new
certificates as needed.
Third-party certifier • Can simplify client configuration. If you get certificates
(VeriSign, RSA, etc.) from a certifier that is pre-configured as trusted by the
browsers you use, it saves a step in client
configuration.
• Similarly, if the certifier is pre-configured as trusted in
the mail clients of the external businesses with which
you are exchanging S/MIME mail, it will save them a
configuration step.
Domino Internet certifiers: server-based certification authority vs.

Domino 5 certificate authority
You can choose to set up a Domino certification authority that uses the
server-based CA process, or a Domino 5 certificate authority, which uses
a CA key ring.
Server-based • Administrators can manage both Notes and Internet

certification certifiers through the CA process.
authority • Issues Internet certificates that are compliant with
security industry standards (such as X.509v3 and
PKIX).
• Does not require administrator access to the certifier
ID and ID password in order to register users and
servers. This allows administrators to delegate these
tasks without potentially compromising the certifier.
• Supports the PKIX registration authority (RA) role,
which allows administrators to delegate the certificate
approval/denial process.
• Issues certificate revocation lists (CRLs), which
contain information about revoked or expired Internet
certificates.
• Required if you plan to use the Web Administrator
client to register Notes users.
Domino 5 certificate • Provides a simple means by which to set up an
authority Internet certifier for testing or demonstration
purposes.

Using both types of Domino Internet CAs in a domain
It is possible to have both types of certifiers — CA process and CA key
ring — in a domain. However, you must be careful not to have one
certifier that uses both a key ring and the CA process to issue Internet
certificates. A CA process-enabled certifier tracks the certificates that it
issues in an Issued Certificate List, a database accessible to all servers in a
domain. On the other hand, a key ring-style certifier creates logs on
whatever workstation on which it is used, so there is no centralized list of
issued certificates (just multiple partial lists). Therefore, any certificates
issued using the CA process won’t be recognized by a CA key ring, just
as any certificates that were created using a CA key ring file won’t be
recognized by the CA process.
This is a problem for Internet certifiers especially, because it is possible to
revoke Internet certificates in server-based certification authorities. To
revoke an Internet certificate, however, you must select it in the ICL. If
the certificate was initially issued using a key ring, it won’t appear in the
ICL, so it cannot be revoked.
Therefore, it is strongly advised that you choose one way to operate —
CA process or CA key ring — for each certifier.

Security
Chapter 38
Controlling Access to Domino Servers
This chapter includes information on setting up a Domino server to allow

users and other servers to access it.
Validation and authentication for Notes and Domino

Whenever a Notes client or Domino server attempts to communicate
with a Domino server to replicate, route mail, or to access a database,
two security procedures use information from the client or server ID to
verify that the client or server is legitimate. Validation establishes trust of
the client’s public key. If validation occurs successfully, authentication
begins. Authentication verifies user identity, and uses the public and
private keys of both the client and the server in a challenge/response
interaction.
Rules that guide trust of public keys

Validation uses these three rules to establish the trust of a public key.
Domino validates the client that is trying to access the server and the
server that the client is trying to access.
1. Trust the public key of any of the server or client’s ancestors in the
hierarchical name tree because the ancestor’s public key is stored in
the server or client’s ID file.
2. Trust any public key obtained from a valid certificate issued by any
of the server or client’s ancestors in the hierarchical name tree.
3. Trust any public key certified by any trusted certifier and belonging
to one of the certifier’s descendants.
How validation and authentication work

This example describes how validation and authentication work together
to ensure the security of the system. In this example, user Randi
Bowker/Marketing/East/Acme (the client) wants to access
Mail-E/East/Acme (the server).
1. Mail-E reads the Acme public key from Mail-E’s ID file. According to
the first rule above, Mail-E trusts the public key assigned to Acme.
38-1
2. Randi sends Mail-E information in her user ID. Mail-E reads Randi’s
user ID for the certificate issued by Acme to East. Mail-E uses the
Acme public key, which it now trusts, to verify that the East
certificate is valid. According to the second rule above, if the
certificate is valid, Mail-E trusts the public key assigned to East.
3. Mail-E then reads Randi’s user ID for the certificate issued by
East/Acme to Marketing. Mail-E uses the East/Acme public key to
verify that the Marketing/East/Acme certificate is valid. Again, the
second rule states that Mail-E now trusts the public key assigned to
Marketing/East/Acme.
4. Mail-E reads Randi’s user ID for the certificate issued by
Marketing/East/Acme to Randi. Mail-E uses the
Marketing/East/Acme public key, which it now trusts, to verify that
Randi’s certificate is valid. According to the third rule above, if the
certificate is valid, Mail-E trusts the public key assigned to Randi.
5. After Mail-E establishes trust of Randi’s public key, the
authentication process begins.
6. Mail-E sends a random number challenge to Randi.
7. Randi’s workstation encrypts the challenge with her private key and
sends the newly encrypted number back to Mail-E.
8. Mail-E uses Randi’s public key to decrypt the response. If this yields
the original challenge, Mail-E knows Randi is who she claims to be.
9. The process is then reversed. Randi’s workstation validates Mail-E’s
public key by processing Mail-E’s certificates and then uses the
challenge/response procedure just described to authenticate the
server.
Server access for Notes users, Internet users, and Domino servers
To control user and server access to other servers, Domino uses the
settings you specify on the Security tab in the Server document as well as
the rules of validation and authentication. If a server validates and
authenticates the Notes user, Internet user, or server, and the settings in
the Server document allow access, the user or server is allowed access to
the server.
Grant server access to users and servers who need to access resources
stored on the server. Deny access to prevent specified users and servers
from having access to all applications on the server.

Security
Access settings in the Server document control server access for both
Notes and Internet users. By default, the Server access settings apply
only to Notes clients. You can enable these settings for each of the
Internet protocols through the Ports tab of the Server document.
For more information, see the topic “Setting up Notes user, Domino
server, and Internet user access to a Domino server” later in this chapter.
Types of server access controls

Server access list
The server access list controls the access that Notes users, Domino
servers, and users who access the server using Internet protocols (HTTP,
IMAP, LDAP, POP3) have to that server. Keep in mind that using a
server access list activates an additional security code and can, therefore,
increase the time required to access the server.
server, and Internet user access to a Domino server” in this chapter.
Deny access list

The deny access list denies access to Notes users and Internet clients you
specify. For example, use a deny access list to prevent access by users
who no longer work for your company but who may still have their
Notes user IDs, or who still have a Person document in the Domino
Directory with a legitimate Internet password and would otherwise be
able to access the server using an Internet protocol.
server, and Internet user access to a Domino server” in this chapter.
Notes ID lock out

Notes ID lock out denies access to Notes users you specify. Like a deny
access list, Notes ID lock out prevents access by users who no longer
work for your company but who may still have their user IDs. Using
Notes ID lock out is useful when you want to prevent other users from
looking at a deny access list to see a list of users who have been
terminated from your organization.
For more information, see the topic “Denying Notes users access to all
servers in a domain” later in this chapter.
Anonymous access
Anonymous access lets Notes users and Domino servers access the server
without having the server validate and authenticate them. Use
anonymous access to provide the general public with access to servers
for which they are not cross-certified. When you set up anonymous
Controlling Access to Domino Servers 38-3

server access, Domino does not record the names of users and servers in
the log file (LOG.NSF) or in the User Activity dialog box.
When users attempt to connect to a server set for anonymous access and
the server can’t authenticate them, they see this message:
Server X cannot authenticate you because the server’s Domino
Directory does not contain any cross-certificates capable of
authenticating you. You are now accessing the server anonymously.
You can also set up Internet clients to access servers anonymously. For
more information on setting up anonymous access for Internet/intranet
clients, see the chapter “Setting Up Name-and-Password and
Anonymous Access to Domino Servers.”
Network port access

Network port access allows or denies access to specified Notes users and
Domino servers, based on the network port they try to use. For example,
you can deny access to Alan Jones/Sales/East/Acme when he dials into
the server but allow access when he uses TCP/IP to connect to the server.
For more information, see the topic “Controlling access to a specific
server port” later in this chapter.
Setting up Notes user, Domino server, and Internet user access to a

Domino server
You can specify Notes users and Domino servers that are allowed to
access the server, as well as users who access the server using Internet
protocols (HTTP, IMAP, LDAP, POP3). If your system uses multiple
Domino Directories, Domino searches only the first Domino Directory
specified in the Names setting in the NOTES.INI file for Notes users. If
you have enabled the server access settings for Internet protocols, you
can also specify users from secondary Domino directories and external
LDAP directories in the Allow or Deny access lists.
Note It is not necessary to specify Anonymous for the “Access server”
and “Not access server” fields. Anonymous access for Notes users is
enabled through the “Allow anonymous Notes connections” field, and
anonymous access for Internet users is enabled in the Internet Site
document for each Internet protocol (or the Server document if you are
not using Internet Sites to configure Internet protocols).

Security
Tip To improve log-in performance for a group of frequent users and
still allow access to everyone listed in the Domino Directory, create a
group named Frequent Users and then enter that group name first in the
“Access server” field. If Domino finds a user in the Frequent Users group
first, it doesn’t check the Domino Directory for the individual name. For
example, enter the following in the “Access server” field:
Frequent Users, *
For more information on creating groups, see the chapter “Setting Up

and Managing Groups.”
To set up Notes user and Domino server access to a Domino server

1. From the Domino Administrator, click Configuration and open the
Server document.
2. Click the Security tab.
3. In the Server Access section, complete one or more of these fields,
and then save the document:
Field Enter
Access server Click the check box to allow server access to users listed in
all trusted directories. This box is disabled by default. If
this option is not selected, then only those users specified
in the field below the check box can access the server.
In the drop-down field that appears below the check box,
add the names of specific Notes users, servers, and groups
to whom you want to give access to the server, such as:
• Names of users, servers, and groups.
• An asterisk (*) to allow all users in the Domino
Directory to have access. This is the same as enabling
the “Users listed in all trusted directories” field.
• An asterisk, followed by a certificate name — for
example, */Sales/East/Acme — to allow all users
certified by a particular certifier to have access.
• An asterisk followed by the name of the view — for
example, *($Users) — to allow all names that appear in
a specific view in the Domino Directory to have access.
Access time is quicker if you specify a group name
rather than a view name.
The default value for this field is blank, which means that
all users can access the server.
Separate multiple names with a comma or semicolon.
continued

Field Enter
Not access Any of these:
server • Names of users, servers, and groups.
• An asterisk, followed by a certificate name — for
example, */Sales/East/Acme — to deny access to all
users certified by a particular certifier.
• An asterisk followed by the name of the view — for
example, *($Users) — to deny access to all names that
appear in a specific view in the Domino Directory.
The default value for this field is blank, which means that
all names entered in the “Access server” field can access
the server.
Names entered in the “Not access server” field take
precedence over names entered in the “Access server”
field. For example, if you enter a group name in the
“Access server” field and enter the name of an individual
member of this group in the “Not access server” field, the
user will not be able to access the server.
Note An alternative way to deny Notes user access to a
server is to lock out an individual user’s ID from the
server.
Separate multiple names with a comma or semicolon.
Trusted Names of servers that are trusted to assert the identities of
servers users to this server, and thus are trusted by the current
server to have authenticated those users. Used for remote
agent access and xSP.
To enable Server document access settings for Internet protocols

Server document.
2. Click Ports - Internet Ports.
3. Choose the Internet protocol tab for which you want to enable server
access settings.
4. In the field “Enforce server access settings,” select Yes.

Security
Customizing access to a Domino server
After you set up basic access for Notes users and Domino servers, you
can customize access to restrict specific users and servers to specific
activities. To customize access to a server, you can do any of these:
• Deny Notes users access to all servers in a domain.
• Restrict administrator access.
• Set up anonymous server access.
• Control access to a specific server port.
• Control creation of databases, replicas, and templates.
• Control use of headline monitors.
• Control access to a passthru server or passthru destination.
• Control agents that run on a server.
• Control access by browser clients that use Java and Javascript
• Controlling Web browser access to files
• Controlling the level of authentication for Internet clients
• Create a Domino Web Server Application Programming Interface
(DSAPI) filter to customize the authentication of Web users. For
more information about DSAPI and filters, see the Lotus C API
Toolkit for Domino and Notes. The most current toolkit is available
at http://www.lotus.com/techzone.
Denying Notes users access to all servers in a domain

To deny Notes users access to all servers in a domain, lock out their user
IDs and enable password checking. When locked-out users try to access
the server, Domino tries to verify the passwords they enter by comparing
them against those stored in Person documents. Domino denies the users
access because their IDs are locked out.
This procedure applies only to Notes users. It does not apply to Internet
users attempting to access a Domino server.
It’s better to lock out user IDs instead of adding a group to the “Not
access server” field. Using ID lockout ensures that users cannot view a
list of names that have been denied server access.
1. Make sure that the Administration Process is set up and that you
have Editor access in the ACL of the Domino Directory.
2. From the Domino Administrator, click the People & Groups tab, and
select the Person documents of users to whom you want to deny
access.

3. Choose Actions - Set Password Fields, and then click Yes when
prompted to continue.
4. In the “Check Notes password” field, select Lockout ID, and then
click OK.
5. Click the Configuration tab, open the Server document for the server
to which you want to deny user access, and then click the Security
tab.
6. In the Security Settings section, select Enabled for the “Check
passwords on Notes IDs” field.
7. Repeat Step 4 for each server to which you want to deny the user
access.
Restricting administrator access

You can specify various access levels for different types of administrators
in your organization. For example, you may want to give only a few
people ’system administrator’ access, while all of the administrators on
your team are designated as database administrators.
Administrator access rights are granted hierarchically. The privilege
hierarchy looks like this:
• Full access administrator — gets all rights and privileges of all
administration access levels listed.
• Administrator — gets all rights and privileges of database
administrator and full-console administrator (but not system
administrator).
• Full console administrator — gets rights and privileges of view-only
console administrator (but not system administrator)
• System administrator — gets rights and privileges of restricted
system administrator
You do not need to list a user individually in each field. Adding a user to
the highest level of administrator access automatically grants that user all
privileges listed for more restricted access levels below in the hierarchy.
To restrict administrator access

1. From the Domino Administrator, click the Configuration tab, and
open the Server document.
3. In the Administrators section, complete one or more of these fields,
and then save the document.

Security
For all of these fields, you can specify individual hierarchical names,
groups, and wildcards (for example, */Sales/Acme). Separate
multiple entries with commas.
Note With the exception of the Administrators field, all of these
fields are blank by default, meaning that no one has these access
rights.
Field Action
Full access Enter the names of administrators who have full access to
administrators administer the server. This is the highest level of
administrative privilege. For more information, see below.
Administrators Enter the names of administrators who can administer the
server. The default value for this field is the name of the
administrator who initially set up the server.
Administrators listed here have the following rights:
• Manager access to the Web Administrator database
(WEBADMIN.NSF).
• Create, update, and delete folder and database links
• Create, update, and delete directory link ACLs
• Compact and delete databases
• Create, update, and delete full text indexes
• Create databases, replicas, and Master Templates
• Get and set certain database options (for example,
in/out of service, database quotas, and so on)
• Use message tracking and track subjects
• Use the console to remotely administer UNIX servers
• Issue any remote console command
Database Enter the names of administrators who will be responsible
administrators for administering databases on the server. Note that
database administrators are not automatically granted
Manager access to databases on the server, nor do they
have any access to the Web Administrator database. Users
listed here have the following rights only:
• Create, update, and delete Folder and Database links
• Create, update, and delete directory link ACLs
• Compact and delete databases
• Create, update, and delete full text indexes
• Create databases, replicas, and Master Templates
• Get and set certain database options (e.g., in/out of
service, database quotas, etc.)
continued

Field Action
Full remote Enter the names of administrators who can use the remote
console console to issue commands to this server.
administrators
View-only Enter the names of administrators who can use the remote
administrators console to issue only those commands that provide system
status information, such as SHOW TASKS and SHOW
SERVER
View-only administrators cannot issue commands that
affect the server’s operation.
System Enter the names of administrators who are allowed to
administrators issue a full range of operating system commands to the
server.
The type and range of commands depends on the server
operating system. For example, if the Domino server is an
NT server, then these administrators can issue NT
commands at the system command level prompt.
Similarly, administrators for a UNIX server would be able
to issue UNIX commands.
Note This feature requires that you run the Domino
server controller on the server machine. For more
information, see the topic The Server Controller and
Domino Console in the chapter “Setting Up and Using
Domino Administration Tools.”
Restricted Enter the names of administrators who are allowed to
system issue only the operating system commands that are listed
administrators in the Restricted System Commands field (see below).
Note This feature requires that you run the Domino
server controller on the server machine. For more
information, see the topic The Server Controller and
Domino Console in the chapter “Setting Up and Using
Domino Administration Tools.”
Restricted Enter the subset of operating system commands that
system Restricted System Administrators can issue. The type and
commands range of commands depends on the server operating
system and the tasks that restricted system administrators
need to do.
For example, you may want to have a restricted system
administrator for managing UNIX print queues. Enter the
UNIX commands for managing print queues in this field.
Any names you enter in the “Restricted system
administrators” field will then have access to these
commands only.
continued

Security
Field Action
Administer the This setting applies only to pre-Domino 6 servers for the
server from a purposes of backwards compatibility. The Domino 6 Web
browser Administrator client will only work with Domino 6
(pre-Domino 6 servers. In the case where an Domino 5 to Domino 6, those
servers only) servers that have not been upgraded will still need to have
this setting in their Server documents so they can use
earlier versions of the Web Administrator.
Caution Administrators who are listed in the Full Access

Administrators, Administrators, and Database Administrators fields on
the Security tab of a server document are allowed to delete any database
on that server, even if they are not listed as managers in the database
ACL.
Full access administrators

Full access administrator is the highest level of administrative access to
the server. The full access administrator feature replaces the need to run
a Notes client locally on a server. It resolves access control problems —
for example, such as those caused when the only managers of a database
ACL have left an organization.
Full access administrators have the following rights:
• All the rights as listed for all administrator access levels (see above).
• Manager access, with all roles and access privileges enabled, to all
databases on the server, regardless of the database ACL settings.
• Manager access, with all roles and access privileges enabled, to the
Web Administrator database (WEBADMIN.NSF).
• Access to all documents in all databases, regardless of Reader names
fields.
• The ability to create agents that run in unrestricted mode with full
administration rights.
• Access to any unencrypted data on the server.
Note Full access administrator does not allow access to encrypted
data. The use of the specified user’s private key is required to
decrypt documents that are encrypted with public keys. Similarly, a
secret key is required to decrypt documents encrypted with secret
keys.

Enabling full access administrator mode
In order to work in full access administrator mode, an administrator
must:
• Be listed in the Full Access Administrators field in the
Administrators section of the Security tab in the Server document. By
default, this field is empty.
• Enable “Full Access Administration” mode in the Administrator
client by selecting Administration - Full Access Administration. If
this mode is not enabled, then users will not have full administrator
access to the server, even if they are listed as a full access
administrator in the Server document. They will instead be granted
Administrator rights.
When full access administrator mode is enabled, the client’s window
title, tab title, and status bar indicate this. This is to remind users that
they are accessing the server with the highest level of privilege and
should therefore proceed with caution.
If an administrator enables full administration mode in the
Administration client, this mode is also enabled for the Domino Designer
and for the Lotus Notes clients. Full administrator access is also reflected
in their window titles, tab titles, and status bars.
If a user attempts to switch to full access administrator mode, but is not
listed as one in the Server document, the user is denied full access and a
message appears in the status bar and on the server console. The client
will be in full access mode, but that user will not have full administrator
access to that particular server. If the user attempts to switch servers, that
person’s access is checked against the server document of the new server.
Disabling the full access administrator feature

You can disable the Full Access Administrators field by setting
SECURE_DISABLE_FULLADMIN = 1 in the NOTES.INI file. This setting
disables full access adminstrator privilege and overrides any names
listed in that field in the Server document. This NOTES.INI parameter
can only be set by a user with physical access to the server who can edit
the NOTES.INI file for the server. This parameter cannot be set using the
server console, the remote console, or set in the Server document.

Security
Options for managing the full access administrator feature
There are several ways to grant full access administrator:
• Create a special Full Admin ID file — for example, “Full
Admin/Sales/Acme” — and only put that name in the Full Admin
field. You must then either log in with or switch to this user ID in
order to gain this level of access. Optionally, you could set up this ID
file to require multiple passwords.
• Create an OU-level certifier for granting full administrator access,
and issue additional IDs to trusted administrators — for example,
Jane Admin/Full Admin/Acme.
• Leave the Full Access Administrator field empty. Add the name of a
trusted individual for emergency situations, and remove it when the
situation has been resolved.
• Populate the Full Access Administrator field with a limited set of
trusted administrators.
You can also track how this feature is used:
• Configure the Event Handler to send notification through
EVENTS4.NSF when full access administration privileges are
invoked.
• Any database activity done using full access administrator access is
recorded in the database activity log, under Database Properties.
• Use of the feature is logged by the server.
Setting up anonymous server access for Notes users and Domino

servers
When a server is set up for anonymous access, Notes users and Domino
servers do not need a valid certificate to access the server, since the
server does not validate or authenticate them. Use anonymous access to
allow users and servers outside your organization to access a server
without first obtaining a certificate for the organization. You can also set
up anonymous access for Internet/intranet users.
For more information on anonymous Internet/intranet access, see the
chapter “Setting Up Name-and-Password and Anonymous Access to
Domino Servers.”
3. In the Security Settings section, enable “Allow anonymous Notes
connections.”

4. Save the document.
5. Create an entry named Anonymous in the ACL of all databases to
which you want to allow anonymous access. Assign the appropriate
access level — typically Reader access. If you don’t add Anonymous
as an entry in the ACL, anonymous users and servers get -Default-
access.
6. Stop and restart the server so that the changes take effect.
Controlling access to a specific server port

Use a port access list to allow or deny Notes user and Domino server
access to a specific network port. If you use a port access list and a server
access list, users and servers must be listed on both to gain access to the
server.
To control access to a specific port, use these NOTES.INI settings:
• Allow_Access_portname = names
• Deny_Access_portname = names
where portname is the name of the port, and names is a list of users,
servers, and groups to whom you want to deny or allow access.
These names must be contained in the Domino Directory.
For more information, see the appendix “NOTES.INI File.”
Controlling creation of databases, replicas, and templates

To manage available disk space, control which users and servers are
allowed to create databases and replicas on a server. If your system uses
multiple Domino Directories, Domino searches only the first Domino
Directory specified in the Names setting in the NOTES.INI file.
If the server allows a user to create database replicas, but a particular
database ACL prevents it, the user cannot create a replica for that
database.
Tip Create a group named “Replica Makers” that lists the names of all
people who can create replicas on servers. Enter the group name
“Replica Makers” in the “Create replica databases” field in each Server
document in the Domino Directory.
1. From the Domino Administrator, click Configuration, and open the
Server document.

Security
3. In the Server Access section, complete one or more of these fields,
and then save the document:
Field Action
Create new databases Enter any of these:
and templates • Names of specific servers, users, and groups.
• An asterisk (*) followed by a certificate name —
for example, */Sales/East/Acme — to allow all
users certified by a particular certifier to create
databases.
• An asterisk (*) followed by a view name — for
example, *($Users) — to allow all names that
appear in a specific view in the Domino
Directory to create databases. Access time is
quicker if you specify a group name rather than
a view name.
The default value for this field is blank, which
means that all users can create new databases.
Separate multiple names with commas or
semicolons.
Create replica Enter any of these:
databases • Names of specific servers, users, and groups.
replicas.
Directory to create replicas. Access time is
a view name.
Note Servers, users, and groups who cannot
create new databases on the server (see above)
cannot create replicas.
The default value for this field is blank, which
means that no one can create new replicas.
semicolons.
continued

Field Action
Create master Enter any of these:
templates • Names of specific servers, users, and groups.
templates.
Directory to create replicas. Access time is
a view name.
Note Servers, users, and groups who cannot
create new databases or replicas on the server (see
above) cannot create or update templates.
The default for this field is blank, which means
that no one can create master database templates
on the server.
semicolons.
For information on creating groups, see the chapter “Setting Up and

Managing Groups.”
Controlling the use of headline monitors

This setting is for Notes users only. Notes users can set up their headlines
to search server databases automatically for items of interest. This setting
controls which users can or cannot access this server for headlines.
Note If many users use this feature, server performance may be slow.
For information about headlines, see Lotus Notes 6 Help.
Server document.

Security
3. In the Server Access section, complete one or both of these fields, and
then save the document:
Field Action
Allowed to use Enter any of these:
monitors • Names of specific users and groups.
• An asterisk (*) followed by a certificate name — for
certified by a particular certifier to use a monitor.
example, *($Users) — to allow all names that appear
in a specific view in the Domino Directory to use
monitors. Access time is quicker if you specify a
group name rather than a view name.
Separate multiple names with commas or semicolons.
The default for this field is * (all users). Leave the field
blank to allow no one to use headline monitors.
Not allowed to Enter any of these:
use monitors • Names of specific users and groups.
example, */Sales/East/Acme — to prevent users
certified by a particular certifier from using monitors.
example, *($Users) — to prevent all names that
appear in a specific view in the Domino Directory
from using monitors. Access time is quicker if you
specify a group name rather than a view name.
The default for this field is blank, meaning that no one
is restricted from using monitors. Use an asterisk (*) to
prevent all users from using monitors.
You can also restrict users from monitoring an individual database.

For more information, see the chapter “Improving Database
Performance.”
Controlling access to a passthru server or passthru destination

A passthru server allows users and servers to use a passthru connection
to connect to another server. The server to which users connect is called a
passthru destination. You can control which users and servers can access
a passthru server and passthru destination.
For more information on passthru servers, see the chapter “Setting Up
Server-to-Server Connections.”

If your system uses multiple Domino Directories, Domino searches only
the first Domino Directory specified in the Names setting in the
NOTES.INI file.
Internet and intranet clients cannot use passthru; therefore, these settings
are valid only for Notes users and Domino servers.
Server document.
3. In the Passthru Use section, complete one or more of these fields, and
then save the document:
Field Action
Access this Enter any of these:
server • Names of specific servers, users, and groups.
certified by a particular certifier to access the server.
example, *($Users) — to allow access to all names that
Any users or servers listed in this field can use a passthru
server to access this server. This field does not take
precedence over other access fields — for example, the
“Access server” and “Not access server” fields. For
example, if the “Access server” field specifies that only
users listed in the Domino Directory can access this
server, users who are not in the local domain cannot
access this server.
The default for this field is blank, which means that users
and servers are prevented from using a passthru
connection to access this server.
continued

Security
Field Action
Route through Enter any of these:
• Names of specific servers, users, and groups.
certified by a particular certifier to access the server.
example, *($Users) — to allow access to all names that
Any users or servers listed in this field can use the server
as a passthru server, regardless of whether or not they are
also included in the “Access server” or “Not access
server” fields.
and servers are prevented from using this server for
passthru access.
Cause calling Enter any of these:
• Names of specific servers, users, and groups.
certified by a particular certifier to initiate calling.
example, *($Users) — to allow all names that appear in
a specific view in the Domino Directory to allow
calling. Access time is quicker if you specify a group
name rather than a view name.
Any users or servers listed in this field can instruct this
server to call — that is, place a phone call to — another
server in order to establish a routing path to that server. If
no names are entered, no calling is allowed. In general, if
the Replicator on another server uses the modem on a
server to reach its targets, the server name of the Replicator
must be included in this list on the server with the modem.
Otherwise, the replication will frequently fail.
and servers are prevented from using this server to route
a path to another server.
This field corresponds to the Allow_Passthru_Callers
setting in the NOTES.INI file. If a conflict exists, the
“Cause calling” field takes precedence.
continued

Field Action
Destinations Enter the names of destination servers to which this
allowed server may route clients.
The default for this field is blank, which means that all
servers may be routed to.
This field corresponds to the Allow_Passthru_Targets
setting in the NOTES.INI file. If a conflict exists, the
“Destinations allowed” field takes precedence.
Controlling agents that run on a server

To control the types of agents users can run on a server, set up
restrictions for server agents. The fields in this section are organized
hierarchically with regard to privileges. “Run unrestricted methods and
operations” has the highest level of privilege and “Run Simple and
Formula agents” has the lowest. A user or group name in one list will
automatically receive the rights of the lists beneath. Therefore a name has
to be entered in only one list, which then gives that user the highest
rights.
Tip Create a group for each class of users to be used in every category.
For a list of restricted LotusScript and Java features and information
about agents, see Application Development with Domino Designer.
For information on creating groups, see the chapter “Setting Up and
Managing Groups.”
Server document.

Security
3. In the Programmability Restrictions section, complete one or more of
these fields, and then save the document:
Field Action
Run unrestricted Enter the names of users and groups who are allowed to
methods and select, on a per agent basis, one of three levels of access
operations for agents signed with their ID. Users with this privilege
select one of these access levels when they are using
Domino Designer 6 to build an agent:
restricted mode
unrestricted mode
unrestricted mode with full administration rights.
Only users who have this access can choose an option
other than “do not allow restricted operations.” This
access is enabled by default for the current server and
Lotus Notes Template developers.
If users in this list are also listed as a database
administrator in the Server document, they are allowed
to perform database operations without having to be
listed explicitly in the database ACL. (for example, they
can delete databases without being listed in the ACL of
those databases).
To have the ability to run agents in unrestricted mode
with full administration rights, the agent signer should
be listed in this field, or in the Full Access Administrator
field, as well as have this mode selected in the Agent
Builder. Being listed in Full Access Administrator list
alone is not sufficient to run agents in this mode.
Sign agents to run Enter the names of users and groups who are allowed to
on behalf of sign agents that will be executed on anyone else’s
someone else behalf. The default is blank, which means that no one
can sign agents in this manner.
This privilege should be used with caution, as the name
for whom the agent is signed on behalf of is used to
check ACL access.
Sign agents to run Enter the names of users and groups who are allowed to
on behalf of the sign agents that will be executed on behalf of the
invoker of the invoker, when the invoker is different from the agent
agent signer. This setting is ignored if the agent signer and the
invoker are the same. This is used currently only for
Web agents. The default is blank, which means that
everyone can sign agents invoked in this manner (this is
for backwards compatability).
continued

Field Action
Run restricted Enter the names of users and groups allowed to run
LotusScript/Java agents created LotusScript and Java features, but
agents excluding privileged methods and operations, such as
reading and writing to the file system. Leave the field
blank to deny access to all users and groups.
Run simple and Enter the names of users and groups allowed to run to
formula agents run simple and formula agents, both private and shared.
Leave the field blank to allow all users and groups to
run simple and formula agents, both private and
shared.
Sign script Enter the names of users and groups who are allowed to
libraries to run on sign script libraries in agents executed by someone else.
behalf of someone For the purposes of backwards compatibility, the default
else value is to leave the field empty, to allow all.
Controlling server access by browser clients that use Java and

JavaScript
Note These settings are for use only with R5.x and earlier servers. They
should not be used with a Domino 6 server and are included for the
purpose of backwards compatibility only, to be used to manage prior
releases of Domino servers with the Lotus Notes 6 client.
For more information on the DIIOP task, see the chapter “Setting Up the
Domino Web Server.”
Server document.
3. In the Programmability Restrictions section, complete one or both of
these fields, and then save the document:
Field Action
Run restricted Enter the names of authenticated browser users
Java/JavaScript/COM and/or groups allowed to run server programs
created with a specific set of Java and JavaScript
features.
Leave the field blank (default) to deny access to all
users and groups.
Run unrestricted Enter the names of authenticated browser users
Java/JavaScript/COM and/or groups allowed to run server programs
created with all Java and JavaScript features.
Leave the field blank (default) to deny access to all
users and groups.

Security
For a list of restricted Java and JavaScript classes, see Application
Development with Domino Designer.
Controlling Web browser access to files

You can use the following security features to control Internet/intranet
access to files on the servers:
• File protection documents
• Web realms
Physically securing the Domino server

Physically securing servers and databases is just as important as
preventing unauthorized user and server access. Therefore, locate all
Domino servers in a ventilated, secure area, such as a locked room. If
servers are not secure, unauthorized users might circumvent security
features — for example, ACL settings — access applications on the
server, use the operating system to copy or delete files, and physically
damage the server hardware itself.
To ensure maximum physical security for servers, do one or more of the
following:
• Use the server without a mouse, and keep the keyboard locked.
• Password-protect the server ID. If an ID uses a password, you must
manually restart the server rather than restart it automatically. To
restart the server, you must know the server password.
• Use the Set Secure command to password-protect the console and
restrict what can be done while the server is running.
For more information on the Set Secure command, see the appendix
“Server Commands.”
• Use the Local Security option to encrypt databases on the server with
the server ID. Then people at the server can access databases only if
they have access to the server ID that was used to encrypt the
databases.
• Use operating system features to secure data files and lock keyboard
access. For more information, see your operating system
documentation.

Securing the server console with a Smartcard
Beginning with Lotus Notes 6, Notes users can use a Smartcard with
their User ID to log in to Notes. Smartcard use requires the installation of
a Smartcard reader on the user’s computer, along with the Smartcard
software and drivers. The advantage of using a Smartcard with Notes is
that the Smartcard locks User ID. Logging into Notes with a Smartcard
requires the Smartcard, the User ID, and the user’s Smartcard PIN.
For more information about how Notes users set up Smartcards, see the
topic Enabling Smartcards for Notes login.
Administrators can take advantage of Smartcard security to physically
secure the Domino server console. In this case the administrator would
be locking the Server ID with the Smartcard.
To secure the server console with a Smartcard

Caution Ensure that the server.id is recoverable via the ID File
Recovery before proceeding. Also, verify that the encrypted backup copy
of the server.ID exists in the ID file repository.
Before you begin:
• Have the Domino server workstation on, but do not launch the
Domino server software.
• Modify the Domino server’s NOTES.INI file to include a variable,
PKCS11_Library=, that points to the Smartcard PKCS#11 file. This
file will be loaded during Smartcard installation. For example:
PKCS11_Library=C:\Program Files\Schlumberger\Smart Cards
and Terminals\Common Files\slbck.dll
Caution If you do not modify the server’s NOTES.INI file to include the
PKCS11_Library variable, when you try to launch the Domino server, it
will shut down and return a “Login aborted by user” error.
1. On the Domino server workstation, install a Smartcard reader and
Smartcard driver files.
2. On a Notes client workstation, install a Smartcard reader and the
same Smartcard driver files as you installed on the Domino server.
This workstation will be used to configure the Smartcard for the
server.
3. Copy the server.id from the Domino server onto a diskette. Insert the
diskette into the Notes workstation.
4. Launch the Notes client with a User ID from the domain for which
the server has a certificate.
5. Place the Smartcard designated for the server into the card reader of
the Notes client. If required, enter the Smartcard PIN.

Security
6. Click File - Security - Switch ID to switch to the copy of the server.id
file.
7. Do the following to enable the server.id file for the associated
Smartcard
a. Click File - Security - User Security, and enter the password for
the server.id.
b. Click Smartcard Options.
c. Click “Enable Smartcard Login.”
d. Enter password (if needed) and the Smartcard PIN. After
approximately 10 to 15 seconds, the Smartcard will be configured
for the server.id file.
8. Copy the Smartcard-enabled server.ID file back to the server’s
Domino\data directory.
9. Place the Smartcard in the Domino server card reader, and launch
Domino.
10. At the server command console, enter the Smartcard PIN when
prompted and Domino will launch.

Security
Chapter 39
Protecting and Managing Notes IDs
This chapter describes how to control access to Domino server and Notes
user IDs.
Domino server and Notes user IDs

Domino uses ID files to identify users and to control access to servers.
Every Domino server, Notes certifier, and Notes user must have an ID.
When you register users and servers, Domino automatically creates their
IDs. An ID file contains:
• The owner’s name. A user ID file may also contain one alternate
name. A certifier ID may contain multiple alternate names.
• A permanent license number. This number indicates that the owner
is legal and specifies whether the owner has a North American or
International license to run Domino or Notes.
• At least one Notes certificate from a certifier ID. A Notes certificate is
a digital signature added to a user ID or server ID. This signature,
which is generated from the private key of a certifier ID, verifies that
the name of the owner of the ID is correctly associated with a specific
public key.
• A private key. Notes uses the private key to sign messages sent by
the owner of the private key, to decrypt messages sent to its owner,
and, if the ID belongs to a certifier, to sign certificates.
• (Optional Notes client only) Internet certificates. An Internet
certificate is used to secure SSL connections and encrypt and sign
S/MIME mail messages. An Internet certificate is issued by a
Certification Authority (CA) and verifies the identity of the user. The
user’s private key associated with an Internet certificate is stored
with that certificate.
• (Optional) One or more secret encryption keys, created and
distributed by users to allow other users to encrypt and decrypt
fields in a document.
39-1
Note If a user is in the process of requesting a new private key or a
name change, the pending information is also stored in the ID file. If
a Notes private key is changed, then the obsolete information is also
stored in the ID file for backwards compatibility. For example, you
would need the obsolete information to read old encrypted e-mail.
Certificates
A certificate is a unique digital signature that identifies a user or server.
Server and user IDs contain one or more Notes certificates. In addition,
user IDs may contain one or more Internet certificates that identify users
when they use SSL to connect to an Internet server or send a signed
S/MIME mail message.
A certificate contains:
• The name of the certifier that issued the certificate.
• The name of the user or server to whom the certificate was issued.
• A public key that is stored in both the Domino Directory and the ID
file. Notes uses the public key to encrypt messages that are sent to
the owner of the public key and to validate the ID owner’s signature.
• A digital signature.
• The expiration date of the certificate.
Certificates are stored in ID files and in Person, Server, and Certifier
documents in the Domino Directory. They are also referred to as Notes
certified public keys.
Public keys are not secret. Any user may look up another user’s public
key and use it to send encrypted mail to or authenticate the user. It is
important that someone looking up a public key learn it reliably since
Domino uses it for identification. Users must be able to obtain the public
key of the certifier that issued the certificate before they can authenticate
the certificate’s owner. If a user has a certificate issued by the same
certifier as another user or server, the first user can verify the public key
for the certificate and then reliably know the public key associated with
the server or user name. If a user doesn’t have a certificate issued by the
same certifier, the user needs a cross-certificate for authentication.
When you register users and servers, Domino automatically creates a
Notes certificate for each user and server ID. In addition, you can use a
Domino or third-party certificate authority (CA) to create Internet
certificates for user IDs. Domino uses the x.509 certificate format to create
Internet certificates.

Security
Notes certificates have expiration dates. Therefore, you must recertify
Notes IDs when their expiration dates approach. In addition, if a user or
server name changes, you must recertify the corresponding Notes ID so
that a new certificate will bind the public key to the new name.
Changing a name on a user ID may also affect Internet certificates. For
example, a user who has changed the name on a user ID may receive
warning messages when sending signed S/MIME mail, warning the user
that recipients of the message may receive a signature by a name that
isn’t on the original certificate used for signing.
Viewing the certificates on an ID

You can display the Notes and Internet certificates associated with an ID
and display information about each certificate — for example, public key,
creation date, expiration date, and certifier information.
For example, the Certificates box displays certificates for a Notes user ID
with the name Alan Jones/Sales/East/Acme. The first certificate listed
below is the one issued to Alan Jones for international use. The second
certificate listed below is the one issued to Alan Jones for North
American use and for electronic signing. Following these are the
certificates issued to the certifier of the ID and to any ancestors of the
certifier. The last certificate listed below is the Internet certificate issued
to Alan Jones.
Certificate Issued to
/Sales/East/Acme (International) Alan Jones/Sales/East/Acme
/Sales/East/Acme (North American) Alan Jones/Sales/East/Acme
/East/Acme /Sales/East/Acme
/Acme /East/Acme
/Acme /Acme
CN=AcmeCA/OU=East/O=Acme/L= EMAIL=alan_jones@acme.com/CN=
Cambridge/ST=Massachusetts/C=US AlanJones/OU=East/O=Acme/L=
Cambridge/ST=Massachusetts/C=US
To view certificates
1. From the Domino Administrator, click Configuration - Certification.
2. Click ID Properties.
3. Choose the ID file to view.
4. Enter the password and click OK.
Protecting and Managing Notes IDs 39-3

5. In the ID Properties dialog box, do the following:
a. Click Your Identity - Your Certificates to display a list of all
Notes and Internet certificates issued to this ID file.
b. Select the certificate in the Certificates box to display additional
information about the certificate.
c. To get more information about a certificate, highlight it in the list
and click Advanced Details. Here you can specify a default
Internet signing certificate if there are multiple Internet
certificates in the ID file.
For more information on using Internet certificates, see the chapter
“Setting Up Clients for S/MIME and SSL.”
For more information on how Notes users can view certificates in their
IDs, see Lotus Notes 6 Help.
Password-protection for Notes and Domino IDs

To ensure the security of the Domino system, password-protect all Notes
and Domino IDs — certifier, server, and user. When you
password-protect an ID, a key that is derived from the password
encrypts the data on the ID. Then, when you attempt to access mail, open
a server-based database, or examine ID file information, you are
prompted to enter a password. Note that this information does not apply
to password-protection for Internet clients.
For information on password protecting Internet clients, see the chapter
“Setting Up Name-and-Password and Anonymous Access to Domino
Servers.”
Password-protection features
Password quality
When you register a user or server or create a certifier ID, you use a scale
of 0 to 16 to specify the level of password quality you want enforced for
the ID. The higher the level, the more complex the password and,
therefore, the more difficult it is for an unauthorized user to guess the
password. For optimal security, specify a password quality level of at
least 8.
The password quality level you assign is enforced when you enter a
password for new IDs or when users change the password for an existing
ID. When users change their passwords, Notes displays information
about the password quality level required by the ID file. Users must
enter a password that meets the criteria for the level; otherwise, they are
not allowed to change the password.

Security
When choosing a password, it is best to specify a random, alphanumeric
string that includes mixed uppercase and lowercase letters, numbers,
and punctuation. Also, it is better to specify an entire phrase, rather than
a single word. A passphrase is easy to remember, difficult to guess, and
generally longer than a single-word password. If you choose to use a
phrase, you should misspell one or more of the words to make it more
difficult for attackers to guess at the phrase.
To change the password quality level assigned to an ID, you must
recertify the ID or use a security settings policy document.
For more information about using a security settings policy document to
manage IDs, see the chapter “Using Policies.”
For more information on password quality, see the topic “Understanding
the password quality scale” later in this chapter.
Time-delay and anti-spoofing mechanisms

All passwords for Notes IDs have built-in time-delay and anti-spoofing
mechanisms, both of which deter password-guessing programs and
prevent password theft by programs that resemble the password-prompt
dialog box. The time-delay mechanism delays the time it takes to be able
to proceed after an incorrect password is typed. When a user types a
password, the anti-spoofing mechanism creates a graphic pattern that
other programs cannot reproduce.
Password and public-key verification during authentication

By default, Notes and Domino use passwords only to protect information
stored in ID files. However, you can configure servers to verify
passwords and Notes public keys during authentication. Password and
public-key verification reduces the unauthorized use of IDs. If you set up
a server to verify passwords and an unauthorized user obtains an ID and
its password, the authorized user just needs to change the password for
the ID. Then, the next time the unauthorized user attempts to
authenticate, that user will not be allowed access to the server because
Domino informs the user that they must change the password on this
copy of the ID to match that on another copy of their ID (which the
unauthorized user doesn’t know).
Along with verifying passwords, you can set up servers to require users
to change their password periodically.
For more information on verifying passwords, see the topic “Verifying
user passwords during authentication” later in this chapter.
For more information on verifying public keys, see the topic “Public key
security” later in this chapter.

Multiple passwords
To provide tighter security for certifier and server IDs, assign multiple
passwords to those IDs. Using multiple passwords requires that a group
of administrators work together to access an ID. For example, this feature
is useful when you want to avoid giving authority for a certifier ID to one
person. You can specify that only a subset of the assigned passwords be
required to access the ID. For example, you can assign four passwords to
the ID but require that only any two of the four passwords be entered to
gain access to the ID. Requiring only a subset of the passwords allows
administrators to access the ID, even when all of the administrators are
not available.
Note User IDs can also be secured with multiple passwords.
For more information on multiple passwords, see the topic “Assigning
multiple passwords to server and certifier IDs” later in this chapter.
ID file recovery
If you have ID recovery in place, when a user loses an ID file or forgets
the password to the ID file, a group of administrators can work together
to recover the ID file. Losing an ID file normally prevents users from
accessing servers and reading messages and other data that they
encrypted with the ID. Using the ID file recovery feature, administrators
can prevent this loss of access and prevent unauthorized users from
illicitly recovering IDs.
For more information on ID file recovery, see the topic “ID file recovery”
Using a Smartcard to secure a Notes ID

When using Smartcards to log into Notes, users are essentially locking
and unlocking their user IDs. The advantage of using a Smartcard with
Notes is that the user’s Internet private keys can be stored on the
Smartcard instead of on the workstation. Then users can take Smartcards
with them when they are away from their computers. For both regular
and roaming users, Smartcards increase user ID security.
Caution In order for Notes users to set up Smartcards, you must disable
password checking, change/grace intervals and expiration in the user’s
Person document. Otherwise, Smartcard users will eventually be locked
out.
For more information on how Notes users can use Smartcards, see Lotus
Notes 6 Help.

Security
The password quality scale
When creating passwords for user, server, or certifier IDs, you need to
understand the criteria by which Domino measures password strength
and security. Domino measures this criteria according to the level
assigned on its password quality scale. The scale assigns a minimum
level of quality to the password on an ID file. Domino bases the
password quality on the number and variety of characters in the
password.
The algorithm used to calculate password quality is used to enforce the
selection of passwords that are sufficiently complex to meet the
password quality scale level chosen to protect user ID files. When a user
is registered, the user’s ID file contains a password strength value. This
setting is enforced if the user changes the password.
The scale ranges from 0 (weakest — no password required) to 16
(strongest). A quality of 1 indicates that any password satisfies the
criteria. Domino defines default levels for certifier, server, and user
password quality. You should change these defaults to meet your
organization’s security criteria. You can set the defaults in a security
settings policy document, in Administration Preferences, or in the
registration or certification dialog boxes.
Password strength is not the same as password length. Not all passwords
of equal length have equal strength in the password quality scale. For
example, the 8-character word “password” (because it is a word) and the
8-character word “1168Acme” (because it contains numbers and
alphabetic characters) do not carry the same level of character complexity
and do not have equal strength on the quality scale.
Password quality scale Description Example

0 Password is optional. None.
1 Allow any password. “b”, “3”
2-6 Allow a weak “password”, “doughnut”
password, even (password quality scale 3)
though you might be “lightferret”, “b 4D” (password
able to guess it by trial quality scale 6)
and error.
7-12 Require a password “pqlrtmxr”, “wefourkings”
that is difficult to (password quality scale 8)
guess, but might be
vulnerable to an
automated attack.
continued

Password quality scale Description Example
13-16 Require a strong “4891spyONu” (password
password, even quality scale 13)
though the user may “lakestreampondriverocean”,
have difficulty “stRem2pO()” (password quality
remembering it. scale 15)
“stream8pond1river7lake2ocean
”(password quality scale 16)
Tips for assigning passwords and scale

• Do not use words in a password that are in the Domino spell-check
dictionary. Passwords containing words found in a Domino
spell-check dictionary are generally weaker than passwords of equal
length that do not contain words from the spell-check dictionary.
• Use mixed-case words and words that contain numbers and
punctuation for passwords instead of entirely lowercase alphabet
characters. To make a password stronger without making it longer,
avoid using words; instead use mixed-case characters and include
punctuation and numbers.
• Use a passphrase instead of a password. A complete sentence,
especially one with a word or two misspelled, is a strong password
that an attacker would have difficulty guessing.
• Use passwords that have a quality of 12 or higher. Passwords that
have a quality of 12 or higher are resistant to an automated attack.
Passwords that have a quality below 4 are easy to guess.
• Set a default value for all Password Quality Scale fields so that all
passwords assigned to servers, users, and certifier IDs in your
organization have appropriate levels of complexity.
Verifying user passwords during authentication

You can enable password verification so that a Notes user can
authenticate with a server only after providing the correct password that
is associated with the user ID. If an unauthorized user obtains an ID and
learns the ID’s password, the owner of the ID can use password
verification to change the password and prevent the unauthorized user
from continuing to use the ID to authenticate with servers. The next time
the unauthorized user tries to use the ID with the old password to access
a server, the server verifies the password, determines that the password
entered does not match the new password, and denies the unauthorized
user access to the server. Without password verification, an

Security
unauthorized user could use an ID and password even after the user
changed the password on the ID, since, by default, the password is used
only to decrypt the ID file and is not verified against the password stored
in the Domino Directory. If you set up password verification, require
users to change the passwords on their IDs on a regular basis. As the
time for the required password change approaches (after two-thirds of
the current change interval has passed, but at a minimum of two days
remaining), a prompt appears to remind the user to change the
password. When users change the password, the current ID and Person
document are updated with the new password.
If a user has multiple ID files, the user change the password in each of
them to match the new password. You cannot use password verification
on ID files that contain multiple passwords.
Each time a user changes a password, the user must specify a unique
password. Notes keeps a record of up to 50 passwords that have been
previously used. If you enable password history checking (through the
use of a security settings document), you can configure the number of
new passwords that must be used before a given password can be
reused.
An expired password doesn’t prevent a user from reading encrypted
mail or creating new signed documents on local replicas; however,
without specifying a new password, users cannot access databases on
servers.
Note that password verification during authentication will not work for
Internet users because they do not have Notes user IDs (unless their
Notes and Internet passwords have been synchronized).
Caution Do not enable password expiration for users whose ID files are
locked with Smartcards. Otherwise, it is possible that a user’s ID could be
locked out until the password digest can be cleared.
The Administration Process and password verification

Password verification requires the Administration Process to update
documents in the Domino Directory. When you enable password
verification for a user, the Administration Process creates a “Set
Password Information” request in the Administration Requests database.
Domino carries out this request according to the setting in the Interval
field in the Administration Process section of the Server document. This
request enables password-checking by entering values in the Check
password, Required change interval, and Grace period fields in the
Administration section of the user’s Person document.

The first time the user logs onto a server that requires password
verification, the Administration Process generates a “Change User
Password in Domino Directory” request in the Administration Requests
database. This request enters a corresponding password digest in the
Password digest field in the Administration section of the Person
document. It also records the date the user provided the password in the
Last change date field in the Administration section of the Person
document. To authenticate with servers that are enabled for password
verification, the user must provide the password that corresponds to the
digest.
From then on, when a user changes a password, the Administration
Process generates a new “Change User Password in Domino Directory”
request in the Administration Requests database. This request updates
the Password digest and Last change date fields in the Person document.
Note that if you modify the change interval or grace period after you
enable password verification, the Administration Process must update
the fields in the Person document and then user must change the
password for the change to take effect.
For information on the Administration Process, see the chapter “Setting
Up the Administration Process.”
Required change intervals and grace periods

You can set up a server to verify users’ passwords during authentication
without requiring them to change their passwords. If you require
password changes, you can specify a grace period that indicates the
length of time after the change interval expires before users are locked
out of the server. If a required change interval expires before the user
changes the password, the user can’t authenticate with servers that
require password verification until the user creates a new password. If a
grace period expires and the user still hasn’t changed the password, the
user can’t authenticate until the administrator manually deletes the data
in the Password digest field in the Person document and the user creates
a new password. If an unauthorized user changes the password on an ID
before the authorized owner of the ID does, the authorized owner can’t
authenticate and sees this message:
You have a different password on another copy of your ID file and
you must change the password on this copy to match.
In this case, delete the entry in the Password digest field, and ask the
authorized user to log on immediately and enter a new password.
Caution For users whose ID files are locked with Smartcards, set the
required change interval and grace period to 0. Otherwise, it is possible
that a user’s ID could be locked out.

Security
Setting up password verification
You can enable password verification through the use of a security policy
settings document, which allows you to enable this feature for multiple
users, or you can enable password verification on an individual basis
through the Domino Directory. You can also choose to lock out a user’s
ID, which prevents the user from logging into the server.
For more information on the security policy settings document, see the
chapter “Using Policies.”
To enable password verification for individual users

1. Make sure that:
• The Administration Process is set up on the server
• You have at least Author access and the UserModifier role in the
Domino Directory.
• Password verification is enabled on the servers with which these
users authenticate.
2. From the Domino Administrator, click People & Groups.
3. Select each Person document for which you want to enable password
checking.
4. Choose Actions - Set Password Fields, and then click Yes to continue.
5. In the Check Notes Password field, select “Check password.”
6. Complete these fields, and then click OK:
Field Action
Required change Enter the length of time, in days, that a password can
interval be in effect before it must be changed. Default is zero.
Allowed grace Enter the length of time, in days, that users have to
period change an expired password before being locked out.
Default is zero.
7. (Optional) You can also choose to force individual users to change

their Internet passwords the next time they log in. In the “Force users
to change Internet password on next login” dialog box, click Yes.
Caution Do not enable password expiration for users whose ID files are
locked with Smartcards. Otherwise, it is possible that a user’s ID could be
locked out until password expiration can be cleared. You should also be
sure that the required change interval and allowed grace period is set at
zero.

To disable password verification for an individual user
When you disable password verification for a user, Domino does not
check passwords for the user even if password verification is enabled for
the server.
1. From the Domino Administrator, click People & Groups using a
network connection to the Domino Directory.
2. Select each Person document for which you want to enable password
checking.
4. In the Set Passwords Fields dialog box, select “Don’t check
password,” and then click OK.
To lock out an individual user's ID

1. From the Domino Administrator, click People & Groups using a
network connection to the Domino Directory.
2. Select the Person document of the user whose ID will be locked out.
4. In the Set Passwords Fields dialog box, select “Lockout ID,” and then
click OK.
To enable password verification on servers

To use password verification for Notes users, you must enable password
verification for both users and servers. Do the following to enable
password verification on each server with which these users
authenticate:
1. From the Domino Administrator, click Configuration.
2. Open the Server document of the server for which you want to
enable password verification.
3. Click Security, and then in the “Check passwords on Notes IDs”
field, select Enabled.
4. Repeat for each server on which you want to enable password
verification.
To disable password verification for a server

When you disable password verification for a server, Domino does not
check passwords for any users who access the server, even if the user has
password verification enabled.
2. Open the server document of the server for which you want to
disable password verification.

Security
3. Click Security, and then in the “Check passwords on Notes IDs”
field, select Disabled.
4. Repeat for each server on which you want to disable password
verification.
Assigning multiple passwords to server and certifier IDs

To assign multiple passwords
To complete these steps, you must gather together all of the
administrators whose passwords will be assigned to the ID. Each
administrator must complete a series of steps. Any password that was
assigned to the ID before you assign multiple passwords is no longer
valid.
1. From the Domino Administrator, click Configuration, and then click
Certification.
2. Choose Edit Multiple Passwords.
3. Select the ID to which you want to assign multiple passwords, and
then click Open.
4. Enter the password for the ID (if required).
5. Each administrator in turn completes these steps:
a. In the “Authorized User” field, enter your user name.
b. In the “New Password” field, enter a password.
c. In the “Confirm Password” field, retype the password.
d. Click Add to add your name and password to the ID file.
6. Enter the number of passwords required to access the ID. Enter a
number that is less than or equal to the number of administrators
who assigned passwords to the ID.
7. Click OK.
To edit a password
then click Certification.
3. Select the ID containing a password you want to modify.
4. Enter the required passwords. The administrators need to be
physically present to enter all of the passwords.
5. Select a user who has a password in the file.
6. In the “New Password” field, type the new password.

7. In the “Confirm password” field, retype the new password.
8. Click Modify, and then click OK.
To delete a password
3. Select the ID from which you want to remove an authorized
password.
4. Enter the passwords required.
5. Select a currently authorized user, and then click Remove.
6. Repeat Step 5 to delete the password for each additional authorized
user.
7. Click OK.
ID recovery
To recover from loss of, or damage to, an ID file, recommend to your
users that they keep backup copies of their ID files in a secure place —
for example, on a disk stored in a locked area. Losing or damaging an ID
file or forgetting a password has serious consequences. Without an ID,
users cannot access servers or read messages and other data that they
encrypted with the lost ID. To prevent problems that occur when users
lose or damage ID files or forget passwords, set up Domino to recover ID
files.
Ideally, you should designate several administrators who will act as a
group to recover IDs and passwords. Although you can designate a
single administrator to manage ID recovery, you should consider having
two or more administrators work together to recover ID files.
Designating a group of administrators helps to prevent a breach of
security by one administrator who has access to all ID files. When you
designate a group of administrators, you can specify that only a subset of
them be present during the actual ID recovery. For example, if you
designate five administrators for ID recovery but require only three
administrators to unlock the ID file, any three of the five can unlock the
ID file. Designating a group of administrators and requiring only a
subset also prevents problems that occur if one administrator is
unavailable or leaves the company.

Security
Before you can recover ID files, an administrator who has access to the
certifier ID file must specify recovery information, and the ID files
themselves must be made recoverable. There are three ways to do this:
• At registration, administrators create the ID file with a certifier ID
that contains recovery information.
• Administrators export recovery information from the certifier ID file
and have the user accept it.
• (Only for servers using the server-based certification authority) Users
authenticate to their home server after an administrator has added
recovery information to the certifier.
Domino stores ID recovery information in the certifier ID file. The
information stored includes the names of administrators who are
allowed to recover IDs, the address of the mail or mail-in database where
users send an encrypted backup copy of their ID files, and the number of
administrators required to unlock an ID file. The mail or mail-in database
contains documents that store attachments of the encrypted backup ID
files. These files are encrypted using a random key and cannot be used
with Notes until they are recovered.
An encrypted backup copy of the ID file is required to recover a lost or
corrupted ID file. Recovering an ID file for which the password has been
forgotten is a bit easier. If the original ID file contains recovery
information, administrators can recover the ID file, even if an encrypted
backup ID file doesn’t exist.
You can set up ID recovery for user IDs at any time. If you do so before
you register users, ID recovery information is automatically added to
user IDs the first time that users authenticate with their home servers. If
you set up ID recovery information after you have registered Notes
users, recovery information is automatically added to the user IDs the
next time users authenticate with their home servers.
Caution If your users will be enabling Smartcards to use with their
Notes IDs, it is extremely important to set up ID recovery information for
these IDs before any Internet keys are pushed onto the Smartcard.
Otherwise, the ID file recovery process will not be able to restore those
keys. Additionally, acquiring recovery information, through any means,
makes any Internet keys that had been previously pushed to the
Smartcard unrecoverable.

How ID recovery works
For each administrator, the user’s ID file contains a recovery password
that is randomly generated and encrypted with the administrator’s
public key. The password is unique for each administrator and user. For
example, administrator Randi Bowker has a unique recovery password
for user Alan Jones, and that password is stored in Alan’s ID file.
Administrator Randi Bowker has a unique recovery password for user
Susan Salani, and that password is stored in Susan’s ID file.
To recover an ID, users and administrators do the following:
1. A user contacts each designated administrator to obtain the
administrator’s recovery password.
2. The administrator obtains the recovery password by decrypting the
recovery password stored in the user’s ID file using the
administrator’s private key.
3. The administrator then gives the recovery password to the user.
4. The user repeats Steps 1 through 3 until the minimum number of
administrators to unlock the ID file is reached.
5. After the file is unlocked, the user must enter a new password to
secure the ID file.
Tip The same ID file can be recovered again using the same recovery
passwords. However, you should urge users to refresh the recovery
information and create a new backup by re-accepting the recovery
information after they recover their ID files.
When users acquire a new public key, accept a name change, or accept or
create a document encryption key, Domino automatically sends updated
encrypted backup ID files to the centralized database.
To help prevent unauthorized users from recovering IDs without the
authorized user’s knowledge, make sure that password verification is
enabled for users and servers. If password verification is enabled, the
authorized user is aware of the change because the user cannot access
servers using the legitimate ID. When the unauthorized user recovered
the ID file, that user was forced to make a password change.
For more information about password verification, see the topic
“Verifying user passwords during authentication” in this chapter.
As an extra precaution, after recovering IDs, ask users to re-accept the
recovery information and then change the public key on their ID files.
Re-accepting recovery information changes recovery password
information in the ID file. Changing the public key changes the public
and private keys stored in the ID file.

Security
Setting up ID recovery
Before users can recover their ID files, you must set up a centralized mail
or mail-in database to store encrypted backups of ID files and specify
information about which administrators — known here as recovery
authorities — are allowed to recover IDs. You must perform these steps
before anyone loses or corrupts an ID — ideally before you begin
registering users.
1. From the Domino Administrator, click Configuration, and then click
Certification.
2. Click Edit Recovery Information.
3. In the “Choose a Certifier” dialog box, click Server and select the
registration server name from the Domino Directory (only if the
correct server name does not appear).
4. Choose the certifier for which you are creating recovery information.
• If you are using a server-based certification authority, click “Use
the CA process” and select a certifier from the drop-down list.
You must be a Certificate Authority (CA) administrator for the
certifier in order to change ID recovery information.
• If you are not using a server-based certification authority, click
“Supply certifier ID and password.” If the certifier ID path and file
name does not appear, click Certifier ID and select the certifier ID
file and enter the password.
5. Click OK. The “Edit Master Recovery Authority List” dialog box
appears.
6. Enter the number of recovery authorities that are required to recover
an ID file. It is recommended that you choose at least three.
7. Click Add and select the names of the administrators who are the
designated recovery authorities.
8. Choose whether you want to use an existing mailbox for recovery
information or create a new one.
• If you have a mail or mail-in database already set up for recovery
information, click “I want to use an existing mailbox.” Click
Address and select the database from the Domino Directory.
• If you want to create a new database to store recovery
information, click “I want to create a new mailbox.” In the “Create
New Mailbox” dialog box, enter the name of the server on which
the database is to be created, and the database title. You can use
the file name that is created from the database title, or you can
create a new one.

Note Whenever you make changes in this dialog box, the Export
button is disabled. You cannot export recovery information until you
save the new or updated information.
9. Click OK.
10. If you are using a server-based certification authority, at the server
console type:
load ca
This starts the CA process with the new recovery information, or

refreshes it if it is already running. Then type:
tell adminp process all
to process the request to add recovery information to the certifier.
11. In the mail-in database ACL, set the -Default- access to No access
and give administrators Reader access.
Note If you have created additional O-level Notes certifiers, be sure to
cross-certify them with the initial Notes certifier prior to setting up
recovery information.
Preparing IDs for recovery

After you specify recovery information in the certifier ID, when you
register users, the user IDs automatically contain recovery information.
However, if you specified recovery information after generating user
IDs, users must update their user IDs with recovery information
supplied by the administrator. Updating IDs with recovery information
automatically sends an encrypted backup of the user ID to the
centralized mail or mail-in database.
There are two ways that users can update their user IDs with recovery
information:
• (Only for servers using the server-based certification authority) Users
authenticate to their home server after an administrator has added
recovery information to the certifier. The recovery information is
automatically added to their Notes ID.
• The administrator sends recovery information to users to incorporate
into their user IDs. You must complete these steps before a user loses
or damages an ID or forgets a password.
To send recovery information to the user

The administrator completes these steps.

Security
3. In the Choose a Certifier dialog box, if the correct server name does
not appear, click Server and select the registration server name from
the Domino Directory.
• If you are using a server-based certification authority, click “Use
the CA process” and select a certifier from the drop-down list.
• If you are not using a server-based certification authority, click
“Supply certifier ID and password.” If the certifier ID path and file
name do not appear, click Certifier ID and select the certifier ID
file and enter the password.
5. Choose Export, and then enter the certifier ID’s password.
6. Complete these fields, and then click Send:
Field Enter
To Names of users and groups whose ID files you want to back up.
CC Names of users and groups to whom you want to send a copy of
the message.
Subject Information for users and groups that will appear in the Subject
field of the message. If this field is blank, Notes uses the
following text:
New ID file recovery information is attached. Please add it to
your ID file by using the Actions menu “Accept Recovery
Information” option.
Memo Information for users and groups that will appear in the Body
field of the message. Domino automatically attaches the
encrypted backup file information to the message — you do not
need to specify it in this field.
To accept recovery information in the ID file

The user completes these steps.
1. After the administrator sends the recovery information, open the
message in your mail database.
2. Choose Actions - Accept Recovery Information, and then enter your
password.

3. Complete these fields, and then click Send.
Field Enter
To Name of the mail or mail-in database that will store the backup
copy of your ID. Domino enters the name of the database
specified by your administrator.
CC Names of users and groups to whom you want to send a copy
of the message.
Subject Information for administrators that will appear in the Subject
field of the message. If this field is blank, Notes uses one of the
following messages:
• Backup of newly changed recovery information for user
name
• Backup of recent changes to ID file for user name
Memo Information for administrators that will appear in the Body
field of the message. Domino automatically attaches the backup
of the ID file to the message; you do not need to specify it in this
field.
Domino automatically sends the encrypted backup ID file to the

centralized mail or mail-in database specified by the administrator.
Note You can store multiple copies of the ID file in the centralized mail
or mail-in database. Domino creates a new document every time an ID
file is backed up. When attempting to recover an ID file, use the most
recent backup. If this fails, use the older versions.
Recovering an ID
If a user loses or damages an ID file or forgets a password, the user can
work with administrators to recover the ID file from backup.
To recover a user ID from a backup ID

The user completes these steps.
1. If you have recovery information set up for your user ID, contact
your administrator to obtain the password(s) needed to recover your
ID. The recovery password is randomly generated and unique to
each recoverable ID file and administrator.
Note If you do not have access to your user ID file, contact your
administrator, who can provide you with an encrypted backup of
your user ID. Once you have the backup user ID, continue with the
following steps.
2. When you first log in to Notes and the Password dialog box appears,
do not enter your password. Just click OK.
3. Click “Recover Password” in the “Wrong password” dialog box.

Security
4. Select the user ID file to recover in the “Choose ID File to Recover”
dialog box.
5. Enter the password(s) given to you by your administrator(s) in the
“Enter Passwords” dialog box, and repeat until you have entered all
of the passwords, and you are prompted to enter a new password for
your user ID.
6. Enter a new password for your user ID, and confirm the password
when prompted. Note that if you do not enter a new password, you
will need to recover your user ID again.
7. Replace all backups and copies of your user ID file with the newly
recovered user ID file.
To obtain the ID file recovery password

For security reasons, the administrators must complete these steps from
their own workstations, rather than from the same workstation. Using
separate workstations prevents an unauthorized user from using a
program to capture the keystrokes that the administrators enter on the
same workstation. If an unauthorized user obtains an administrator’s ID
file and password, the unauthorized user can obtain the administrator’s
recovery password for all ID files. Therefore, you must protect the
administrator’s ID file and require that multiple administrators work
together to recover any given user ID file.
1. Detach the encrypted backup of the user’s ID file from the mail or
mail-in database to the local hard drive.
2. If the user’s ID file is damaged, send a copy of the ID file from the
centralized mail or mail-in database to the user.
choose Certification - Extract Recovery Password.
4. Enter the password to the administrator’s ID file.
5. Specify the ID file you want to recover. This is the same ID you
detached in Step 1.
6. Give the user the recovery password that is displayed.
Changing administrator information for ID recovery

If an administrator leaves an organization or changes job responsibilities
within an organization, you need to update the administration recovery
information used to recover user ID files and then send the new
information to users to add to their ID files.

To add or delete administrators
An administrator with access to the certifier ID completes these steps.
3. In the Choose a Certifier dialog box, if the correct server name does
not appear, click Server and select the registration server name from
• If you are using a server-based CA, click “Use the CA process”
and select a certifier from the drop-down list.
• If you are not using a server-based CA, click “Supply certifier ID
and password.” If the certifier ID path and file name does not
appear, click Certifier ID and select the certifier ID file and enter
the password.
5. Do one:
• To delete an administrator, highlight the administrator’s name,
and then click Remove.
• To add new administrators, click Add and then select the names
of administrators who are authorized to recover ID files.
6. (Optional) Change the number of administrators required to unlock
an ID.
7. When you finish adding or deleting names, click OK.
8. Prepare IDs for recovery.
Public key security

Every Notes user ID and Domino server ID has a unique public key for
the Notes certificate. The public key is stored in an ID file and in the
Person or Server document for that ID in the Domino Directory. Notes
and Domino use the public key to authenticate users and servers, verify
digital signatures, and encrypt messages and databases.
A Notes user ID can also have a unique public key for an Internet
certificate.
For information on encrypting and electronically signing mail messages,
see the chapter “Encryption and Electronic Signatures.” For information
on Internet certificates, see the chapter “Setting Up Clients for S/MIME
and SSL.”

Security
Issuing new public keys for a Notes certificate
If you suspect that an ID has been compromised because it was lost,
stolen, or copied without permission, you can create a new public key for
the ID. Creating a new public key allows you to maintain other parts of
the ID — for example, the encryption keys — rather than create an
entirely new ID.
Notes users can create a new public key for the Notes certificate. The
new public key must be certified before it can be used by Notes.
After certifying a new public key, you should set up servers to verify
public keys. Public key verification involves matching the public key
stored in the Domino Directory with the public key on the ID. Verifying
public keys prevents an unauthorized user from using the ID with the
original public key to access the server.
For information on verifying public keys, see the topic “Creating a new
Notes public key and adding it to the Domino Directory” later in this
chapter.
Adding an existing Notes public key

When you register a user or server, Domino automatically adds the
Notes public keys to the corresponding Person or Server document.
However, you may need to manually add a user or server ID’s public key
in these situations:
• A user wants to send encrypted mail to a Notes user in another
domain. To send Notes encrypted mail, Domino must be able to
access the recipient’s Notes public key in the Personal Address Book,
Domino Directory, or LDAP directory. If the recipient is in another
domain and the Domino Directory or LDAP directory for that
domain is not accessible by directory assistance, then Domino can’t
access the recipient’s public key for encryption. The sender must
obtain the recipient’s public key and add it to the Personal Address
Book or a Domino Directory that is set up with directory assistance.
An administrator might also want to set up directory assistance for
the Domino Directory or LDAP directory so users can encrypt
messages to all users in the directories.
For information on setting up directory assistance, see the chapter
“Setting Up Directory Assistance.”
• A user or server ID’s public key in the Domino Directory becomes
corrupted or is accidentally deleted, and the administrator needs to
replace it.
For more information, see the topic “Adding a Notes public key to
the Domino Directory” later in this chapter.

Creating a new Notes public key and adding it to the Domino
Directory
Creating and certifying a new public key requires the following
procedures, which are described below:
• The user creates the new public key and submits it for certification.
• The certification administrator certifies the user’s public key with a
Notes certificate and adds it to the Domino Directory.
• The user merges the new certificate into the user’s ID file.
To create a new Notes public key
The ID owner performs these steps.
1. Choose File - Security - User Security.
2. Type the password (if required).
3. Click Your Identity - Your Certificates, and click Other Actions.
Choose “Create New Public Keys.”
4. In the New Public Keys Confirmation dialog box, click Continue to
use Notes mail to send your request for adopting new public keys.
Note If you want to create a new public key without using Notes
mail, click Export ID to create a safe copy of your ID file, and then
click “Do not continue.” Use another e-mail program to send the
exported file to the administrator.
5. In the Mail New Public Key Request dialog box, address the request
to one of the following:
• The certification administrator for the certifier.
• The certifier — for example /East/Acme. Domino mails the
request to the person indicated in the Administration section of
the corresponding Certifier document in the Certificates view of
6. Click Send.
To recertify the ID with a Notes certificate and add the Notes public
key to the Domino Directory
The certification administrator performs these steps.
1. Open the certification request in your mail file.
2. Choose Actions - Certify Attached ID File.
3. Select whether to use a server-based certification authority or the
certifier ID, and click OK.
4. If you chose to use the certifier ID, enter the password for the ID, and
click OK.

Security
5. (Optional) Change the expiration date for the certificate.
6. (Optional) Click Add to specify alternate user name information.
7. (Optional) Specify a minimum password length.
8. Click Certify. The ID owner’s name appears in the To field and
explanatory text appears in the Subject field of the Mail Certified ID
dialog box.
9. Click Send.
To merge the new Notes certificate with the ID

The ID owner performs these steps.
2. Click Your Identity - Your Certificates.
3. Click Get Certificates, and then click Import (Merge) Notes
Certificates.
4. Select the recertified ID sent to you by the certification administrator,
and then click OK.
To verify a Notes public key

Verifying Notes public keys against those in the Domino Directory helps
prevent an unauthorized user or server from accessing another server.
Server document for the server.
2. Click Security.
3. In the Security Settings section, select Yes in the “Compare Notes
public keys against those stored in Directory” field.
5. Restart the server so that the changes take effect.
Adding a Notes public key to the Domino Directory

You can copy a Notes public key to a file or mail it to a user or
administrator who pastes the public key into a Personal Address Book or
a Domino Directory that users can access. This lets users encrypt mail
sent to a user in another organization or replace a missing or corrupted
key in the Domino Directory.
To mail a public key

2. Select the ID and enter the password.
3. Click Your Identity - Your Certificates - Other Actions. Choose “Mail,
Copy Certificate (Public Key).”

4. In the Mail, Copy Certificate (Public Key) dialog box, click Mail
Certificate.
5. Address the request to the person who will paste the key into a
Domino Directory or Personal Address Book.
6. (Optional) Next to CC, type the name of any other people you want
to notify of the request.
7. (Optional) Click Sign to prove you are the sender of the ID.
8. (Optional) Click Encrypt to protect the message as it is being sent to
the recipient.
9. Click Send.
To copy a public key to a file

2. Select the ID and enter the password.
3. Click Your Identity - Your Certificates - Other Actions. Choose
“Publish (Mail, Copy) Certificate.”
4. In the Publish (Mail, Copy) Certificate dialog box, click Copy
Certificate and click OK to copy the key to the clipboard.
5. Save the contents of the clipboard to a file.
6. Deliver the file by hand or postal service to someone to paste into a
Domino Directory or Personal Address Book.
To paste the public key into a Personal Address Book

1. In your Personal Address Book, create a Contact document for the
owner of the public key.
2. Click the Advanced tab, and then use the clipboard viewer to open
the file or mail message that contains the public key.
3. Copy the public key from the clipboard and paste it into the
“Certified public key” field of the Contact document.
To paste the public key into a Domino Directory

1. From the Domino Administrator, do one of the following:
a. Click the People & Groups tab and edit the Person document.
b. Click the Configuration tab and edit the Server document.
2. Click Certificates - Flat Name Key in the Person document, or click
Administration in the Server document.
3. Use the clipboard viewer to open the file or mail message that
contains the public key.

Security
4. Copy the public key from the clipboard, and paste it into one of the
following fields:
• Certified public key field (hierarchical Domino certificates)
• (Person documents only) Flat name key (non-hierarchical Domino
certificates)
Note You cannot paste Internet certificates into Person or Server
documents.
5. Save the Person or Server document.
Using cross-certificates to access servers and send secure S/MIME

messages
Domino uses two types of cross-certificates: Notes and Internet. Notes
cross-certificates allow users in different hierarchically-certified
organizations to access servers and to receive signed mail messages.
Internet cross-certificates allow users to receive signed mail messages
and send encrypted mail messages.
Notes cross-certificates
To allow users and servers from the different hierarchically-certified
organizations to access servers in the other organization, and to verify
the digital signature of a user from another organization, you use
cross-certificates. Domino servers store cross-certificates in the Domino
Directory. To access Domino servers, Notes clients obtain
cross-certificates for those servers and store them in their Personal
Address Books. These cross-certificates can be used only by the user to
whom they are issued.
For example, if Alan Jones/Sales/East/Acme wants to access the
Support/Seascape server, he needs a cross-certificate from /Seascape,
and the Support/Seascape server needs a cross-certificate for
/Sales/East/Acme. When Alan tries to authenticate with the
Support/Seascape server, it checks for the cross-certificate in Alan’s
Personal Address Book. If Support/Seascape finds a valid
cross-certificate, the server then checks whether Alan is allowed to access
the server.
Cross-certification can occur at various levels of an organization. For
example, to allow every user within one organization to authenticate
with every server in another, each user has a cross-certificate for the
other’s organization certifier in the Personal Address Book. Servers in
each organization have a cross-certificate for the other’s organization
certifier in the Domino Directory. Cross-certification can also occur at the

level of an individual user or server ID. For example, to allow a single
user to authenticate with any server in another organizational unit or
verify a digital signature from a user in that organizational unit, the user
ID needs a cross-certificate for the organizational unit certifier in the
other company, and that organizational unit certifier needs a
cross-certificate for the user ID.
Two-way cross-certification does not need to be symmetric. For example,
one organization can have a cross-certificate for an organizational unit
certifier and another organization can have a cross-certificate for an
organization certifier.
If you have cross-certificates for an organization or organizational unit
certifier, set up server access restrictions to prevent the other
organization from accessing specific servers that store confidential
information. To allow your organization to access servers in another
organization but prevent that organization from accessing your servers,
exchange cross-certificates as required, but then set up server access lists
on all servers to prevent access by the other organization.
Internet cross-certificates
An Internet cross-certificate is a certificate that validates the identity of a
user or server. An Internet cross-certificate ensures the recipient of an
encrypted S/MIME message that the sender’s certificate can be trusted
and that the certificate used to sign an S/MIME message is valid. It also
validates the identity of a server when a Notes client uses SSL to access
an Internet server.
An Internet cross-certificate is stored in a Certificate document in the
user’s Personal Address Book and can be used only by the user to whom
it is issued. An Internet cross-certificate can be issued for a leaf certificate
— that is, a certificate issued to a user or server by a CA — or the CA
itself. Creating a cross-certificate for a leaf certificate indicates trust for
only the owner of the certificate — for example, the sender of the signed
message or recipient of an encrypted message. A cross-certificate for a
CA indicates trust for all owners who have a certificate issued by that
CA. If you cross-certify a CA, you trust the CA to issue certificates to
users and servers lower in the hierarchical name tree. For example, after
cross-certifying Sales/ABC, you trust Sales/ABC to issue a certificate to
Fred/Sales/ABC. Alternatively, after creating a cross-certificate for
Fred/Sales/ABC, you trust only Fred/Sales/ABC.

Security
Adding cross-certificates to the Domino Directory or Personal Address
Book
You can use several methods to obtain a Notes or Internet
cross-certificate.
See the topic “Examples of cross-certification” later in this chapter.
Accessing a server
If a user attempts to access a server in a foreign domain, and the user
does not already have a certificate in common with the domain, a dialog
box gives the recipient the option to add the cross-certificate “on
demand.” Users can add a Notes cross-certificate this way. This is
usually the quickest and easiest way for a user to obtain a
cross-certificate.
For more information, see the topic “Adding a Domino or Internet
cross-certificate on demand” in this chapter.
Receiving a signed mail message

If a user receives a signed mail message from a user in a foreign domain
and the recipient does not already have a certificate in common with the
domain, the “on demand” cross-certificate dialog box appears. Users can
add both Notes and Internet cross-certificates this way.
For more information, see the topic “Adding a Domino or Internet
cross-certificate on demand” in this chapter.
Adding a cross-certificate from the Domino Directory

Users can retrieve Internet certificates and Notes and Internet
cross-certificates from the Domino Directory on their home/mail server,
and add them to their Personal Address Books. Domino administrators
can use any method to add the Internet certificates and Notes and
Internet cross-certificates to the Domino Directory; however, the
cross-certificates must be issued by a common ancestor before Notes
copies the cross-certificates to the user’s Personal Address Book.
By Notes mail or postal service

Users can add a cross-certificate by sending a safe copy of the certificate
through Notes mail or the postal service. Users can use this method to
add a Notes cross-certificate only.
For more information, see the topics “Adding a Notes cross-certificate for
IDs by Notes mail” and “Adding a Notes cross-certificate for IDs by
postal service” in this chapter.

From an Internet server
Users can obtain an Internet cross-certificate through the User Security
panel (File - Security - User Security). Users would choose Identity of
Others - People, Services, and click “Retrieve Internet Service
Certificate.” A dialog box allows the user to specify an Internet server
from which to obtain a certificate to cross-certify. This method can be the
quickest way to obtain an Internet cross-certificate.
For more information on obtaining Internet cross-certificates for a Notes
client, see Lotus Notes 6 Help.
By phone
Users can add a cross-certificate by providing the name and public key of
the certificate by phone. Users can use this method to add a Notes
certificate only.
For more information, see the topic “Adding a Notes cross-certificate by
phone” later in this chapter.
In the Person document

Users can cross-certify a certificate stored in a Person document in the
Domino Directory using Actions - Create Cross Certificate. Users can add
both Internet and Notes cross-certificates this way.
For more information, see the topic “Creating a cross-certificate from a
user’s Person document” later in this chapter.
From a trusted root certificate

Users can create an Internet cross-certificate from a trusted root
certificate if you have a trusted root certificate in the Personal Address
Book or Domino Directory. Notes and Domino provide in the Personal
Address Book and Domino Directory many default trusted root
certificates for third-party CAs. To indicate trust for these CAs, create a
cross-certificate using the trusted root. You can also add a trusted root
certificate for other CAs that are not included by default and create
cross-certificates for them.
For more information, see the chapter “Setting Up Clients for S/MIME
and SSL.”

Security
Examples of cross-certification
To authenticate with all servers in another organization
This example describes what the Acme company and the ABC company
do to allow all users and servers in both organizations to authenticate.
1. The Acme organization certifier (/Acme) obtains a cross-certificate
for the ABC organization certifier (/ABC) and stores it in Acme’s
Domino Directory.
2. The ABC organization certifier (/ABC) obtains a cross-certificate for
the Acme organization certifier (/Acme) and stores it in ABC’s
Domino Directory.
To authenticate with a specific server in another organization

The Acme company wants to let Seascape users who have the
hierarchical certification AppDevelopment/Seascape to access their
customer support server, CSSUPPORT/East/Acme.
1. The Acme organizational unit certifier (/East/Acme) has a
cross-certificate for the Seascape organizational unit certifier
(/AppDevelopment/Seascape) and stores it in Acme’s Domino
Directory.
2. The Seascape organizational unit certifier
(/AppDevelopment/Seascape) has a cross-certificate for the Acme
organizational unit certifier (/East/Acme) and stores it in Seascape’s
Domino Directory.
This cross-certification enables Kelly Jones/AppDevelopment/Seascape
and Jonathan Moutal/AppDevelopment/Seascape to authenticate with
the server CSSUPPORT/East/Acme. However, it does not allow these
users to authenticate with the Acme server Mail-W/West/Acme.
To send signed S/MIME messages

Alan Jones has an Internet certificate issued from the Acme CA, and
Dave Lawson has an Internet certificate issued from the ABC CA. If Alan
wants to send Dave an encrypted S/MIME message and Dave wants to
send Alan an encrypted S/MIME message:
1. Alan has a trusted cross-certificate for ABC and stores it in his
Personal Address Book.
2. Dave has a trusted cross-certificate for Acme and stores it in his
Both Dave and Alan can now also send encrypted S/MIME messages to
each other.

Adding a Notes or Internet cross-certificate on demand
When users access a server or receive a signed message, they can accept a
Notes or Internet cross-certificate from another organization. Domino adds
the cross-certificate to the user’s Personal Address Book. Then the next
time the user tries to access the server, the user can authenticate the server
with that cross certificate. Similarly, the user can use the cross certificate to
verify signed messages from the organization that was cross certified.
Note You cannot add an Internet cross-certificate on demand if a users’
Internet certificate already exists in an LDAP directory.
To add a cross-certificate on demand

1. Using a Notes workstation, attempt to access a server in an
organization with which you are not cross-certified or open a signed
message whose signature you do not trust.
2. If you attempted to access a server, when Domino displays this
message, select Advanced Options:
Your local Domino Directory does not contain a cross-certificate
for this organization.
Would you like to suppress this warning in the future by creating
a cross-certificate for this organization in your Name and Address
Book?
3. To avoid the possibility of cross-certifying an impostor, call someone
trustworthy from the named organization and ask the person to tell
you the organization’s public key. Compare it to the key displayed in
the Advanced Options dialog box.
4. Complete these fields:
Field Enter
Certifier File name of a user, server, or certifier ID. Specify a server or
certifier ID when creating a cross-certificate for a server. The ID
specified indicates who can use the cross-certificate.
Server Location of the Personal Address Book or Domino Directory
where you want to copy the cross-certificate. Add the
cross-certificate to the Personal Address Book for Notes clients.
Subject Organization or organizational unit certifier that you want to
name cross-certify — for example, /Acme. You can also create a
cross-certificate for the owner of the certificate.
Subject An alternate name that identifies the subject. Alternate names
alternate allow you to assign more than one name to an ID, which is
name list recognizable in a user’s native language.
Expiration Date when the cross-certificate will expire.
date

Security
5. Click Cross Certify. Domino places the cross-certificate in the Server -
Certificates view of the Domino Directory of the server you specified
in Step 4 or in the Advanced/Certificates view of the Personal
Address Book.
Adding a Notes cross-certificate by phone

Two organizations can add a Notes cross-certificate to user, server, and
certifier IDs by providing the name and public key of the IDs to be
cross-certified over the phone. For cross-certification to work, these steps
must be carried out twice, with each organization alternately requesting
cross-certification.
You cannot use this procedure to create an Internet cross-certificate.
To request a cross-certificate for a user, server, or certifier ID

Use these steps to add a cross-certificate for a user or server or for an
organization or organizational unit when you have access to the user,
server, or certifier ID.
1. From the Domino Administrator, click the Configuration tab.
2. Click Certification - ID Properties.
3. Select the user, server, or certifier ID file, and click Open.
5. Click Security Basics. Write down the name exactly as it appears in
the Name field, including any forward slashes (/) — for example,
Alan Jones/Sales/East/Acme, Mail-E/East/Acme, or /Acme.
6. Click Your Identity - Your Certificates. Write down the Key Identifier
information exactly as it appears, including spaces.
7. Call the organization that will add the cross-certificate, and provide
the name and key exactly as you recorded them.
To request a cross-certificate for an ancestral certifier of an ID

Use these steps to add a cross-certificate for an organization or
organizational unit when you have access to the user or server ID.
2. Click Certification - ID Properties.
3. Select the user, server, or certifier ID file, and click Open.
5. Click Your Identity - Your Certificates and in the Certificates list,
select the certificate for the certifier you want to cross-certify. Click
Advanced Details.

6. Look at the “Certificate Issued To” field to verify that you selected
the correct certificate. Write down the name exactly as it appears,
including any forward slashes (/) — for example, /Acme.
7. Look at the “Issuer Key Identifier” field and write down the public
key exactly as it appears, including spaces.
8. Call the organization that will add the cross-certificate, and provide
the name and public key exactly as you recorded them.
To add a cross-certificate to a Domino Directory or Personal

Address Book
After someone from another organization provides the name and public
key over the phone, use these steps to add a cross-certificate for the ID.
2. Choose Certification, and then choose Cross Certify Key.
3. Select whether to use a CA-enabled certifier or use the Certifier ID,
and click OK.
click OK.
5. In the “Subject name” field, type the full hierarchical name for the ID
you are cross-certifying exactly as provided over the phone,
including any forward slashes (/).
6. Type the public key for the ID you are cross-certifying exactly as it
was provided over the phone, including spaces.
7. (Optional) Change the expiration date for the certificate. The default
is 10 years.
8. (Optional) Click Certifier to select a different certifier to issue the
cross-certificate.
9. (Optional) Click Server and select a different registration server
whose Domino Directory will store the cross-certificate. To store the
cross-certificate in a user’s Personal Address Book, choose Local as
the server. Then click OK.
Certificates view of the Domino Directory of the selected registration
server.
Adding a Notes cross-certificate for IDs by postal service

Organizations that cannot communicate through Notes mail can use
these steps to add a Notes cross-certificate for user, server, and certifier
IDs. For cross-certification to work, these steps must be carried out twice,
with each organization alternately requesting cross-certification.

Security
To create a safe copy of an ID

Use these steps to create a safe copy of the user, server, or certifier ID
that you want to cross-certify.
2. Choose Certification and then choose ID Properties.
3. Select the user, server, or certifier ID file, and then click Open.
4. Type the password (if required). The ID Properties dialog box
appears.
5. Click Your Identity - Your Certificates - Other Actions, and then
select Export Notes ID (Safe Copy).
6. Enter a path and name for the safe copy, and then click OK. The
default name is SAFE.ID.
7. Copy the file to a disk.
8. Use the postal service to send the disk to the certification
administrator at the other organization.
To add a cross-certificate for the safe copy

Use these steps to add the cross-certificate to the Domino Directory.
2. Click Certification, and then click Cross Certify.
3. Select whether to use a CA-enabled certifier or use the certifier ID,
and click OK.
click OK.
5. Select the safe copy of the ID to be cross-certified, and then click OK.
6. Complete one or more of these fields:
Field Enter
Certifier Name of your organization’s certifier ID
Server Location of the Domino Directory where you want to
copy the cross-certificate
Subject name Organization or organizational unit certifier to be
cross-certified — for example, /Acme
Subject alternate An alternate name that identifies the certifier ID. Alternate
name list names allow you to assign more than one name to an ID,
which is recognizable in a user’s native language.
Expiration date Date when the cross-certificate will expire

in Step 6.
Adding a Notes cross-certificate for IDs by Notes mail

If you can route mail to the organization that will cross-certify a user,
server, or certifier ID, you can use Notes mail to add a Notes
cross-certificate. For cross-certification to work, these steps must be
carried out twice, with each organization alternately requesting
cross-certification.
To send an ID for cross-certification

1. Choose File - Security - User Security, select the ID, and enter the
password.
2. Click Your Identity - Your Certificates, and then click Other Actions,
and then select Mail, Copy Certificate (Public Key).
3. Select the user, server, or certifier ID you want to have
cross-certified, and then click OK.
4. Enter the password (if required).
5. Address the cross-certification request to the certification
administrator at the other organization, and then click Send.
To cross-certify the ID
1. Open the cross-certification request in your mail file.
2. Choose Actions - Cross Certify Attached ID File.
3. Select the certifier that will issue the cross-certificate. If you choose a
non-CA enabled certifier, enter the password for that certifier ID,
and then click OK.
4. Complete one or more of these fields:
Field Enter
Subject name Organization or organizational unit certifier to be
cross-certified — for example, /Acme
Subject alternate An alternate name for the subject of the certificate.
name list Alternate names allow you to assign names that are
recognizable in a user’s native language to an ID file.
Expiration date Date when the cross-certificate will expire
Certifier File name of your organization’s certifier ID
Server Location of the Domino Directory where you want to
copy the cross-certificate

Security
in Step 5.
Creating a cross-certificate from a user’s Person document

You can create a Notes and/or Internet cross-certificate from a certificate
stored in a user’s Person document.
1. Do one of the following:
• From the Domino Administrator, click People & Groups, and open
the Person document for the user you are cross-certifying.
• From the Domino Administrator, click Configuration -
Certificates, and open the certifier document for which you want
• In the Personal Address Book, open the Contact document for the
user you are cross-certifying.
2. Choose Actions - Create Cross Certificate.
3. Choose the certificate to cross-certify.
4. Complete these fields and then click Cross Certify:
Field Enter
Certifier File name of a user, server, or certifier ID. Specify a
server or certifier ID when creating a cross-certificate
for a server. The ID specified indicates who can use the
cross-certificate.
Server Location of the Personal Address Book or Domino
Directory where you want to copy the cross-certificate.
Add the cross-certificate to the Personal Address Book
for Notes clients.
Subject name Organization or organizational unit certifier that you
want to cross-certify — for example, /Acme. You can
also create a cross-certificate for the owner of the
certificate.
Expiration date Date when the cross-certificate will expire.
5. Repeat Steps 3 and 4 for every user for whom you want to create
cross-certificates.

Creating a cross-certificate from a certifier document
You can create a Notes and/or Internet cross-certificate from a certificate
stored in the Domino Directory.
1. From the Domino Administrator, click Configuration - Certificates,
and open the certifier document for which you want to create a cross
certificate.
2. Choose Actions - Create Cross Certificate.
3. In the Issue Cross Certificate dialog box, complete these fields and
then click Cross Certify:
Field Enter
Certifier File name of a user, server, or certifier ID. Specify a
server or certifier ID when creating a cross-certificate for
a server. The ID specified indicates who can use the
cross-certificate.
Server Location of the Personal Address Book or Domino
Directory where you want to copy the cross-certificate.
Add the cross-certificate to the Personal Address Book
for Notes clients.
Subject name Organization or organizational unit certifier that you
want to cross-certify — for example, /Acme. You can
also create a cross-certificate for the owner of the
certificate.
Expiration date Date when the cross-certificate will expire.
4. Repeat Steps 2 and 3 for every certifier for which you want to create
cross-certificates.
Displaying cross-certificates
To view cross-certificates, from the Domino Administrator, click the
Configuration tab and choose the Certificates/Certificates view. The
view lists certificates according to type:
• Internet certifiers
• Notes certifiers
• Notes cross-certificates
• Internet cross-certificates
Certificates whose type cannot be determined are listed as Unknown.

Security
Chapter 40
Controlling User Access to Domino Databases
To control the access that users and servers have to a database, you can
customize the database access control list (ACL) and specify other
security settings.
The database access control list

Every database has an access control list (ACL) that specifies the level of
access that users and servers have to that database. Although the names
of access levels are the same for users and servers, those assigned to
users determine the tasks that they can perform in a database, while
those assigned to servers determine what information within the
database the servers can replicate. Only someone with Manager access
can create or modify the ACL.
To control the access rights of Notes users, select the access level, user
type, and access level privileges for each user or group in a database.
You can set default entries in the ACL when you create the database. You
may also assign roles if the database designer determines this level of
access refinement is needed by the application. Work with the designer
and user representatives of the application to plan the correct access level
before you put a database into production.
For each user name, server name, or group name in an ACL, you can
specify:
• An access level
• Access level privileges
• A user type
• Roles
Caution Domino administrators with full access administration rights,
as well as users who are allowed to run agents with unrestricted access,
can access databases without being explicitly listed in the database ACLs.
For more information on full access administration rights and running
agents with unrestricted access, see the chapter “Controlling Access to
Domino Servers.”
40-1
Note The database ACL should not be confused with other types of
ACLs used by Domino administrators. One such ACL is the extended
ACL, which is used only in the Domino Directory and the Extended
Directory Catalog to restrict access to specific documents and fields
within those databases. You must enable extended access to use this
feature. The other type of access control list is the .ACL file, which is
used by administrators to restrict user access to server directories.
Default ACL entries

A new database, by default, contains these entries in the ACL:
• -Default-
• Anonymous
• Database creator user name
• LocalDomainServers
• OtherDomainServers
Of the default ACL entries, Anonymous and the database creator’s user
name are the only entries that are defined as a Person in the ACL.
Anonymous and -Default- are the only entries that are specific to a
database, and not related to an entry in the Domino Directory. For
example, LocalDomainServers is created automatically in the Domino
Directory, and added to the ACL when a database is created.
Anonymous is created as an ACL entry only when the database is
created.
-Default-
Users and servers receive the access assigned to the -Default- entry if
they have not specifically been assigned another access level, either
individually or as a member of a group, or from a wildcard entry. In
addition, if the database ACL does not contain an entry for Anonymous,
then users accessing the database anonymously get the -Default- level of
access. The default access for -Default- depends on the design of the
database template and varies among the different templates.

Security
The access level you assign to the -Default- entry depends on how secure
you want the database to be. Select No Access if you want a database
available to a limited number of users. Select Author or Reader access to
make a database available for general use. The -Default- entry should
have a user type of “Unspecified”.
You cannot delete the -Default- entry from an ACL.
Anonymous
Anonymous database access is given to Internet users and to Notes users
who have not authenticated with the server.
The default ACL entry for Anonymous for all database templates (.NTF
files) has an access level of Reader, so that users or servers can
successfully read from the template when creating or refreshing .NSF
files based on that template.
The default ACL entry for Anonymous for database (.NSF files) files is
No Access.
For more information about Anonymous access, see the topic
“Acceptable entries in the ACL” later in this chapter.
Database creator user name

The database creator user name is the hierarchical user name of the
person who created the database. The default access for the user who
creates the database is Manager. Typically, this person retains Manager
access or is granted Designer access to the database.
LocalDomainServers
The LocalDomainServers group lists the servers in the same domain as
the server on which the database is stored, and is provided by default
with every Domino Directory. When you create a new database, the
default access for LocalDomainServers is Manager. The group should
have at least Designer access to allow replication of database design
changes across the domain. The LocalDomainServers group is typically
given higher access than the OtherDomainServers group.
OtherDomainServers
The OtherDomainServers group lists the servers outside the domain of
the server on which the database is stored, and is provided by default
with every Domino Directory. When you create a new database, the
default access for OtherDomainServers is No Access.
Controlling User Access to Domino Databases 40-3

Acceptable entries in the ACL
Acceptable entries in the ACL include:
• Wildcard entries
• User, server, and group names (including user and group names of
Internet clients)
• Alternate names
• LDAP users
• Anonymous, used for anonymous Internet user access and
anonymous Notes user access
• Database replica IDs
Each ACL entry can have a maximum of 255 characters.
Add names to the ACL in hierarchical format for better security. For
example:
Sandra E Smith/West/Acme/US
Randi Bowker/Sales/FactoryCo
For more information about creating hierarchical name schemes, see the
chapter “Installing and Setting Up Domino Servers.”
Types of ACL entries

Wildcard entries
To allow general access to a database, you can enter hierarchical names
with a wildcard character (*) in the ACL. You can use wildcards in the
common name and organizational unit components.
Users and/or servers who do not already have a specific user or group
name entry in the ACL, and whose hierarchical names include the
components that contain a wildcard, are given the highest level of access
specified by every one of the wildcard entries that match.
Here is an ACL entry in wildcard format:
*/Illustration/Production/Acme/US
This entry grants the chosen access level to:
Mary Tsen/Illustration/Production/Acme/US
Michael Bowling/Illustration/Production/Acme/US
This entry does not grant the chosen access level to:
Sandy Braun/Documentation/Production/Acme/US
Alan Nelson/Acme/US

Security
You can use a wildcard only at the leftmost portion of the ACL entry. For
example, you can’t use the entry:
*/Illustration/*/Acme/US
to represent these entries:
Michael Bowling/Illustration/West/Acme/US
Karen Richards/Illustration/East/Acme/US
When you use a wildcard ACL entry, set the user type as Unspecified,
Mixed Group, or Person Group.
User names
You can add to an ACL the names of any individuals with certified Notes
user IDs or Internet users who authenticate using name-and-password or
SSL client authentication.
• For Notes users, enter the full hierarchical name for each user; for
example, John Smith/Sales/Acme, regardless of whether the user is
in the same hierarchical organization as the server that stores the
database.
• For Internet users, enter the name that appears as the first entry in
the User name field of the Person document.
Note Many alias names can be entered in the user name field and
used for authentication; however, it is the first name in the list that is
used to perform the security authorization check. This is the name
that should be used on all Domino database ACLs, in the security
settings on the Server document, and in .ACL files.
For more information about setting a maximum level of access for
Internet users, see the topic “Maximum Internet name-and-password
access” later in this chapter.
Server names
You can add server names to an ACL to control the changes a database
receives from a database replica. To ensure tighter security, use the full
hierarchical name of the server — for example, Server1/Sales/Acme —
regardless of whether the name of the server being added is in a different
hierarchical organization than that of the server that stores the database.
Group names
You add a group name — for example, Training — to the ACL to
represent multiple users or servers that require the same access. Users
must be listed in groups with a primary hierarchical name or an alternate
name. Groups can also have wildcard entries as members. Before you can
use a group name in an ACL, you must create the group in the Domino
Directory or in either a secondary Domino Directory or an external

LDAP Directory that has been configured for group authorization in the
Directory Assistance database.
Tip Use individual names rather than group names for the managers of
a database. Then when users choose Create - Other - Memo to Database
Manager, they’ll know whom they are addressing.
Groups provide a convenient way to administer a database ACL. Using a
group in the ACL offers the following advantages:
• Instead of adding a long list of individual names to an ACL, you can
add one group name. If a group is listed in more than one ACL,
modify the group document in the Domino Directory or the LDAP
Directory, rather than add and delete individual names in multiple
databases.
• If you need to change the access level for several users or servers,
you can do so once for the entire group.
• Use group names to reflect the responsibilities of group members or
the organization of a department or company.
Tip You can also use groups to let certain users control access to the
database without giving them Manager or Designer access. For example,
you can create groups in the Domino Directory for each level of database
access needed, add the groups to the ACL, and allow specific users to
own the groups. These users can then modify the groups, but they can’t
modify the database design.
Terminations group
When employees leave an organization, you should remove their names
from all groups in the Domino Directory and add them to a Deny List
Only group used to deny access to servers. The Deny Access list in the
Server document contains the names of Notes users and groups who no
longer have access to Domino servers. You should also make sure that
the names of terminated employees are removed from the ACLs of all
databases in your organization. When you delete a person from the
Domino Directory, you have the option to “Add deleted user to deny
access group,” if such a group has been created. (If no such group exists,
the dialog box displays “No Deny Access group selected or available.”)
For more information on Deny List Only groups, see the chapter “Setting
Up and Managing Groups.”
For more information on the Deny Access list, see the chapter
“Controlling Access to Domino Servers.”

Security
Alternate names
An alternate name is an optional alias name that an administrator assigns
to a registered Notes user. You can add alternate names to an ACL. An
alternate name provides the same level of security as the user’s primary
hierarchical name. For a user whose primary name is Sandra
Brown/West/Sales/Acme, an example of an alternate name format
would be Sandy Smith/ANWest/ANSales/ANAcme, where AN is an
alternate name.
For more information about alternate names, see the chapter “Setting Up
and Managing Notes Users.”
LDAP users
You can use a secondary LDAP directory to authenticate Internet users.
You can then add the names of these Internet users to database ACLs to
control user access to databases.
You can also create groups in the secondary LDAP directory that include
the Internet user names and then add the groups as entries in Notes
database ACLs. For example, an Internet user may try to access a database
on a Domino Web server. If the Web server authenticates the user, and if
the ACL contains a group named “Web,” the server can look up the
Internet user’s name in the group “Web” located in the foreign LDAP
directory, in addition to searching for the entry in the primary Domino
Directory. Note that for this scenario to work, the Directory Assistance
database on the Web server must include an LDAP Directory Assistance
document for the LDAP directory with the Group Expansion option
enabled. You can also use this feature to look up the names of Notes users
stored in foreign LDAP directory groups for database ACL checking.
When you add the name of an LDAP directory user or group to a
database ACL, use the LDAP format for the name, but use a forward
slash (/), rather than a comma (,), as a delimiter. For example, if the
name of a user in the LDAP directory is:
uid=Sandra Smith,o=Acme,c=US
enter the following in the database ACL:
uid=Sandra Smith/o=Acme/c=US
To enter the name of a nonhierarchical LDAP directory group in an ACL,
enter only the attribute value, not the attribute name. For example, if the
nonhierarchical name of the LDAP group is:
cn=managers
in the ACL enter only:
managers

To enter the name of a hierarchical group name, include LDAP attribute
names in ACL entries. For example, if the hierarchical name of the group
is:
cn=managers,o=acme
in the ACL enter:
cn=managers/o=acme
Note that if the attribute names you specify exactly correspond to those
used in Notes — cn, ou, o, c — the ACL won’t display the attributes.
For example, if you enter this name in an ACL:
cn=Sandra Smith/ou=West/o=Acme/c=US
because the attributes exactly correspond to those used by Notes, the
name appears in the ACL as:
Sandra Smith/West/Acme/US
Acceptable ACL entries for LDAP users

LDAP DN ACL entry
cn=Scott Davidson+ id=1234, ou= cn=Scott Davidson+id=1234/ou=Sales/o=
Sales,o=Acme Acme
cn=Scott Davidson,o=Acme\, Inc cn=Scott Davidson/o=Acme, Inc
Note If the LDAP name includes a
backslash followed by another character,
omit that backslash when you specify the
name in the database ACL.
uid=smd12345,dc=Acme,dc=Com uid=smd12345/dc=Acme/dc=Com
uid=Sandra Smith,o=Acme,c=US uid=Sandra Smith/o=Acme/c=US
Anonymous
Any user or server that accesses a server without first authenticating is
known by the name “Anonymous” at that server. Anonymous database
access is given to Internet users and to Notes users who have not
authenticated with the server.
Anonymous access is generally used in databases that reside on servers
available to the general public. You can control the level of database
access granted to an anonymous user or server by entering the name
Anonymous in the access control list, and assigning an appropriate level
of access. Typically you assign Anonymous users Reader access to a
database.

Security
The table below describes the different conditions for access that an
anonymous user would have to a database:
Anonymous access enabled for Anonymous access not

Internet protocol enabled for Internet protocol
Anonymous Users are prompted to
Users access the database with
access authenticate when they
the Anonymous entry’s access
enabled in level. For example, if attempt to access any
database Anonymous access is set to resource on the server. If
ACL Reader, anonymous users whothe user is not listed in the
access the database will bedatabase (through a group
granted Reader access. entry, a wildcard entry, or
if the user name is
Anonymous If Anonymous has been granted
given “no “No Access” (and the Read & explicitly listed), then the
user accesses the database
access” in Write public documents
with the -Default- entry’s
database privileges are not enabled)
ACL Anonymous users are not access level.
allowed access to the database
and they will be prompted to
authenticate. When they
authenticate, the name is
checked in the database ACL to
determine the level of database
access that should be granted.
Anonymous Anonymous users access the
not listed in database with the -Default-
database entry’s access level. For example,
ACL if -Default- access is set to
Reader, and there is no
Anonymous entry in the ACL,
anonymous users who access the
database will be granted Reader
access.
Anonymous users (both those who are given access to a database

through the Anonymous entry and those who have access through the
-Default- entry) who attempt to do something in the database that is not
allowed for their access level will be prompted to authenticate. For
example, if Anonymous is set to Reader, and an anonymous user tries to
create a new document, that user is prompted to authenticate with a
name and password.
Tip If you want all users to authenticate with a database, then make
sure that Anonymous is in the database ACL with an access level of No
Access, and be sure that the Read Public Documents and Write Public
Documents are not enabled. Add the Internet user’s name to the ACL
with the level of access you want them to have.

The Domino server uses the group name Anonymous solely for access
control checks. For example, if Anonymous has Author access in the
database ACL, the true name of the user appears in the Authors field of
those documents. The Domino server can display only the true name of
anonymous Notes users, but not of anonymous Internet users, in the
Authors field of the document. Authors fields are never a security
feature, regardless if anonymous access is used; if the validity of the
author’s name is needed for security, then the document should be
signed.
Replica IDs
To allow an agent in one database to use @DbColumn or @DbLookup to
retrieve data from another database, enter the replica ID of the database
containing the agent in the ACL of the database containing the data to be
retrieved. The database containing the agent must have at least Reader
access to the database containing the data to be retrieved. Both databases
must be on the same server. An example of a replica ID in a database
ACL is 85255B42:005A8fA4. You can enter the replica ID in uppercase or
lowercase letters, but do not enclose it in quotation marks.
If you do not add the replica ID to the access control list, the other
database can still retrieve data if the -Default- access level of your
database is Reader or higher.
Order of evaluation for ACL entries

ACL entries are evaluated in a specific order to determine the access
level that will be granted to an authenticated user trying to access the
database. If a user fails to authenticate with a server, and the server
permits access anyway, access will be computed as though the user’s
name was “Anonymous.”
• The ACL first checks the user name to see if it matches an explicit
entry in the ACL. The ACL checks all matching user names. For
example, Sandra E Smith/West/Acme would match the entries
Sandra E Smith/West/Acme/US and Sandra E Smith. In the event
that two different entries for an individual have different access
levels (for example, applied at different times by different
administrators), the user trying to access the database would be
granted the highest access level, as well as the union of the access
privileges of the two entries for that user in the ACL. This can also
happen if the user has alternate names.
Note If you enter only the common name in the ACL (for example,
Sandra E Smith), then that entry matches only if the user’s name and
the database server are in the same domain hierarchy. For example,

Security
if the user is Sandra E Smith, whose hierarchical name is Sandra E
Smith/West/Acme, and the database server is
Manufacturing/FactoryCo, then the entry Sandra E Smith will not
get the correct level of access for ACLs on the server
Manufacturing/FactoryCo. The name must be entered in full
hierarchical format in order for the user to obtain the correct level of
access to ACLs on servers in other domains.
• If no match is made on the user name, the ACL then checks to see if
there is a group name entry that can be matched. If an individual
trying to access the database happens to match more than one group
entry — for example, if the person is a member of Sales and there are
two group entries for Sales - Acme Sales and Sales Managers — then
the individual is granted the highest access level, as well as the union
of the access privileges of the two entries for that group in the ACL.
Note If the user matches an explicit entry in the ACL, and is a
member of a group that is also listed in the ACL, then the user
always gets the level of access assigned to the explicit entry, even if
the group access level is higher.
• If no match is made on the group name, the ACL then checks to see if
there is a wildcard entry that can be matched. If the individual trying
to access the database happens to match more than one wildcard
entry, the individual is granted the highest access level, as well as the
union of the access privileges of all of the wildcard entries that
match.
• Lastly, if no match can be made from among the database ACL
entries, the individual is granted the level of access defined for the
-Default- entry.
Configuring a database ACL

Plan the database access for the application before adding users, groups
or servers to a database ACL. After you add a name to the ACL, assign
an access level to the name. Although assigning a user type is optional, it
provides an additional level of security. Add access level privileges and
roles if the application requires them. After you configure a database
ACL, users can click the Effective Access button on the ACL dialog in the
Notes client to view their level of access to a database.
You can make changes to multiple ACLs on a server through the
Multi-ACL Management dialog box in the Administration Client. For
information about using the ACL dialog in the Notes client to edit an
ACL for a single database, see Notes 6 Help.

Configuring a database ACL
1. Make sure that you have:
• Manager access in the database ACL.
• Created the roles and groups that you want to use in the ACL.
2. From the Domino Administrator Server pane, select the server that
stores the databases.
3. Click Files, and select one or more databases from the Domino data
directory.
Note You can add the same entry to more than one database. You
can also edit and remove entries from multiple databases. See the
topic “Editing entries in multiple ACLs” later in this chapter.
4. From the Tools pane, select Database - Manage ACL.
5. Add entries for Notes users, servers, groups, and authenticated
Internet users.
6. Set the access level for each entry.
7. (Optional) For additional security, select a user type for each entry.
8. (Optional) Refine the entries by restricting or allowing additional
access level priviliges.
9. (Optional) Assign roles to ACL entries. The role displays a check
mark when selected.
10. (Optional) Enforce a consistent ACL across all replicas of the
database.
11. (Optional) Assign an administration server to automatically update
ACL entries.
12. (Optional) To prevent users whose access levels are Depositor or No
Access from using the operating system to copy the database,
encrypt the database with the server ID through the local Encryption
option. This ensures that the database, even when copied, is illegible
to anyone who doesn’t have access to the server ID.
13. Click OK to save your changes.

Security
Access levels in the ACL
Access levels assigned to users in a database ACL control which tasks
users can perform in the database. Access level privileges enhance or
restrict the access level assigned to each name in the ACL. For each user,
group, or server listed in the ACL, you select the basic access level and
user type. To further refine the access, you select a series of access
privileges. If the application designer created roles, assign them to the
appropriate users, groups, or servers.
Access levels assigned to servers in a database ACL control what
information within a database the server can replicate.
To access a database on a particular server, Notes users must have both
the appropriate database access, as well as the appropriate server access
specified in the Server document in the Domino Directory.
To view a database ACL, users must have Reader access or higher.
For more information on database access for Internet users, see the topic
“Maximum Internet name-and-password access” later in this chapter.
Caution: special ACL access

There are some cases in which users can have significant access to a
database that is not defined in the database ACL. This access is granted
through rights set up in other areas of Domino, or by having access to the
server itself. As an administrator, you need to understand these other
kinds of access in order to be able to fully protect server databases.
• Administrators who are designated as full access administrators in
the Server document have manager access to all databases, with all
privileges and roles enabled, on the server, regardless of whether
they are listed in the database ACLs.
Note If a user has full administrator access to a database, the
database ACL indicates that by enabling the “Full Access
Administrator” check box that appears in the “Effective Access”
dialog box.
• Administrators who are designated as administrators or database
administrators in the Server document are allowed to modify (for
example, designate an administration server or create a full-text
index) or delete any database on the server, even if they are not listed
as managers in the database ACL.
• Administrators who can run arbitrary executables on the server,
either through non-Domino access to the server or through the use of
Unrestricted Agents that launch executables.

• Administrators who run the Notes client directly on the server
machine or on a machine that has file level access to the server
database files.
• Users may still have access to a database by running agents with the
“Unrestricted with Full Access” privilege, even if they are not listed
in the database ACL. This privilege bypasses the ACL and reader
lists.
This table shows the user access levels, listed from highest to lowest.
Access level Allows users to Assign to

Manager Modify the database ACL. Two people who are
Encrypt the database. responsible for the
Modify replication settings. database. Then if one
person is absent, the
Delete the database.
other can manage the
Perform all tasks allowed by lower access database.
levels.
Designer Modify all database design elements. A database designer
Create a full-text search index. and/or the person
Perform all tasks allowed by lower access responsible for future
levels. design updates.
Editor Create documents. Any user allowed to

Edit all documents, including those create and edit
created by others. documents in a
Read all documents unless there is a database.
Readers field in the form. If an editor is
not listed in the Readers field, the user
with Editor ACL access cannot read or
edit the document.
Author Create documents if the user or server Users who need to
also has the Create documents access contribute documents to
level privilege. When you assign Author a database.
access to a user or server, you must also
specify the Create documents access level
privilege.
Edit the documents where there is an
Authors field in the document and the
user is specified in the Authors field.
Read all documents unless there is a
Readers field in the form.
continued

Security
Access level Allows users to Assign to
Reader Read documents where there is a Readers Users who only need to
field in the form and the user name is read documents in a
specified in the field. database but not create
or edit documents.
Depositor Create documents, but otherwise has no Users who only need to
access, with the exception of options to contribute documents
“Read public documents” and “Write but who do not need to
public documents.” These are privileges read or edit their own or
that designers may choose to grant. other users’ documents.
For example, use
Depositor access for a
ballot box application.
No Access Has no access, with the exception of Terminated users, users
options to “Read public documents” and who do not need access
“Write public documents.” These are to the database, or users
privileges that designers may choose to who have access on a
grant. special basis.
Note You may want to
specifically assign No
Access to individuals
who should not have
access to a database, but
who may be members of
a group that does.
Viewing ACL entries by access level

You can view ACL entries by access level. This shows you at a glance
what entries have been assigned a given access level.
To view ACL entries by access level

1. Make sure that you have Manager access in the database ACL.
2. Select the database icon from your bookmarks page.
3. Choose File - Database - Access Control.
4. Click the arrow next to “People, Servers, Groups” and select a
specific access level. The ACL displays only those names with the
selected access level.
5. Click OK.

Access level privileges in the ACL
After you assign an access level to each user, group, and server, you can
select or deselect privileges within an access level.
This table lists the user access level privileges from highest to lowest. The
section that follows describes each privilege in detail.
Access level Default privileges Optional privileges

Manager Create documents Delete documents
Create private agents Replicate or copy documents
Create personal folders/views
Create shared folders/views
Create LotusScript/Java agents
Read public documents
Write public documents
Designer Create documents Delete documents
Create private agents Create LotusScript/Java agents
Create personal folders/views Replicate or copy documents
Editor Create documents Delete documents
Read public documents Create private agents
Write public documents Create personal folders/views
Replicate or copy documents
Author Read public documents Create documents
Delete documents
Create private agents
Reader Read public documents Create private agents
continued

Security
Access level Default privileges Optional privileges
Depositor Create documents Read public documents
No Access None Read public documents
Create documents
Select this privilege for all users with Author access. If you deselect this
privilege to prevent Authors from adding any more documents, they can
continue to read and edit documents they’ve already created.
Delete documents
Authors can delete only documents they create. If this privilege is
deselected, an author can’t delete documents, no matter what the access
level. If the form contains an Authors field, Authors can delete
documents only if their name, or a group or a role that contains their
name, appears in the Authors field.
Create private agents

A user can run only agents that perform tasks allowed by the user’s
assigned access level in the ACL.
Whether or not a user can run agents is dependent on the access set by
the Domino administrator in the Programmability Restrictions section of
the Server document in the Domino Directory. If you select “Create
LotusScript/Java agents” for a name in the ACL, the Server document
controls whether or not the user can run the agent on the server.
Since private agents on server databases take up disk space and
processing time on the server, you may want to disallow this privilege.
For more information, see the chapter “Controlling Access to Domino
Servers.”

Personal folders and views created on a server are more secure than
those created locally, and they are available on multiple servers. Also,
administrative agents can operate only on folders and views stored on a
server.
If the “Create personal folders/views” privilege is not selected, users can
still create personal folders and views, but the folders and views are
stored on their local workstations. Deselect this privilege to save disk
space on a server.

Deselect this privilege to maintain tighter control over database design.
Otherwise, a user assigned this privilege can create folders and views
that are visible to others.

Since LotusScript and Java agents on server databases can take up
significant server processing time, you may want to restrict which users
can create them.
Whether or not a user can run agents depends on the access set by the
Domino administrator in the Programmability Restrictions section of the
Server document in the Domino Directory. If you select “Create
LotusScript/Java agents” for a name in the ACL, the Server document
controls whether or not the user can run the agent on the server.

Select this privilege to allow users who have No Access or Depositor
access to read documents or to see views and folders to which the
designer assigned the property “Available to Public Access users.” The
form must contain a text field named $PublicAccess, and its value should
be equal to 1.

Select this privilege to allow users to create and edit specific documents
that are controlled by forms to which the designer has assigned the
property “Available to Public Access users.” This option lets you give
users create and edit access to specific documents without giving them
Author access. Author access, or an equivalent role, gives users access to
create documents from any form in a database.
Note Users who have this privilege can also delete any public
documents in the database.
Replicate or copy public documents

Select this privilege to allow users to replicate or copy the database, or
documents from the database, locally or to the clipboard. You can select
this privilege for all access levels except Depositor and No Access.

Security
User types in the ACL
A user type identifies whether a name in the ACL is for a person, server,
or group. When you assign a user type to a name, you specify the type of
ID required for accessing the database with that name. The user types are
Person, Server, Mixed Group, Person Group, Server Group, and
Unspecified. The -Default- group in the ACL is always assigned
Unspecified as the user type. If you have added Anonymous to the ACL,
then it should have a user type of Unspecified.
User types provide additional security for a database. For example,
assigning the Person user type to a name other than “unspecified”
prevents an unauthorized user from creating a Group document with the
same person name, adding his or her name to the group, and then
accessing the database through the group name.
Designating a name as a Server or Server Group prevents a user from
using the server ID at a workstation to access a database on the server. Be
aware, though, that designating a name as a Server or Server Group is
not a foolproof security method. It is possible for a user to create an
add-in program that acts like a server and uses a server ID to access the
server database from a workstation.
Instead of assigning a user type to each name, you can automatically
assign a user type to all unassigned names in the ACL. The user type
assigned to each name is determined by the Domino Directory entry for
that name. Using this method, a group is always designated as “Mixed
Group,” and not as a “Person Group” or a “Server Group.” To assign a
“Person Group” or “Server Group” to a name, you must select the name
and manually assign that user type.
You can assign user types to entries in multiple database ACLs, or you
can have the server automatically assign user types to unspecified entries
in a single database ACL.
To automatically assign user types to ACL entries

Use this method when you have just added a large number of entries to a
database ACL.
3. Click Files, and select a database from the Domino data directory.
4. Click Tools - Database - Manage ACL.
5. Click Advanced.

6. On the Advanced panel of the ACL dialog, click “Lookup User Types
for ‘Unspecified’ Users.”
The server uses the Domino Directory to look up each entry in the ACL
and assign a user type of Person, Server, or Mixed Group. If it cannot
find a match in the Directory, then the entry in the ACL will be left as
“Unspecified.”
Roles in the ACL

A database designer can assign special access to database design
elements and database functions by creating roles. A role defines a set of
users and/or servers. They are similar to groups that you can set up in
the Domino Directory. However, unlike groups, roles are specific to the
database in which they are created.
Once a role is created, it can be used in database design elements or
functions to restrict access to those elements or functions. For example,
you may want to allow only a certain group of users to edit certain
documents in a database. You could create a role named “DocEditors.”
That role would then be added to the Authors fields of those documents,
and assigned to those users who are allowed to edit those documents.
You must have Manager access to create roles in the database ACL. You
must create a role before you assign it to a name or group in the ACL.
Once you have created roles in an ACL, they are listed in the Roles list
box on the Basics panel of the ACL dialog box. Role names appear in
brackets — for example, [Sales]. When you add an entry to a database
ACL, you can assign them to a role by selecting a role from the Roles list
box.
Note If you do not have Manager access to the ACL (meaning that you
are not allowed to edit the ACL), the Roles tab does not appear in the
ACL dialog box.
This table describes the design elements to which the database designer
can restrict access by using roles.
To restrict who can The designer uses

Edit specific documents An Authors field
Edit specific portions of a document Sections
Read specific documents A Readers field or a read access
list on the Security tab of the
Document Properties dialog box
continued

Security
To restrict who can The designer uses
View and read documents in a specific view View properties
View and read documents in a specific folder Folder properties
Read documents created with a specific form Form properties
Create documents with a specific form Form properties
Using roles to restrict access to database elements is not a foolproof

security measure. For example, if a designer restricts access to certain
documents in a database, the database manager or Domino administrator
must remember that documents inherit their Reader access list from the
Reader access option that is set in the Form Properties box for the form
used to create the document. Therefore, anyone with Editor access or
above in the database ACL can change a document’s Reader access list.
Creating and editing roles

You must create a role before you can assign it to a name in the ACL.
In the Domino Administrator you can create, modify, or delete roles for
multiple database ACLs, but you cannot assign a name to a role or
remove a name from a role in the ACL or display names assigned to a
role, as you can in the Notes client.
To create and manage roles, you must have Manager access in the
database ACL.
To create or edit roles

3. Click Files and select one or more databases from the Domino data
directory.
5. Click Roles.
6. Do one of the following, and then click OK, and click OK again to
save your changes:
• To create a role, click Add, and type a name for the role.
• To rename a role, click Rename. In the Rename Role box, type a
new name for the role.
• To delete a role, click Remove, and type the name of the role that
you want to delete.

Note In Domino Administrator, you do not need to include any
brackets in the role name when adding or removing a role. However,
when you rename a role, you must type the role name exactly as it
appears in the ACL, including the brackets and case-sensitive
characters.
To assign a role to an ACL entry

Because roles are specific to a database, you must modify database ACLs
on an individual basis in order to assign roles to users.
2. Open the database ACL that you want to modify.
3. Highlight the user to whom you want to assign a role.
4. In the Roles list box, select the role that you want to assign to that
user.
5. Repeat steps 3 and 4 for each user to whom you want to assign a
role.
Managing database ACLs

As a Domino administrator, you can use any of these methods to manage
database ACLs.
To update ACLs
• Use the Administration Process
• Use the Web Administrator
• Edit entries in multiple ACLs
• View the list of all database ACLs on a server.
To monitor changes to ACLs
• Display the ACL log to view a chronological list of changes to the
ACL
• Create an ACL monitor to automatically send you e-mail when any
changes are made to the database ACL.

Security
Using the Administration Process to update ACLs
To maintain maximum database security, you must be vigilant about
keeping the ACL up to date. You can use the server administration
process to do this. The Administration Process is a server program that
automatically renames or deletes groups, servers, users, personal views,
personal folders, and private agents, and then updates the Domino
Directory and any database ACLs that have named the server running
the Administration Process as their administration server. This program
also updates the Readers and Authors fields for all documents in a
database.
You can select an administration server for the Administration Process in
the Access Control List dialog box for single databases or in the
Multi-ACL Management dialog box for multiple databases.
A user leaves the organization

When a user leaves the company, you can use the Domino Administrator
to request that the user be deleted from the system. The Administration
Process responds to this request and deletes the user’s Person document
from the Domino Directory, as well as the user’s name from all Group
documents, ACLs, roles, Readers and Authors fields, personal folders
and views, and private agents.
A user needs access to the database

If possible, add new names to existing groups in the ACL rather than
listing names individually. Consider whether to include new names in
any roles associated with the database. If the database does not use roles,
check whether there are access lists associated with forms, views, fields,
or sections, and if so, consider whether to include new names in these
lists.
For more information on the use of public access lists with database
design elements, see Application Development with Domino Designer.
A user name changes or you move the user in the hierarchy

Edit the user’s Person document in the Domino Directory. The
Administration Process carries out all related renaming tasks in database
ACLs and in personal folders and views and private agents.

Setting up the Administration Process for database ACLs
To use the Administration Process to update and manage names in an
ACL and in Readers and Authors fields, you must assign an
administration server to the database.
Use this method to specify an administration server for multiple
databases.
3. Click Files, and select the databases from the Domino data directory
to which you want to assign an administration server.
5. Click Advanced.
6. Select “Modify Administration Server setting.”
7. Select Server, select an administration server from the list, and then
click OK.
Note When Notes users create databases, they can specify the
administration server for their databases on the Advanced panel of the
database ACL. The database ACL list will automatically be updated
when the Administration Process is run on the specified administration
server.
Managing database ACLs with the Web Administrator

The Web Administrator is a utility application that is packaged as a
Notes database (WEBADMIN.NSF). The Web Administrator lets you
add, delete, and modify database ACL entries; change roles; and view
the ACL log for all databases on the server. To modify database ACLs,
you must:
• Have at least Editor access in the Web Administrator ACL. By
default, Domino Full Access Administrators and Administrators get
Manager access in the ACL of the WEBADMIN.NSF when this
database is created.
• Have Manager access in the database ACLs of all the databases you
want to modify.

Security
• Set the “Maximum Internet name & password access” option on the
Advanced panel of the Access Control List dialog box to Manager on
all the databases you want to modify, if you are not using SSL with
X.509 client certificates. This option is set to Manager by default in
the WEBADMIN.NSF so you can add more user names to the ACL of
the WEBADMIN.NSF from a browser.
You can use the Web Administrator to perform the following tasks for
Internet or Notes users:
• Add an ACL entry
• Remove an ACL entry
• Rename an ACL entry
• Add, remove, or rename a database role
• View the ACL change history
• Create a new database on the server based on templates
• Create a new copy of the database
• Delete a database
• Compact a database
• Create or update a full-text index of a database
• Force manual replication of a database with a remote server
Editing entries in multiple ACLs

As a Domino Administrator, you can make the following changes to
entries that exist in multiple database ACLs. To edit entries in a database
ACL, you must have Manager access to that ACL.
You can also use the Web Administrator to manage database ACLs. For
more information, see the topic “Managing database ACLs with the Web
Administrator” earlier in this chapter.
To add or remove an entry

directory.
4. Click Add or Remove.

5. Type the entry, or select it from the Domino Directory by clicking the
button next to the list box
6. Click OK.
To rename an entry
directory.
4. Click Modify.
5. In the From box, type the name of the person, server, or group that
you want to rename.
6. Select Modify Name.
7. In the To box, type the new name of the person, server, or group that
you want to rename.
To change the access, user type, or attributes assigned to an entry

directory.
4. Click Modify.
5. In the From box, type the name of the person, server, or group whose
access or user type you want to change, and click OK.
6. Do one of the following, and then click OK, and click OK again to
save your changes:
• To change the user type assigned to an entry, select the user type
from the drop-down list.
• To change the access level assigned to an entry, select the access
level from the drop-down list.
• To modify the access level privileges assigned to an entry, click
“Modify attributes” and type the name of the role that you want
to delete.
7. Click OK.

Security
Viewing all database ACLs on a server
You can view all the database ACLs on a server by user name, access
level, or by database.
To view a list of all database ACLs on a server

2. Click Files.
3. Select the Catalog (V6) - Access Control Lists.
4. Select By Name, By Level, or By Database.
• The By Name list shows the ACL list by ACL entry name, then
access level, and then database title.
• The By Level list shows the ACL list by access level, then ACL
entry name, and then database title.
• The By Database list shows the ACL list by database name, then
server, then access level, and then ACL entry name.
Using the ACL log

You can display a log of all changes made to a database ACL. Each entry
in the list shows when the change occurred, who made the change, and
what changed. The log stores only 20 lines of changes, not the complete
history. Only users who have manager access in the ACL can view the
ACL log.
To display an ACL log

directory.
4. Choose File - Database - Access Control.
5. Click Log.
6. Highlight a line of log history. To see the complete text of the log
history, look in the field at the bottom of the dialog box.
7. (Optional) Click Copy to copy the ACL log to the clipboard so that
you can paste it in a document.
Note If you enable an ACL for Extended Access, there is no longer a
20-line limit for the log. The log also includes more details about
Extended Access changes.

Enforcing a consistent access control list
You can ensure that an ACL remains identical on all database replicas on
servers, as well as on all local replicas that users make on workstations or
laptops.
Select the “Enforce a consistent Access Control List” setting on a replica
whose server has Manager access to other replicas to keep the access
control list the same across all server replicas of a database. If you select a
replica whose server does not have Manager access to other replicas,
replication fails because the server has inadequate access to replicate the
ACL.
If a user replicates a database locally, the database ACL recognizes that
user’s access as it is known to the server. This happens automatically for
local replication, regardless of whether “Enforce a consistent Access
Control List” is enabled.
It should be noted that local replicas with “Enforce a consistent access
control list” enabled attempt to honor the information in the ACL and
determine who can do what accordingly. However, they have some
limitations. One limitation is that group information is generated on the
server, not at the local replica. When a database is replicated locally,
information about the group membership of the person doing the
replication is stored in the database for use in ACL checking. If a
person/identity other than the one doing the replication accesses the
local replica, there will be no group membership information available
for that person, and the ACL can use only the person’s identity, not
group membership, to check access.
Additionally, enforcing a consistent access control list does not provide
additional security for local replicas. To keep data in local replicas
secure, encrypt the database.
Note If a user changes a local or remote server database replica’s ACL
when the “Enforce a consistent Access Control List” option is selected,
the database stops replicating. The log (LOG.NSF) records a message
indicating that replication could not proceed because the program could
not maintain a uniform ACL on replicas.

Security
To enforce or disable a consistent access control list for multiple
databases
1. Make sure that you have Manager access in all the database ACLs
you select.
2. From the Domino Administrator Server pane, select a server that has
Manager access to the databases on which you want to enforce a
consistent ACL.
directory.
5. Click Advanced.
6. Select the option “Modify Consistent ACL setting.”
• To enforce a consistent ACL, select “Enforce a consistent Access
Control List across all replicas of this database.”
• To disable a consistent ACL, select “Do not enforce a consistent
ACL.”
7. Click OK.
Updating Readers and Authors fields

By default, the Administration Process examines all documents in a
database to find and update Readers and Authors fields and to update
personal folders and views and private agents. When the Administration
Process performs a “Rename person” or a “Delete person” request, it
edits or removes the name in all Readers and Authors fields and in
personal folders and views, and in private agents. To update Readers
and Authors fields in only selected documents, you create a special view
in the database and then update that view.
You must select an administration server if you want to select the option
to modify Readers and Authors fields. The default is to not modify
Readers and Authors fields.
To update Readers and Authors fields

1. Make sure that you have Manager access in the database ACL and
that you have already specified an administration server for the
database.
3. Click Files, and select the databases from the Domino data directory
to which you want to assign an administration server.

5. Click Advanced.
6. Select “Modify Administration Server setting.”
7. Choose “Modify fields of type Reader or Author,” and click OK.
Setting up database access for Internet users

When you set up database access, you must make special provisions for
Internet users. See the following topics for information about setting up
and controlling the access that these users have to a database:
• Specify maximum Internet name-and-password access.
• Require an SSL connection to a database
• Default entries in the ACL.
Maximum Internet name-and-password access

Users who have Internet or intranet browser access to a database cannot
be identified by Notes in the same way Notes users are identified. Use
the “Maximum Internet name & password access” setting to control the
maximum type of access that Internet or intranet browser users have to a
database. The list contains the standard access levels for Notes users.
This option applies to users who use name-and-password authentication
or access the server anonymously over the Internet and connect to
servers using either the TCP/IP port or the SSL port. This option does
not apply to users who have SSL client certificate IDs and who access the
database over the Internet on the SSL port. Users with SSL client access
receive the level of access specified in the database ACL.
Add an entry for the group Anonymous to the database ACL, if
appropriate for this database. Then select the maximum access level you
want to assign to all Internet and intranet users who use
name-and-password authentication for a particular database. Users who
access a Notes database over the Internet, either anonymously or by
using name-and-password authentication, never have an access level
higher than what is specified as the “Maximum Internet name &
password access” level.
Caution The “Maximum” access level overrides the access level that a
user may have been explicitly given in the database ACL, but only to
enforce the lower of the two access levels.

Security
For example, a user, Sandra Smith/West/Sales/Acme can use name and
password to access a server using a Web browser. If Sandra
Smith/West/Sales/Acme is assigned Editor access in the ACL and the
“Maximum Internet name & password access” setting is Reader, the
lower of the two access levels applies and Sandra is allowed only Reader
access. Similarly, if Sandra Smith/West/Sales/Acme is assigned Reader
access in the ACL and the “Maximum” access setting is Editor, Sandra is
allowed only Reader access. However, if Sandra Smith also uses a Notes
client to access the database, the “Maximum” access setting is ignored
and Sandra is allowed Editor access.
The default for this option is Editor access. Tasks such as creating folders,
views, and agents do not apply to Internet users.
Tip You can use this setting to prevent Internet users from accessing the
database using name-and-password authentication. By setting it to “No
Access,” the database would then be accessible only to Notes users or
Internet users who authenticate using SSL client certificates.
Selecting the maximum Internet name and password

Use this method to select the maximum Internet name-and-password
access for one or more databases.
1. Make sure that you have Manager access in all the database ACLs
you select.
2. From the Domino Administrator Server pane, select a server that has
Manager access to the databases.
directory.
5. Click Advanced.
6. If you have selected multiple databases, select the option “Modify
Internet name & password setting.”
7. Select the maximum access level from the list next to the field
“Maximum Internet name & password.”
8. Click OK.
Requiring an SSL connection to a database

Secure Sockets Layer (SSL) is a security protocol that provides
communications privacy and authentication for Domino server tasks that
operate over TCP/IP. You can require users to access a database using a
secure SSL connection. You can also choose to require an SSL connection
to a single database or to all databases on a server.

If the server is not configured to require an SSL connection, clients will be
able to use either SSL or unsecured TCP/IP to connect to the server; for
example, in a browser, by using HTTP (for non-SSL) or HTTPS (for SSL).
For more information about Internet client access to Domino servers and
databases, see the chapter “Setting Up Name-and-Password and
To require an SSL connection to a database

1. Make sure you have Manager access in the database ACL.
2. From the Domino Administrator Server pane, select a server that
stores the database(s) for which you want to require an SSL
connection.
3. Click Files, and open the database from the Domino data directory.
4. Choose File - Database - Properties.
5. On the Basics tab, choose Web access: Require SSL connection.

Security
Chapter 41
Protecting User Workstations with Execution Control
Lists
This chapter describes how to set up and manage execution control lists
for user workstation data security.
The execution control list

You use an execution control list (ECL) to set up workstation data
security. An ECL protects user workstations against active content from
unknown or suspect sources, and can be configured to limit the action of
any active content that does run on workstations. The ECL determines
whether the signer of the code is allowed to run the code on a given
workstation, and defines the access that the code has to various
workstation functions. For example, an ECL can prevent another
person’s code from running on a computer and damaging or erasing
data.
“Active content” includes anything that can be run on a user
workstation, including formulas; scripts; agents; design elements in
databases and templates; documents with stored forms, actions, buttons,
hot spots; as well as malicious code (such as viruses and so-called
“Trojan horses”).
There are two kinds of ECLs: the Administration ECL, which resides in
the Domino Directory (NAMES.NSF), and the workstation ECL, which is
stored in the user’s Personal Address Book (NAMES.NSF). The
Administration ECL is the template for all workstation ECLs. The
workstation ECL is created when the Notes client is first installed. The
Setup program copies the administration ECL from the Domino
Directory to the Notes client to create the workstation ECL.
The workstation ECL

A workstation ECL lists the signatures of trusted authors of active
content. “Trust” implies that the signature comes from a known and safe
source. For example, every system and application template shipped
with Domino or Notes contains the signature Lotus Notes Template
41-1
Development. Likewise, every template and database that your
organization designs should contain the signature of either the
application developer or the administrator.
For each signature, the ECL contains settings that control the actions that
active content signed with that signature can perform and the
workstation system resources it can access.
For a description of ECL access options, see the topic “ECL security
access options” in this chapter.
How the workstation ECL works

When active content runs on a user workstation and attempts a
potentially harmful action — for example, programmatically sending
mail — the following occurs:
1. Notes verifies that the active content is signed and looks up the
signer of the code in the workstation ECL.
2. Notes checks the signer’s ECL settings to determine whether the
action is allowed.
3. One of the following occurs:
a. If the signer of the code is listed in the workstation ECL and the
appropriate setting is enabled, the active content runs.
b. If the active content attempts an action that is not enabled for the
signer, or if the signer is not listed in the ECL, Notes generates an
Execution Security Alert (ESA), which specifies the attempted
action, the signer’s name, and the ECL setting that is not enabled.
The ESA gives the user four options:
• Do not execute the action — to deny the signer access to perform
the specified action.
• Execute the action this one time — to allow the signer access to
perform the action only once. The ESA appears again if the same
action is attempted in the future. This option does not modify the
ECL.
• Start trusting the signer to execute this action — to allow the
action to be performed and modify the ECL configuration to add
the signature of the active content to the ECL. This grants
permission for the signer to execute the specific action any time on
that workstation.

Security
• More Info — to display a dialog box that provides information
about the design type, design name, Notes ID, signature status,
and parent database of the code that caused the ESA.
For example, locally scheduled agents, as well as manual agents,
can generate ESAs. Click “More Info” to get information about the
agent that generated the alert.
Note The administration ECL has a setting that prevents users from
changing their workstation ECLs. If this setting is enabled, then the user’s
option to trust the signer is disabled.
ECL security access options

There are three categories of access options for ECLs.
• Workstation security
• Java applet
• JavaScript
Workstation security access options
Choose from these options when setting up access to workstation data
for active content, such as Notes databases:
Access option If enabled, allows formulas and code to

Access to file system Attach, detach, read to, and write from
workstation files
Access to current database Read and modify the current database
Access to environment Use the @SetEnvironment and
variables @GetEnvironment variables and LotusScript
methods to access the NOTES.INI file
Access to non-Notes databases Use @DBLookup, @DBColumn, and
@DBCommand to access databases when the
first parameter for these @ functions is a
database driver of another application
Access to external code Run LotusScript classes and DLLs that are
unknown to Notes
Access to external programs Access other applications, including activating
any OLE object
Ability to send mail Use functions such as @MailSend to send mail
Ability to read other databases Read information in databases other than the
current database
Ability to modify other Modify information in databases other than the
databases current database
continued
Protecting User Workstations with Execution Control Lists 41-3

Access option If enabled, allows formulas and code to
Ability to export data Print, copy to the clipboard, import, and export
data
Access to Workstation Modify the ECL
Security ECL
Java applet options

Choose from these options when setting up access to workstation data
for Java applets that run in Notes:
Access option If enabled, allows the applet to

Access to file system Read and write files on the local file system.
Access to Notes Java classes Load and call the Domino objects for Java and
CORBA.
Access to network addresses Bind to and accept connections on a privileged
port (a port outside the range 0 to 1024) and
establish connections with other servers.
Printing Submit print jobs.
Access to system properties Read system properties such as color settings
and environment variables.
Dialog and clipboard access Access the system clipboard. Also disables the
security banner that is displayed in the top-level
window to indicate that a Java applet created the
window. Displaying the security banner
reminds users not to enter security-sensitive
information into a dialog that masquerades as a
password dialog, for example.
Process-level access Create threads and threadgroups, fork and run
external processes, load and link external
libraries, access nonpublic members of classes
using Java core reflection, and access the AWT
event queue.
JavaScript options
These options control access to workstation data for JavaScript that runs
in the Notes client, on a Notes form or on a Web page rendered by the
Notes browser. These options do not control JavaScript run by other
browsers, including the Microsoft Internet Explorer browser, even when
the browser is embedded in the Notes client.
JavaScript ECL settings control whether JavaScript code can read and/or
modify JavaScript properties of the Window object. You can allow read
access from, and write access to, the properties of the Window object. As
the top-level object in the JavaScript document object model, the Window

Security
object has properties that apply to the entire window. Securing access to
the Window object secures access to other objects on the page since the
JavaScript program cannot access the objects further down in the object
model hierarchy without first traversing the Window object.
Window object classes are described in the following table:
Window object Description Default

class
Source window Controls JavaScript access to the Window Allow read
object on the same page as the JavaScript and write
code. Selecting this option does not prevent a access
JavaScript directly to the object on the source
window, because doing so circumvents the
Window object; therefore this ECL option is
not enforced.
Other window Controls JavaScript access to the Window Allow read
from same host object on a different page from the JavaScript and write
code, but from a page using the same host. access
For example, JavaScript code on a page on
www.lotus.com can access the Window
object on another page on www.lotus.com.
This allows two pages to interact if they are
within the same frameset.
Other window Controls JavaScript access to the Window Not allow
from different object on a different page within a frameset read and
host that uses a different host. For example, write access
JavaScript code on a page on www.lotus.com
can access the Window object on a page on
any other server.
Enabling this option poses a high security
risk because of the possibility of malicious
code on one page of the frameset accessing
data on another page.
Two additional ECL options control whether JavaScript that runs in the
Notes client is authorized to open a new Web page or Notes document. You
can enable open access for these options, described in the following table:
Option Description Default

URL on same Controls access for opening a page or Notes Allow open
host document on the same host as the JavaScript access
code.
URL on different Controls access for opening a page or Notes Not allow
host document on a different host as the JavaScript open access
code.

The administration ECL
When you set up the first server in a domain, Domino creates a default
administration ECL, which you can then customize. The administration
ECL is the template for all workstation ECLs. Whenever a new Notes
client is installed, the setup program copies the administration ECL from
the Domino Directory to the Personal Address Book on the Notes client
workstation. The user’s Notes ID is added to the workstation ECL, with
all access allowed. For example, when John Doe’s Notes client is being
set up, John Doe is automatically added to the client ECL signer list.
If the home server is unavailable when a Notes client is installed — for
example, when a user is disconnected — the workstation ECL is created
with default settings, rather than being created from the administration
ECL.
Note Technically, when a server is initially installed, there is no Admin
ECL. When a client attempts to edit the workstation ECL, or refresh it
from an admin ECL that does not exist, the client creates an ECL with
default settings that are coded into the client. The Admin ECL exists on
disk, once an administrator modifies and saves it. Once the modified
administration ECL is saved to disk, then that is the ECL that is copied to
user workstations.
You use the administration ECL to define and deploy customized ECLs
for your users. You can control ECL changes or allow users to modify
their own ECLs. Furthermore, you can update your users’ workstation
ECLs as security requirements change — automatically, through the use
of a security settings document deployed through a policy, or manually,
by asking users to refresh their workstation ECLs.
To create customized ECLs that can be deployed for specific groups of
users, you must use a security settings document that is deployed
through a server policy. For example, you can create one ECL exclusively
for contract employees and another ECL for full-time employees.
For more information on using policies for security, see the chapter
“Using Policies.”
Guidelines for creating an effective administration ECL

Your goal as an administrator is to limit the number of trusted signers for
active content, and the access that active content has to user
workstations. To accomplish this goal, limit the number of trustworthy
signers in your organization and ensure that workstation ECLs trust only
those signers.

Security
Use these guidelines to create secure ECLs:
• Do not grant access to unsigned content. This creates a security hole
that allows potentially harmful code, malicious or otherwise, to
access user workstations. Keep the default access options for
unsigned content.
• Do not let your users trust unsigned content. To prevent users from
changing their ECLs — for example, by giving access to unsigned
content, or to content signed by signers who are not listed in the ECL,
deselect “Allow user to modify” in the Administration ECL.
• Know your signers. Trusting signed active content, especially from
other organizations, is risky. Before adding an active content author
to an ECL, decide if you trust that the author has created safe code.
• Create a separate certifier for an organizational unit to issue IDs
specifically for users who must sign templates and applications —
for example, Enterprise ECLApp Signer/West/Acme. Then users
who create templates and applications use those IDs to sign
templates and applications. You can then set up the administration
ECL to trust any user in that special organizational unit, or fine-tune
it on a per-user basis.
Default ECL settings

When you first edit the ECL, it includes the following signatures and
access options. By default, the ECL does not allow access to protected
operations for active content that is unsigned, or for active content that is
signed by a signer who is not listed in the ECL.
Signature Applies to Default access options

-Default- Formulas and code that contain a None
signature, and that signature is
verified by Domino, but the
signature does not match any entry
in the ECL.
For example, if the signer is John
Andrews/Atlas, but the ECL does
not contain this signature, the ECL
uses the -Default- signature to
assign access.
continued

-No Signature- Formulas and code that contain an None
invalid or corrupted signature, are
unsigned, or are signed by an
identity or organization that can’t
be verified by Domino.
For example, if the code is not
signed, or is signed by a user
unknown to the Domino server, the
ECL matches -No Signature-.
BT Mail and Every template related to Binary Access to file system,
Calendar Tree Mail and Calendar Migration Access to current
Migration Tools/ Tools. database, Access to
Lotus Notes If your organization isn’t using this environment variables,
Companion tool, you can remove this entry Access to external
Products from the ECL. code, Ability to read
other databases, Ability
to modify other
databases
Domino Unified Every template related to Domino Access to current
Communications Unified Communications Services. database, Access to
Services/Lotus If your organization isn’t using this environment variables,
Notes tool, you can remove this entry Access to external
Companion from the ECL. code, Access to
Products external programs,
Ability to send mail,
Ability to read other
databases, Ability to
modify other databases
Lotus Fax Every template related to Lotus Fax Access to current
Development/ for Domino. database, Access to
Lotus Notes If your organization isn’t using this environment variables,
Companion tool, you can remove this entry Ability to read other
Products from the ECL. databases, Ability to
modify other databases
continued

Security
Lotus Notes Every template shipped with All
Template Domino and Notes.
Development/ For example, the signer matches
Lotus Notes this type only if it has the Lotus
Notes Template
Development/Lotus Notes
signature.
Sametime Every template related to All except Access to
Development/ Sametime. workstation security
Lotus Note If your organization isn’t using this ECL
Companion tool, you can remove this entry
Products from the ECL.
You can also add additional users or signature types to the ECL. You
could add the hierarchical names of specific users or groups — for
example, Phyllis Spera/Sales/East/Acme. If you create a special certifier
to certify the IDs of a group of trusted signers, you could use a wildcard
character to name all signers — for example, */Trusted Signers/Acme.
The table below describes the access that these users (or signature types)
in an ECL would have:
Signature Applies to
*/Trusted Signers/Acme Formulas and code that have */Trusted
Signers/Acme signature.
For example, if the signer is anyname/Trusted
Signers/Acme — such as Emily
Marks/Trusted Signers/Acme or Alan
Jones/Sales/East/Trusted Signers/Acme —
the ECL uses the */Trusted Signers/Acme
signature to match access.
Phyllis Formulas and code that have Phyllis
Spera/Sales/East/Acme Spera/Sales/East/Acme as the signature.
For example, the signer matches this type only
if the ECL contains the Phyllis
Spera/Sales/East/Acme signature.

Collecting information for a new administration ECL
Before you can create an Admin ECL to distribute, identify the
individual people and/or organizations that you can trust to create and
sign active content. Identify a few users who use a broad range of typical
Notes applications, then ask them to complete these steps.
1. Remove all entries from the workstation ECL except the following:
• All entries in the form */org, where org is a local
domain/organization
• -Default-
• -No signature-
• Lotus Notes Template Development/Lotus Notes
To do this, highlight the item to remove under “When signed by,”
then click Remove.
Note If any of these entries are not listed in the ECL, it means that
those entries are not needed.
2. Make a list of the entries you remove so that if those entries were, in
fact, not needed, they can later be added with “No access” in the
administration ECL.
3. Make these changes to the remaining entries in the ECL:
For “When signed by” For “Allowed”
*/org, where org is a local Deselect all selected items.
domain/organization
-Default- Deselect all selected items. “Default” should
have no permissions.
-No signature- Deselect all selected items.
Lotus Notes Template Select all items. This signer should have all
Development/Lotus Notes permissions.
4. For a designated time period (a week should be sufficient), when the

Execution Security Alert dialog box appears, click “Trust signer,”
with the following exceptions:
• Do not trust any actions with “-No Signature-”.
• Check with the administrator before trusting odd or unfamiliar
signatures or before clicking “Execute once” for templates and
applications signed with odd or unfamiliar signatures.
Note Users who use the Lotus Notes Client 5.01 or earlier should
choose “No” in the dialog box that asks if you want to trust
everybody in the organization of the user whose signature you are
about to trust.

Security
The resulting ECLs for these users should contain more signers than
what the ECL originally contained, unless your organization has
managed the signing process up front and only uses objects signed by a
small number of known trustworthy signers.
After the designated time period is complete, the administrator should
combine the signatures in the users’ ECLs to create an updated
administration ECL.
The workstation ECL log

The Lotus Notes 6 Client logs ECL-related operations in the Client log
(LOG.NSF) in Miscellaneous Events. This includes:
• Results of Execution Security Alert (ESA) dialogs, as well as
additional ESA details. These details include information about the
code that caused the ESA, such as the design type, design title,
NoteID, database title, and path.
• Any ECL modifications. This includes information on which ECL
was modified; the ECL entries that were changed, added or deleted;
and the rights that were granted or revoked. It also includes all ECL
modifications resulting from such operations as dynamic ECL
update, programmatic ECL refresh (@ECLRefresh function), setup
ECL refresh/creation and manual ECL changes made in the ECL
Editor or through the User Security Panel.
It is possible to write an agent to run on Notes clients and parse the ECL
logging data to provide administrators with specific information on how
users are managing their workstation ECLs, as well as current
information about applications or other code that should be added to
Admin ECLs.
Creating the administration ECL

Before you register users, edit the administration ECL to create a
template for user workstation ECLs. Use the following procedure to
create and deploy an administration ECL that provides a good starting
point for managing and maintaining secure workstation ECLs.
You can deploy and maintain ECLs on a group and organizational basis
through the use of policies. For more information, see the chapter “Using
Policies.”
1. (Optional) Collect information for creating the administration ECL.
For more information, see the topic “Collecting information for a
new administration ECL” in this chapter.
2. Edit the Administration ECL.

For more information, see the topic “Editing the administration ECL”
in this chapter.
3. Deploy the new ECL to user workstations. This happens
automatically when Notes client software is first installed on user
workstations.
4. Update user workstation ECLs, as required.
Editing the administration ECL

1. From the Domino Administrator, click the Files tab.
2. From the Servers pane, choose the server to work from.
3. Open the Domino Directory (NAMES.NSF).
4. Choose Actions - Edit Administration ECL.
5. (Optional) Select -Default- and then select access options.
For more information on access options, see the topic “ECL security
access options” in this chapter.
6. (Optional) Select -No Signature- and then select access options.
7. To add an entry, click Add, enter the name of a person or server, and
then click OK.
a. Enter an asterisk (*) to allow access to all users, even those not
listed in the Domino Directory, access.
b. Enter an asterisk (*) followed by a certifier name — for example,
*/Acme — to allow access to users certified by that certifier.
Note Add entries to the ECL even if you want to deny access to a
person, group, or organization. Then you can overwrite existing
entries in workstation ECLs and essentially undo any trust users
have granted. For example, to revoke access previously granted to
someone, add that person to the administration ECL, but don’t give
them any privileges. When the updated administration ECL is
distributed, it will overwrite the workstation ECLs with the updated
privileges for that person.
8. To remove an entry, select it from the list and click Remove.
Note Removing an entry will not deny access to that entry when
existing client ECLs are refreshed. To ensure that this entry no longer
has access, leave the entry in the list and instead, remove all rights.
9. To rename an entry, select it from the list and click Rename.
Note It may be better to leave the existing entry and add a new
entry with the new name instead. Active content signed with the
user’s previous name will then still be allowed the same access it had
before.

Security
10. To let users modify their workstation ECLs or enable Java applets
from trusted senders, select “Allow users to modify.”
11. Click OK.
Deploying and updating workstation ECLs

If you create an Admin ECL prior to registering users, that Admin ECL is
deployed automatically to user workstations when users run Notes setup
during install. For Domino 6, you can also deploy and maintain ECLs
through the use of policies, which allow you to create and deploy ECLs
on a group or organizational basis, as well as define the frequency and
extent to which workstation ECLs are updated.
For more information about using policies to create, deploy, and update
ECLs, see the chapter “Using Policies.”
If you edit the administration ECL after users run setup, and you are not
using a security policy, you can use one of the following procedures to
update user workstation ECLs.
• Use the @Refresh ECL function, through a memo or common
database event
• Have users update their ECLs through the User Security dialog box.
To use the @RefreshECL function to update workstation ECLs
This procedure enables users to update their workstation ECL by
running a macro that copies the current administration ECL to the local
workstation ECL.
1. Make sure the Domino Directory with the ECL changes has
replicated throughout the domain.
2. Address a memo to users whose ECLs you want to update.
3. Add a button to the memo that executes this formula:
@RefreshECL (server : database ; name)
Where server : database is a text list that specifies the server location
and file name of the Domino Directory (NAMES.NSF) that contains
the administration ECL; and name is text that specifies the name of
the administration ECL. Specify “” (null) if you have not named the
administration ECL. For example, for an unnamed administration
ECL located in NAMES.NSF on the server SERVER1, the
@RefreshECL formula is:
@RefreshECL("server1":"names.nsf";"")
Note For MIME-enabled users who lose their active content in mail
messages, add the button to a document in a particular Notes
database and tell those users to go there to update their ECLs.

4. Describe the purpose of the memo and instruct users to click the
button.
5. Mail the memo.
Tip Add the @Refresh ECL function to a common database event,
so that all users in the organization can use it to update their ECLs.
To use the Refresh button to update workstation ECLs

1. Make sure the Domino Directory with the ECL changes has
2. Address a memo to users whose ECLs you want to update.
3. Describe the purpose of the memo and instruct the users to do the
following:
a. Choose File - Security - User Security.
b. Click “What Others Do,” and then click “Using LotusScript,”
“Using Java,” or “Using JavaScript.”
c. Click “Refresh All”
4. Mail the memo.
Note Even after you distribute an updated ECL, users might still
encounter Execution Security Alerts. Make sure that users:
• Do not trust any actions with “-No Signature-”
• Check with you before trusting any odd or unfamiliar signatures,
or before clicking “Execute once” for templates or applications
signed with odd or unfamiliar signatures. Investigate those
signatures, and if necessary, update and redistribute the
administration ECL.
Administration ECL <ECLOwner> key

In order to provide more flexibility to users, especially in organizations
that do not allow users to modify their own ECLs, administrators can set
the execution rights of the current ECL owner during workstation ECL
refresh and replace. You do this by adding the key string
<ECLOwner>
as an entry in the Admin ECL. You then give that entry the ECL rights
that are appropriate for a workstation user. For example, if you want to
give users the ability to write and execute basic Notes programs on their
own workstations, you would enable the appropriate rights for this
entry.

Security
When a workstation ECL is refreshed or replaced, the <ECLOwner>
entry is replaced with the name of the current user. This updates the
user’s workstation ECL rights with those set in the Admin ECL for the
key string entry.
If this key string entry is not included in the Admin ECL, and if “Allow
user to modify” is not enabled, the current user entry is removed from
the workstation ECL during ECL replace. If “Allow user to modify” is
enabled, the current user remains in the Workstation ECL
Refreshing the ECL without the key string leaves the current user’s entry
as is.

Security
Chapter 42
Setting Up Name-and-Password and Anonymous
Access to Domino Servers
This chapter describes how to set up servers for name-and-password and

anonymous access by Internet/intranet clients.
Name-and-password authentication for Internet/intranet clients

Name-and-password authentication, also known as basic password
authentication, uses a basic challenge/response protocol to ask users for
their names and passwords and then verifies the accuracy of the
passwords by checking them against a secure hash of the password
stored in Person documents in the Domino Directory. When set up for
this, Domino asks for a name and password only when an
Internet/intranet client tries to access a protected resource on the server.
Internet/intranet access differs from Notes client and Domino server
access in that a Domino server asks a Notes client or Domino server for a
name and password when the client or server initially attempts to access
the server.
If you want to assign database access to an Internet/intranet client based
upon Domino ACL security, you must create a Person document for that
client in the Domino Directory, or, optionally, in a secondary Domino
directory or an external LDAP directory. Clients who do not have Person
documents are considered Anonymous and can only access servers and
databases that allow Anonymous access.
Name-and-password authentication allows Domino to locate the Person
document (if one exists) for the client accessing the server. After the
client is identified, access to server resources can then be determined. For
example, if you want Alan Jones to have Editor access to a database and
all others accessing the database to have Author access, you must create
a Person document for Alan Jones. You can set up the database ACL to
include Alan Jones as an Editor and Anonymous as Author.
You can use name-and-password authentication with either TCP/IP or
SSL on any servers that run an Internet protocol — namely, LDAP, POP3,
HTTP, SMTP, IIOP, or IMAP. For each Internet protocol enabled on the
server, you can specify the method of security. For example, you might
42-1
enable client certificate authentication for HTTP connections but require
name-and-password security for LDAP connections that use TCP/IP. Or
you might use name-and-password security with anonymous and SSL
client authentication — for example, to allow users with SSL client
certificates to authenticate using SSL client authentication and to allow
other users to enter a name and password if they do not have an SSL
client certificate.
Note Name-and-password authentication is not supported when a
Domino server acts as an SMTP client — for example, when a Domino
server connects to an SMTP server to route mail. Name-and-password
security is supported only when a Domino server acts as an SMTP server
— that is, when SMTP clients access a Domino server.
If you are setting up name-and-password authentication for an HTTP
server, you have an additional method to use with name-and-password
authentication: session-based authentication. Name and password
authentication sends the name and password in unencrypted format and
is sent with each request. Session-based authentication differs in that the
user name and password is replaced by a cookie. The user’ name and
password is sent over the network only the first time the user logs in to a
server. Thereafter the cookie is used for authentication. Session-based
name-and-password authentication offers greater control over user
interaction than basic name-and-password authentication and lets you
customize the form in which users enter their name and password
information. It also allows users to log out of the session without closing
the browser.
Name-and-password authentication over non-SSL secured

connections
Use name-and-password authentication over non-SSL secured
connections to identify users without tightly securing access to data on
the server — for example, when you want to display different
information to different users based on the user name and when the
information in the database is not confidential. No information, including
the name and password, sent between the user and server is encrypted.
In this case, name-and-password authentication deters some types of
hackers but does not prevent others from listening to network
transmissions and guessing passwords.

Security
Name-and-password authentication over SSL
Using SSL, all information, including the name and password, is
encrypted. SSL provides confidentiality and data integrity for users set
up for name-and-password authentication. Requiring a name and
password in addition to SSL security provides security for users who do
not use client certificate authentication and allows you to identify
individual users who access a database.
For information on setting up an SSL server, see the chapter “Setting Up
SSL on a Domino Server.”
For information on setting up clients for SSL, see the chapter “Setting Up
Clients for S/MIME and SSL.”
Customizing name-and-password authentication

The Domino Web Server Application Programming Interface (DSAPI) is
a C API that you can use to write your own extensions to the Domino
Web Server. These extensions, or “filters,” let you customize the
authentication of Web users.
For more information on DSAPI and filters, see the Lotus C API Toolkit
for Domino and Notes. The toolkit is available at
www.lotus.com/techzone.
Setting up basic name-and-password authentication

To enable basic name-and-password authentication, for both TCP and
SSL, for all Internet protocols: Web (HTTP); IMAP; POP3; LDAP; SMTP
Inbound; and IIOP, you must complete three separate procedures:
• Create an Internet Site document for the Internet protocol for which
you want to require a name and password.
or
Edit the Server document to specify which Internet protocols require
a name and password.
• Create a Person document for each user in the Domino Directory on
the Domino server and assign an Internet password to each user.
• Edit server database ACLs to give users access.
To enable basic name-and-password authentication for Internet Site
documents
1. From the Domino Administrator, click Configuration - Web - Internet
Sites.
2. In the Internet Sites view, select the Internet Site document for which
you want to enable name-and-password authentication.
Setting Up Name-and-Password and Anonymous Access to Domino Servers 42-3

3. In the Internet Site document, click Security.
• If you want clients to use name-and-password authentication
when they connect using TCP/IP, select Yes in the Name &
password field in the TCP Authentication section.
• If you set up SSL on the server and you want clients to use
name-and-password authentication when they connect using SSL,
select Yes in the Name & password field in the SSL Authentication
section.
To enable basic name-and-password authentication in the Server

document
Server document.
2. Click Ports - Internet Ports. This displays four tabs: Web, Directory,
Mail, and IIOP. Each tab lists protocols appropriate for its name —
for example, the Web tab lists HTTP/HTTPS, and the Mail tab lists
IMAP, POP3, and SMTP.
3. Click the protocol for which you want to specify name-and-password
authentication. For each protocol, do the following:
• If you want clients to use name-and-password authentication
when they connect using TCP/IP, select Yes in the Name &
password field in the TCP/IP section.
• If you set up SSL on the server and you want clients to use
name-and-password authentication when they connect using SSL,
select Yes in the Name & password field in the SSL section.
Note If you want LDAP clients to access the server using
name-and-password authentication, you must also allow anonymous
access for LDAP on the server as well. LDAP clients who access the
server using a browser supply an e-mail address for authentication, and
the client searches for the address anonymously before Domino can
authenticate the user.
For information on setting up anonymous access, see the topic “Setting
up Internet/intranet clients for anonymous access” later in this chapter.
To create Person documents for Internet/intranet users

1. In the Domino Directory, create a Person document for each user
who needs to access the server. (You can also edit the Person
document of an existing user.)

Security
Note Users can also be created in secondary Domino directories or
external LDAP directories, if your server is configured to use them.
2. In each Person document, complete these fields, and then save the
document:
Field Action
First name, Middle Enter the user’s first name, middle initial, and last
initial, Last name name. The user’s last name is required.
User name (Required) Enter the user’s full name. This is the name
the user enters when trying to access a server.
This field can contain multiple names. However,
Domino uses the first name in this field to validate a
user in database ACLs, design access lists, groups, and
File Protection documents. For example, this field can
contain these names:
• Alan Jones/Sales/Acme
• Alan Jones
• Al Jones
• AJ
When prompted for his name and password, the user
can enter “Al Jones” as his name. However, Domino
uses “Alan Jones/Sales/Acme” to validate him in
database ACLs and design access lists. Therefore, the
name “Alan Jones” must be the one that appears in
ACLs and design access lists.
Note You should always use the user’s hierarchical
name — for example, Alan Jones/Acme/US — to help
eliminate ambiguous or duplicate user names.
Internet password (Required) Specify the user’s Internet password.
To edit database ACLs

After you edit the Server document and create Person documents, edit
the database ACL of each database to which you want to give users
access.
For more information on setting up a database ACL, see the chapter
“Controlling User Access to Domino Databases.”

Session-based name-and-password authentication for Web clients
To set up name-and-password authentication for Web clients who have
access to a Domino Web server, you can use one of two methods: basic
name-and-password authentication or session-based
name-and-password authentication. Session-based name-and-password
authentication includes additional functionality that is not available with
basic name-and-password authentication. A session is the time during
which a Web client is actively logged onto a server with a cookie. To
specify settings that enable and control session authentication, you edit
the Web Site document or the Server document, depending on your
configuration.
Furthermore, you have two selections for enabling session-based
authentication — single and multi-server selections. The single server
option causes the server to generate a cookie that is honored only by the
server that generated it, while the multi-server option generates a cookie
that allows single sign-on with any server that shares the Web SSO
configuration document.
To use session-based authentication, Web clients must use a browser that
supports cookies. Domino uses cookies to track user sessions.
Features of session-based name-and-password authentication

Name-and-password authentication sends the client’s name and
unencrypted password, and is sent with each request to the server.
Session-based authentication differs in that the client’s name and
encrypted password is stored in a cookie on the workstation. That
information is sent over the network only the first time the user logs in to
a server, not each time a request is posted. Using session-based
name-and-password authentication provides greater control over user
interaction than basic name-and-password authentication. For example,
you can customize the form in which users enter their name and
password information. It also allows users to log out of the session
without closing the browser.
Customized HTML log-in form

An HTML log-in form allows a user to enter a name and password and
then use that name and password for the entire user session. The browser
sends the name and password to the server using the server’s character
set. For HTTP session authentication, a user can enter a name, using any
printable characters in Unicode. The user password, however, must be
entered in any printable characters in US-ASCII.
Note Printable characters excludes control characters.

Security
Domino provides a default HTML form — ($$LoginUserForm), which is
provided and configured in the Domino Configuration database
(DOMCFG.NSF). You can customize the form or create your own to
contain additional information.
Default logout time period

You can specify a default logout time period to log the Web client off the
server after a specified period of inactivity. This forces the cookie that
Domino uses to track the user session to expire. Automatically logging a
user off the server prevents others from using the Web client to
impersonate a user if the user leaves the workstation before logging off.
If you enable session-based name-and-password authentication for a
server, users can also append ?logout at the end of a URL to log off a
session — for example:
http://acmeserver/sessions.nsf?logout.
You can also redirect the logout to a design element or URL. For
example:
http://acmeserver/sessions.nsf?logout&redirectto=/logoutDB.nsf/
logoutApp?OpenPage
http://acmeserver/sessions.nsf?logout&redirectto=http://www.
sales.com
You can build this expression into an application — for example, using it
in a button — or type it in as a URL.
Maximum user sessions

You can specify the maximum number of concurrent user sessions
allowed on the server for single-server session-based authentication only.
If server performance is slow, you can reduce this number.
Internet password management

Domino 6 provides features for managing Internet passwords for
session-based authentication.
Multi-server session-based authentication

Multi-server session-based authentication, also known as single sign-on,
allows Domino cookies to span servers. It also allows Domino and
Websphere servers to interoperate and share cookies.
Note If your servers are set up for round-robin DNS, you should use the
multi-server (or single sign-on) option for session-based
name-and-password authentication. Servers cannot store the session
information in memory when using round-robin DNS with the single
server cookie. In addition, if a server is restarted or crashes, session

information is lost, and then users must re-enter their names and
passwords. This will not occur with the multi-server session
authentication option.
Setting up session-based name-and-password authentication

To set up single-server session-based name-and-password authentication
for Web clients, you must complete three procedures:
• Create a Web site document and enable it for session-based
name-and-password authentication.
or
Edit the Server document to require session authentication for Web
clients.
• Create a Person document for each Web client who will use
session-based name-and-password authentication.
• Edit the database ACLs to give users access.
To enable single-server session-based authentication for Web Site
documents
Sites.
2. In the Internet Sites view, select the Web Site document for which
you want to enable session authentication.
3. In the Web Site document, click Domino Web Engine.
4. In the HTTP Sessions section, complete these fields:
Field Action
Session authentication Select single server. This is disabled by default.
Idle session timeout Enter a default time period to log an inactive Web
client off the server. Default is 30 minutes.
Maximum active Enter the maximum number of user sessions
sessions allowed on the server at the same time. Default is
1000.
5. Click Security, and enable name-and-password authentication for the

TCP and for SSL (if using SSL).
To edit the Server document for single-server session-based

name-and-password authentication
Server document.
2. Click Internet Protocols - Domino Web Engine.

Security
Field Action
Session authentication Select single server. This is disabled by default.
Idle session timeout A default time period to log an inactive Web client
off the server. Default is 30 minutes.
Maximum active The maximum number of user sessions allowed on
sessions the server at the same time. Default is 1000.
4. Click Ports - Internet Ports - Web, and enable name-and-password

authentication for the TCP/IP port and for the SSL port (if using
SSL).
5. Save and close the Server document.
To create Person documents for Web users

1. In the Domino Directory, create a Person document for each Web
user who needs to access the server. (You can also edit the Person
document of an existing user.)
2. In each Person document, complete these fields, and then save the
document:
Field Action
First name, Middle Enter the user’s first name, middle initial, and last
initial, Last name name. The user’s last name is required.
User name (Required) Enter the user’s full name. This is the name
the user enters when trying to access a server.
This field can contain multiple names. However,
Domino uses the first name in this field to validate a
user in database ACLs, design access lists, groups, and
File Protection documents. For example, this field can
contain these names:
• Alan Jones/Sales/Acme
• Alan Jones
• Al Jones
• AJ
When prompted for his name and password, the user
can enter “Al Jones” as his name. However, Domino
uses “Alan Jones/Sales/Acme” to validate him in
database ACLs and design access lists. Therefore, the
name “Alan Jones” must be the one that appears in
ACLs and design access lists.
Note You should always use the user’s hierarchical
name — for example, Alan Jones/Acme/US — to help
eliminate ambiguous or duplicate user names.
Internet password (Required) Specify the user’s Internet password.

To edit database ACLs
After you edit the Server document and create Person documents, edit
the database ACL of each database to which you want to give users
access.
For more information on setting up a database ACL, see the chapter
“Controlling User Access to Domino Databases.”
Customizing the HTML log-in form

Note The terms log-in and sign-in are used interchangeably.
Domino provides a default HTML log-in form to allow a user to enter a
name and password, and then use that name and password for the entire
user session. The Web browser sends the user’s name and password to
the server using the server’s character set. Therefore, a user can enter a
name and password in a character set other than ASCII or Latin-1.
The available set of characters to use for user name are different for basic
authentication and session-based authentication.
Authentication type User name Password

Basic authentication Any printable characters in Any printable characters in
ISO-8859-1 US-ASCII
HTTP session Any printable characters in Any printable characters in
authentication Unicode US-ASCII
This form is created and configured in the Domino Web Server

Configuration database (DOMCFG.NSF). You can customize the form to
contain additional information. To do this, the Domino Web server must
be set up.
For more information on setting up the Web server, see the chapter
“Setting Up the Domino Web Server.”
To create and use a custom sign-in form, you must complete these
procedures:
• Create the Domino Web Server Configuration database. If you do not
create the database, Domino uses a generic log-in form.
• Create a custom form.
• Specify the custom form as the sign-in form. If the Domino Web
Server Configuration database exists on the Web server but you have
not created and specified a custom sign-in form, Domino uses the
form $$LoginUserForm.

Security
To create the Domino Web Server Configuration database
(DOMCFG.NSF)
1. Open the Notes client and choose File - Database - New.
2. Enter the name of the Web server in the Server field.
3. Select the Domino Web Server Configuration template
(DOMCFG5.NTF).
4. Enter a title for the database and name the database DOMCFG.NSF.
Note The name of the database is not optional, because the Web
server has this name incorporated into its code. The name of the
database must be DOMCFG.NSF.
5. Click OK.
6. Add an entry named Anonymous to the database ACL, and give the
entry Reader access.
To create a custom form
The simplest way to create a custom log-in form is to modify a copy of
$$LoginUserForm, the example log-in form provided in the Domino
Configuration database. You can also create a new log-in form. You must
have the Domino Designer 6 client to create and edit forms.
1. In the Domino Designer client, open the Domino Configuration
database (DOMCFG.NSF).
2. Choose View - Design.
• To create a custom form using $$LoginUserForm, make a copy of
$$LoginUserForm, then double-click the copy to open it. (You can
rename the copy if necessary — for example, CustomLoginForm.)
• Click New Form to create a new form.
4. When you finish designing the custom form, save and close it.
To specify the custom form as the log-in form
1. In the Notes client, open the Domino Configuration database
(DOMCFG.NSF) and open the Sign In Form Mappings view.
2. Click Add Mapping.
3. Under Site Information, choose one:
• All Web Sites/Entire Server — to use the custom log-in form for
all Web Sites on the server, or for the entire Web server.
• Specific Web Sites/Virtual Servers — to map the custom log-in
form to specific Web Site documents or Virtual Servers. If you
choose this option, a new field appears, in which you specify the
IP addresses of the Web Site documents or Virtual Servers

4. (Optional) Enter a comment.
5. Enter the file name of the database that contains the custom form.
This should be DOMCFG.NSF unless you store the custom form in a
different database.
6. Enter the name of the custom log-in form.
7. Save and close the document.
Configuring error messages

You can enable session-based Web authentication to return error
messages for log-in failures and session time-outs. This is accomplished
by configuring two fields on your custom login form — the reasontext
and reasontype fields. DOMCFG.NTF includes these two fields in the
default form provided, $$LoginUserForm. (To obtain the changes, you
must refresh or replace the design of DOMCFG.NSF with the most
current DOMCFG5.NTF).
The four cases that cause the Login form to appear are encoded in the
field “reasontype” and include:
• Prompt for the user to log in, at which no error message will display.
• “User Name, you are not authorized to access application.nsf. Please
sign in with a name which has sufficient access rights.” The user is
authenticated with correct credentials for the server but is not
authorized to the database or file, for example.
• “You provided an Invalid username or password. Please sign in
again.” The user has given an incorrect name or password.
• “Your connection has expired. Please sign in again.” This occurs
when the browser has not sent a request to the server in the given
amount of time as configured in the server document (default=30
minutes). If the session times out, they will lose what hasn’t been
saved. Administrators should lengthen the server’s session timeout,
if this occurs frequently, to the length of a workday.
Multi-server session-based name-and-password authentication for

Web users (single sign-on)
Multi-server session-based authentication, also known as single sign-on
(SSO), allows Web users to log in once to a Domino or WebSphere server,
and then access any other Domino or WebSphere servers in the same
DNS domain that are enabled for single sign-on (SSO) without having to
log in again.

Security
User Web browsers must have cookies enabled since the authentication
token that is generated by the server is sent to the browser in a cookie.
You set this up by doing one of the following:
• Creating a domain-wide configuration document — the Web SSO
Configuration document — in the Domino Directory. (You can have
multiple Web SSO Configuration documents in a Domino Domain or
directory.)
• Enabling the “Multi-server” option for session-based authentication
in the Web Site or in the Server document.
You can enable single sign-on across multiple Domino domains. See the
topic “Setting up the Web SSO Configuration document for more than
one Domino domain” later in this chapter.
Checklist for enabling single sign-on

The SSO feature makes logging in and using multiple servers in a mixed
environment easier for users. Use the following list to configure your
Domino environment to ensure that your SSO configuration is successful.
General issues
• URLs issued to servers configured for single sign-on must specify the
full DNS server name, not the host name or IP address. For browsers
to be able to send cookies to a group of servers, the DNS domain
must be included in the cookie, and the DNS domain in the cookie
must match the server URL. This is why cookies cannot be used
across TCP/IP domains.
• Clustered servers must have the full DNS server name in the host
name field of the Web Site or Server document. This enables the
Internet Cluster Manager (ICM) to redirect to cluster members using
SSO. If the DNS server host name is not there, ICM will redirect
URLs to clustered Web servers with only the TCP/IP host name, by
default, and will not be able to send the cookie because the DNS
domain is not included in the URL.
WebSphere issues
• WebSphere and Domino should both be configured for the same
LDAP directory. The authentication token used for SSO stores the
full Distinguished Name of the user (DN) — for example, cn=john
smith,ou=sales, o=ibm, c=us. To set up LDAP for SSO, set up
Directory Assistance in Domino and configure it to point to an LDAP
server that the WebSphere server uses. Or, load LDAP on the
Domino Directory and configure WebSphere to use the Domino
LDAP server.

• If the group of servers participating in single sign-on includes
WebSphere servers that use a Domino LDAP directory, users with
flat names in that directory cannot use SSO (if the participating
servers are all Domino, then SSO will work with flat user names).
Creating a Web SSO configuration document

The Web SSO configuration document is a domain-wide configuration
document stored in the Domino Directory. This document, which should
be replicated to all servers participating in the single sign-on domain, is
encrypted for participating servers and administrators, and contains a
shared secret key used by servers for authenticating user credentials.
To create a Web SSO configuration document if you are using

Internet Sites
You should have already created a Web Site document, and enabled the
use of Internet Site documents in the Server document.
Also be sure that your client location document has the home/mail
server set to a server in the same domain as the servers participating in
SSO. This ensures that all public keys for participating server can be
found when the SSO document is encrypted.
1. In the Domino Administrator, click Files, and open the server’s
Address Book (NAMES.NSF).
2. Select the Internet Sites view.
3. Click Create Web SSO Configuration.
4. In the document, click Keys.
5. Initialize the Web SSO Configuration with the shared secret key in
one of two ways:
• Choose Domino only (no WebSphere servers participating in
single sign-on), and then select “Create Domino SSO Key.”
• Choose Domino and WebSphere (single sign-on with WebSphere),
and then do the following:
a. Select “Import WebSphere LTPA Keys.”
b. Browse and select the WebSphere LTPA export file. (See
WebSphere documentation for details about generating
ltpatoken keys).
c. Enter the password (specified when generating the keys in
WebSphere). The document is updated to reflect the
information in the export file.

Security
6. Complete the rest of the document as follows:
Field Action
Configuration Enter the name of the SSO configuration.
Name Note If the single sign-on configuration includes both
Domino 6 and Release 5.0x servers, the Configuration
Name must be LtpaToken, as Release 5.0x servers only
work with this configuration name.
Organization (Required) Enter the name of the organization. This
Name must match the organization name for the
corresponding Web site. The SSO document will then
appear in the Internet sites view, along with the Web
Sites documents.
DNS Domain (Required) Enter the DNS domain (for example —
lotus.com) for which the tokens will be generated. The
servers enabled for single sign-on must all belong to the
same DNS domain.
Domino Server Enter the names of the servers that will be participating
Names in single sign-on (for example — server1/acme,
server2/acme). This document will be encrypted for the
creator of the document, the members of the Owners
and Administrators fields, and the servers specified in
the Domino Server Names field.
Groups, wildcards, and the names of WebSphere servers
are not allowed in this field. Only Domino servers can
be listed as participating servers in the Server Names
field.
Note There is a 64K-size limit on this field. An error
message appears when the limit is reached, such as
when the names of several hundreds of servers are
entered. It is recommended that you create more than
one Web SSO Document if this limit is reached.
Expiration Specify the time period, in minutes, for which the token
(minutes) will be valid. This time period begins at the time the
token is issued. The token is valid for only the number
of minutes specified; it does not expire based on
inactivity. Default is 30 minutes.
7. Save the Web SSO Configuration document. A message on the status

bar indicates the number of servers/people for whom the document
was encrypted. The document(s) will appear in the Internet Sites
view.

To create a Web SSO configuration document if you are using the
Web Server Configurations view
Use this procedure to create a Web SSO configuration document if your
server is a Release 5.0x server, or if you are using Domino 6 but you do
not use Web Site documents to manage your Web sites.
1. In the Domino Administrator, click Files, and open the server’s
Address Book (NAMES.NSF).
2. Select the Servers view.
3. Click Create Web SSO Configuration.
4. In the Web SSO Configuration document, click Keys.
5. Initialize the Web SSO Configuration with the shared secret key in
one of two ways:
• Choose Domino only (no WebSphere servers participating in
single sign-on), and then select “Create Domino SSO Key.”
• Choose Domino and WebSphere (single sign-on with WebSphere),
and then do the following:
a. Select “Import WebSphere LTPA Keys.”
b. Browse and select the WebSphere LTPA export file. (See
WebSphere documentation for details about generating ltpatoken
keys).
c. Enter the password (specified when generating the keys in
WebSphere). The document is updated to reflect the information
in the export file.
6. Complete the rest of the document as follows:
Field Action
Configuration Enter the name of the SSO configuration.
Name Note If the single sign-on configuration includes both
Domino 6 and Release 5.0x servers, the Configuration
Name must be LtpaToken, as Release 5.0x servers only
work with this configuration name.
Organization Leave this field blank, and this document will appear in
Name the Web Configurations view.
DNS Domain (Required) Enter the DNS domain (for example, lotus.com)
for which the tokens will be generated. The servers
enabled for single sign-on must all belong to the same
DNS domain.
continued

Security
Field Action
Domino Server Enter the names of the servers that will be participating in
Names single sign-on (for example — server1/acme,
server2/acme). This document will be encrypted for the
creator of the document, the members of the Owners and
Administrators fields, and the servers specified in the
Domino Server Names field.
Note Groups, wildcards, and the names of WebSphere
servers are not allowed in this field. Only Domino Servers
can be listed as participating servers in the Server Names
field.
Expiration Specify the time period, in minutes, for which the token
(minutes) will be valid. This time period begins at the time the token
is issued. The token is valid for only the number of
minutes specified; it does not expire based on inactivity.
Default is 30 minutes.
7. Save the Web SSO Configuration document. A message on the status

bar indicates the number of servers/people for whom the document
was encrypted. The document(s) will appear in the Internet Sites
View.
Note If you receive messages on the client indicating that a
particular key was not found for encrypting the document, you may
have to change your client’s location document to point to a different
mail/directory server that will have all the public keys included in
server and person documents.
Enabling single sign-on and basic authentication

This procedure creates single sign-on cookies for your server that can be
used successfully on other participating servers.
To enable single sign-on and basic authentication for a Web Site

Use this procedure to enable single sign-on for Domino 6 servers
configured with Web Site documents.
1. In the Domino Administrator, click Configuration - Web - Internet
Sites.
2. Open the Web Site document for which you want to enable single
sign-on.
3. Click Domino Web Engine.
4. In Session authentication, select “Multiple Servers (SSO).”
5. In the Web SSO Configuration field, select the Web SSO
Configuration for this Web Site from the drop-down list.

6. Click Security. For both TCP and SSL authentication, enable Name &
Password.
7. Save and close the Web Site document.
8. At the server console, start the HTTP process by typing:
load HTTP
If the HTTP process is already running, type:

tell HTTP restart
Note If something is wrong with the configuration, the browser will

receive an Error 500 message stating that single sign-on is not configured.
To enable single sign-on and basic authentication in the Server

document
Use this procedure to enable single sign-on for Domino Release 5.0x
servers, or for Domino 6 servers not configured with Web Site
documents.
1. Open the Server document.
2. Click Ports - Internet Ports - Web, and enable Name-and-password
authentication for the Web (HTTP/HTTPS) port.
3. Click Internet Protocols - Domino Web Engine, and select Multiple
Servers (SSO) in the Session authentication field.
Note The “Idle session timeout” and “Maximum active sessions”
fields will be disabled.
4. In the Web SSO Configuration field, select the Web SSO
Configuration for this server from the drop-down list.
5. Save and close the Server document.
Setting up the Web SSO Configuration document for more than one
Domino domain
This procedure lets you enable servers in other domains for SSO with
servers in your current domain, by setting up both domains to use the
same key information. Two conditions must exist in order to do this:
• You must be a registered Notes user and your server must be a
registered server. This gives you and the server the rights to decrypt
the Web SSO Configuration document in your current domain, and
the right to create documents in the Domino Directory for the new
domain.

Security
• The server document and the administrator’s person document must
exist in the domain for which you will be creating the Web SSO
Configuration, as the public keys that are used for encryption and
decryption are stored in each registered person and server
document.
To set up the Web SSO Configuration document for more than one
Domino domain
1. Copy the Web SSO Configuration document from the Domino
Directory in which it was created, and paste it into the Domino
Directory in the new domain.
2. Open the Web SSO Configuration document for the new domain and
edit the “Participating Domino Servers” field to include only those
servers with server documents in the new domain that will be
enabled for single sign-on.
3. The client must be able to find server documents for the participating
single sign-on servers. Make sure that the home server specified in
your client’s location document is pointing to a server in the same
domain as those servers participating in single sign-on, so that
lookups will be able to find the public keys of the servers. If the
home server cannot find participating servers, then the SSO
document cannot be encrypted and SSO will fail.
4. Save the document. It is encrypted for the participating servers in the
new domain, and should enable those servers in the new domain to
participate in single sign-on with servers in the current domain.
Controlling the level of authentication for Internet clients

You can select the level of restriction Domino uses when authenticating
users in Domino Directories and LDAP directories. This applies to all
Internet protocols (HTTP, LDAP, IMAP, POP3). Using this setting makes
servers less vulnerable to security attacks by refining how Domino
searches for names and authenticates Internet clients. Domino also uses
this setting when a Java applet hosted on a Domino server authenticates
users with the Domino IIOP protocol.
Fewer name variations with higher security

The option “Fewer name variations with higher security” is the default
setting and is recommended for tighter security. This authentication
method is less vulnerable to attacks because a single authentication
attempt does not produce as many matches, lessening the likelihood that

a guessed password matches. It requires users to enter only the following
in the name-and-password dialog box in a Web browser or other Internet
client:
Domino Directory authentication LDAP Directory authentication

Full hierarchical name DN
Common name or Common name with CN= CN or CN with CN=prefix
prefix
Not applicable UID or UID with UID= prefix
Alias name (a name listed in the User name field Not applicable
of the Person document, excluding the first
name listed in the field)
Internet address (user’s e-mail address as listed Mail
in the Internet address field in the user’s Person
document)
More name variations with lower security

Domino tries to authenticate users based on the name and password
entered. This authentication method can be vulnerable to hackers who
guess names and passwords in an attempt to use a legitimate user
account to access a server. This option allows users to enter any of the
following in the name and password dialog box in a Web browser:
Domino Directory authentication LDAP Directory authentication

Last name Surname
First name Givenname
Common name or Common name with Common name (CN) or CN
cn=prefix with CN=prefix
Full hierarchical name (canonical) DN
Full hierarchical name (abbreviated) DN
Short name UID or UID with UID=prefix
Alias name (a name listed in the User name field Not applicable
of the Person document, excluding the first
name listed in the field)
Soundex number Not applicable
Internet address (user’s e-mail address as listed Mail
in the Internet address field in the user’s Person
document)

Security
To select the level of authentication for Internet clients
Server document.
2. Click Security.
3. In the Internet Access section, choose one of the following in the
Internet Authentication field:
• Fewer name variations with higher security (default).
• More name variations with lower security.
See the topic “Examples of names allowed for Internet client
authentication” later in this chapter.
Note The Domino Web Server Application Programming Interface
(DSAPI) is a C API tool that lets you write your own extensions to the
Domino Web server. These extensions, or filters, let you customize the
authentication of Web users. For more information on DSAPI and filters,
see the current Lotus C API Toolkit for Domino and Notes, which is
available at www.lotus.com/techzone.
Examples of names allowed for Internet client authentication

More name variations with lower security
Using the More name variations authentication level, Alan
Jones/Sales/East/Acme can enter the following names when using a
browser to authenticate with a Domino Directory:
Example Description
Alan Jones Common name
Alan First name
Jones Last name
Ajones Short name
Alan Jones/Sales/East/Acme/US Full hierarchical name
(abbreviated)
cn=Alan Jones/ou=East/ou=Sales/o=Acme/c=us Full hierarchical name
(canonical)
cn=Alan Jones Common name with
CN=prefix
alan_jones@acme.com Internet (e-mail) address

If you want to authenticate Alan in an LDAP Directory, he can use a
browser to enter the following names:
Example Description
Alan Givenname
Jones Surname
Ajones UID
cn=Alan Jones, cn=recipients, ou=Sales, Full hierarchical name (canonical)
ou=East, o=Acme, c=us (valid for a
Microsoft Exchange server)
cn=Alan Jones (valid for Domino Common name with CN=prefix
Directory)
uid=ajones, ou=Sales, ou=East, o=Acme, Full hierarchical name (canonical)
c=us (valid for a Netscape Directory
Server)
uid=ajones (valid for Netscape Directory UID with UID=prefix
Server)
Alan Jones/Sales/East/Acme/US Full hierarchical name (abbreviated)
alan_jones@acme.com LDAP mail attribute
Fewer name variations with higher security

Using the Fewer name variations authentication level, Alan
Jones/Sales/East/Acme can enter only the following names when using
a browser to authenticate with a Domino Directory:
Example Description
Alan Jones/Sales/East/Acme Full hierarchical name (abbreviated)
CN=Alan Jones Common name with CN= prefix
cn=Alan Jones/ou=East/ou=Sales/o= Full hierarchical name (canonical)
Acme/c=us
alan_jones@acme.com Internet (e-mail) address

Security
If you want to authenticate Alan in an LDAP Directory, he can use a
browser to enter the following names:
Example Description
AJones UID
Alan Jones CN
cn=Alan Jones, cn=recipients, ou=Sales, ou=East, DN
o=Acme, c=us (valid for a Microsoft Exchange server)
cn=Alan Jones (valid for a Domino Directory) CN with CN=prefix
uid=ajones, ou=Sales, ou=East, o=Acme, c=us (valid DN
for a Netscape Directory Server)
uid=Ajones (valid for a Netscape Directory Server) UID with UID= prefix
alan_jones@acme.com LDAP mail attribute
Authenticating Internet name-and-password clients in secondary

Domino and LDAP directories
When an Internet client authenticates with a server, by default the server
checks the primary Domino Directory to see if it can find a Person
document with a name and password that match those entered by the
Internet client. If your organization uses a secondary Domino Directory
and/or an LDAP directory to verify Internet clients who use
name-and-password authentication, you can set up Domino to check
those additional directories. To do so, you set up the secondary Domino
Directories and LDAP directories as trusted domains in the Directory
Assistance database.
When you mark domains as trusted, Domino first searches the primary
Domino Directory for the user name and password and then searches the
trusted secondary Domino Directories and LDAP directories. When you
set up directory assistance, you specify the order in which Domino
searches the secondary directories.
The hierarchical name returned by the Domino Directory or LDAP
directory is checked against the trusted rule in the Directory Assistance
database to verify that the organization and organizational units match
the specified rule. For example, if the user name returned is Dave
Lawson/Acme, the Directory Assistance document must include the rule
*/Acme.
Searching multiple directories is also available for authenticating users
with SSL client authentication.
Note For Domino R5.x and earlier, searching multiple directories is only
used by the HTTP protocol and not the other Internet protocols.

Managing Internet passwords
To manage the Internet passwords that you assign to users who have
person documents in the Domino Directory, use a security settings policy
document. You can manage Internet password quality and length, as
well as allow users to change their Internet passwords using a Web
browser, and control expiration period and change intervals.
You can force users to change their Internet password on the next login
through a setting in the Person document.
Note In order to allow users to change their Internet passwords through
a browser, you must have session authentication enabled for your server.
You can also synchronize a user Internet password stored in the Person
record in the Domino Directory with the user’s Notes password. This
means that users can use the same password to log in to a Domino server
through the Notes client and a Web browser. You can synchronize Notes
and Internet passwords for individual users during user registration, or
you can enable Notes-Internet password synchronization for multiple
users on a server through the use of a security settings policy document.
When a user changes their Notes password, the Internet password is
eventually changed, as well.
For more information on using a security settings policy document to
manage Notes and Internet passwords, see the chapter “Using Policies.”
For more information on changing password settings in the Person
document, see the chapter “Protecting and Managing Notes IDs.”
Providing additional security for Internet passwords

When you enter an Internet password and save the Person document,
Domino automatically one-way encrypts the Internet password field. To
improve password security for users who access Domino 4.6 or higher
servers, use the more secure password format.
You can upgrade the password format for Person documents that
already exist or automatically use the more secure password format for
all Person documents that you create.
For existing Person documents

1. From the Domino Administrator, click People & Groups, and select
the Person documents that you want to upgrade to a more secure
password format.
2. Choose Actions - Upgrade to More Secure Internet Password Format.
3. Click Yes.

Security
For new Person documents
1. From the Domino Administrator, click Configuration, and select All
Server Documents.
2. Choose Actions - Edit Directory Profile.
3. Select Yes in the “Use more secure Internet passwords” field.
Anonymous Internet/intranet access

When you set up anonymous access, Internet/intranet clients can access
servers without identifying themselves. Domino does not record these
clients’ database activity — for example, in the log file and in the User
Activity dialog box.
With anonymous access, you never know who is accessing databases on
the server. Therefore, you cannot use the client’s identity — that is, the
client’s name and password — to control access to databases and design
elements. Use anonymous access when you do not need to know who is
accessing the database and/or when you do not need to control access
based on client identity.
You can use anonymous access with TCP/IP and/or SSL on any server
that runs LDAP, HTTP, SMTP, or IIOP. For each Internet protocol
enabled on the server, you can specify the method of security. For
example, you can enable SSL for HTTP connections, but require
name-and-password authentication for LDAP connections that use
TCP/IP.
In addition to using anonymous access, you can enable
name-and-password authentication and SSL client authentication. Then
users can use any authentication method to connect to the server. For
example, if the user has an SSL client certificate, the user can access the
server using SSL; whereas a user who does not have an SSL client
certificate can access the server anonymously.
For more information on how Domino validates and authenticates users
when anonymous, SSL client authentication, and name-and-password
authentication are set up on a server, see the topic “Validation and
authentication for Internet/intranet clients” later in this chapter.

Setting up Internet/intranet clients for anonymous access
To set up Internet/intranet clients for anonymous access, you either set
up the Internet Site or the server for anonymous access, and then set up
database ACLs to include the entry “Anonymous.” The anonymous
setting in the Internet Site document (or Server document) overrides
individual database ACLs for anonymous users — for example, if the
database ACL includes an Anonymous entry but the setting in the
Internet Site document does not allow anonymous access to the server,
clients do not have anonymous access. If you do not allow anonymous
access and a user tries to access the server anonymously, the user is
prompted to authenticate.
Tip For strategic databases on the Domino server — such as the
Domino Directory — set Anonymous to No Access.
To enable anonymous access for Internet/intranet clients in Internet

Site documents
Sites.
2. In the Internet Sites view, select the Internet Site document for which
you want to enable anonymous access.
Note You cannot enable anonymous access for IMAP and POP3
Internet Site documents.
3. In the Internet Site document, click Security.
• If you want to allow clients to use anonymous access when they
connect using TCP, select Yes in the Anonymous field in the TCP
Authentication section.
• If you set up SSL on the server and you want to allow clients to
use anonymous access when they connect using SSL, select Yes in
the Anonymous field in the SSL Authentication section.
To enable anonymous access for Internet/intranet clients in the

Server document
Server document.
2. Click Ports - Internet Ports. This displays four tabs: Web, Directory,
Mail, and IIOP. Each tab lists protocols appropriate for its name —
for example, the Web tab lists HTTP/HTTPS and the Mail tab lists
IMAP, POP, and SMTP.

Security
3. Click the tab that lists the protocol for which you want to allow
anonymous access. For each protocol, do the following:
• If you want to allow clients anonymous access when they connect
using TCP/IP, select Yes in the Anonymous field in the TCP/IP
section.
• If you set up SSL on the server and you want to allow clients
anonymous access when they connect using SSL, select Yes in the
Anonymous field in the SSL section.
5. Restart the Internet protocol that you modified.
To edit database ACLs for anonymous access

In the ACL of each database on the server for which you want to enable
anonymous access, do the following:
1. Create an entry named Anonymous. If you don’t add Anonymous as
an entry in the ACL, users and servers who access the server
anonymously get -Default- access.
2. Assign the appropriate access level — typically Reader access.
3. Leave user type set to Unspecified.
For more information on database ACLs, see the chapter “Controlling
User Access to Domino Databases.”
For information on setting up SSL on a server, see the chapter “Setting
Up SSL on a Domino Server.”
Validation and authentication for Internet/intranet clients

After you set up name-and-password access and create Person
documents for Internet/intranet users, Domino authenticates users
when:
• They attempt to do something for which access is restricted.
• Anonymous access is not allowed on the server.
For example, when a user tries to open a database that has an ACL with
No Access as the -Default-, Domino challenges the user for a valid user
name and password. Authentication succeeds only if the user provides a
name and password that matches the name and password stored in the
user’s Person document and if the database ACL gives access to that
user. Anonymous users are not authenticated.

You can use name-and-password and anonymous access with TCP/IP
and SSL. Name-and-password and anonymous access with TCP/IP are
described below.
This section also applies to Web clients who are accessing a Domino Web
server for which session authentication has been enabled.
Note The Domino Web Server Application Programming Interface
(DSAPI) is a C API that you use to write extensions to the Domino Web
server. Using these extensions, or filters, you can customize the
authentication of Web users. For more information on DSAPI, see the
Lotus C API Toolkit for Domino and Notes. The toolkit is available at
www.lotus.com/techzone.
How validation and authentication works

This example describes how a client (Andrew) uses TCP/IP to connect to
a server (Mail-E).
1. Andrew tries to access a database on Mail-E.
2. The server checks the Internet Site document (or Server document) to
determine if anonymous access is enabled for TCP/IP. If it is, then:
a. The server checks the database ACL for an entry named
Anonymous. If Anonymous exists and the level of access for
Anonymous is Reader or higher, then Andrew will access the
database anonymously.
b. If the ACL does not contain an entry named Anonymous, the
server checks the -Default- access in the database ACL. If the
-Default- access is Reader or higher, Andrew accesses the
database anonymously using the -Default- access level.
3. If anonymous access is disabled for the protocol or if the database
ACL does not allow anonymous access, then the server checks the
Internet Site (or Server document) to determine if
name-and-password access is enabled for TCP/IP. If
name-and-password access is enabled, then:
a. The server prompts Andrew for his user name and password.
b. The server looks up the user name that Andrew entered in the
browser. The server uses either “More name variations with
lower security” or “Fewer name variations” with higher security
as the lookup mechanism to search all directories for the name
entered.

Security
c. If a match is found for the user name Andrew entered, and the
password that Andrew entered matches the password in the
Internet password field of his Person document, then Andrew
will be authenticated. The server checks the primary Domino
Directory for the Person document. The server also checks
secondary Domino Directories and LDAP directories if it is
configured to search secondary Domino Directories and LDAP
directories.
Note When Domino authenticates an Internet user, it uses the
“distinguished name,” which is the first name that appears in the
Full Name field of a Person document. This name should be used
in entries for groups, delegated server administration, database
ACLs, and file protection documents.
d. Next, the server compiles a “grouplist,” which contains
Andrew’s distinguished name, plus any wildcard entries and any
groups of which he is a member on that server.
e. The server then checks the database ACL to determine if
Andrew’s name is listed explicitly on the ACL, or if any of the
grouplist entries for his name appear in the ACL.
f. If Andrew’s distinguished name, or the name of any group of
which is a member, matches an entry in the ACL, then Andrew
gets access to the database using the access level specified for
that entry in the ACL. Otherwise, he is denied access.

Security
Chapter 43
Encryption and Electronic Signatures
This chapter describes how to use encryption to secure messages and

how to use digital signatures to verify the author of the message.
Encryption
Encryption protects data from unauthorized access. Using Notes and
Domino, you can encrypt:
• Messages sent to other users. Then an unauthorized user cannot read
the message while it is in transit. You can also encrypt saved and
incoming messages.
• Network ports. Encrypting information sent between a Notes
workstation and a Domino server, or between two Domino servers,
prevents unauthorized users from reading the data while it is in
transit.
• SSL transactions. You can use SSL to encrypt information sent
between an Internet client, such as a Notes client, and an Internet
server, to prevent unauthorized users from reading the data while it
is in transit.
• Fields, documents, and databases. Application developers can
encrypt fields within a document, an entire document, and local
databases. Then only the specified users can read the information.
For information on SSL encryption, see the chapter “Setting Up SSL on a
Domino Server.”
For information on field, document, and database encryption, see the
Public and private keys

For all types of encryption except network port encryption, Domino uses
public and private keys so that data encrypted by one of the keys can be
decrypted only by the other. The public and private keys are
mathematically related and uniquely identify the user. Both are stored in
the ID file. Within the ID file, the public key is stored in a certificate, but
the private key is stored separately from the certificate. The certificate
43-1
containing the public key is also stored in the Domino Directory, where it
is available to other users.
Domino uses two types of public and private keys — Notes and Internet.
You use the Notes public key to encrypt fields, documents, databases,
and messages sent to other Notes users, while the Notes private key is
used for decryption. Similarly, you use the Internet public key for
S/MIME encryption and the Internet private key for S/MIME
decryption. For both Notes and Internet key pairs, electronic signatures
are created with private keys and verified with public keys.
You can use one set of Internet public and private keys or you can set up
Notes to use a set of Internet keys for S/MIME signatures and SSL and
another set for S/MIME encryption.
For information on dual Internet certificates, see the chapter “Setting Up
When you register a user, Domino automatically creates a Notes
certificate, which contains the user’s public keys, and adds it to the ID file
and the Domino Directory. The private key is created and stored in the
ID file. You can also create Internet public and private keys after user
registration. Domino stores Internet certificates, which contain public
keys, in the ID file and also in the Domino Directory. The Internet private
key is stored in the ID file, separately from the certificate.
To create Notes public and private keys, Domino uses the dual-key RSA
Cryptosystem and the RC2 and RC4 algorithms for encryption. To create
the Internet public key, Domino uses the x.509 certificate format, which is
an industry-standard format that many applications, including Domino,
understand.
Both the Notes client and Domino server support 1024-bit RSA key and
128-bit symmetric key for S/MIME and SSL. The Notes proprietary
protocols use a 630-bit key for key exchange, and a 64-bit symmetric key.
Encryption strength
All Notes IDs contain two public/private key pairs. Prior to 5.0.4, key
lengths were restricted for the purposes of encrypting data, but not for
authentication or signing. Anything over 512-bit RSA key and 56-bit
symmetric key was considered strong encryption and was not allowed
for export by the U.S. Government. Customers were required to order
and choose among kits of different cryptographic strengths.
With the relaxation of US government regulations on the export of
cryptography, the Domino server and the Domino Administrator,
Domino Designer, and Lotus Notes client products have consolidated all
previous encryption strengths — North American, International, and

Security
France — into one strong encryption level resulting in a single “Global”
release of the products. The Global release adopts the encryption
characteristics previously known as North American. Strong encryption
in Global products can be used worldwide, except in countries whose
import laws prohibit it, or except in those countries to which the export
of goods and services is prohibited by the U.S. government. Customers
are no longer required to order Notes software according to
cryptographic strength.
When you upgrade to a Global release of Domino and Notes, stronger
cryptography will be used without a requirement to reissue existing IDs.
These changes are seamless to users as well as administrators. When two
different versions of software are communicating, the encryption
negotiation will result in a step-down to the weaker level. Therefore, the
full benefits of stronger encryption will only be realized when all
software has been upgraded to the Global (release 5.0.4 and later) level.
However, any mixed versions of the software will interoperate.
The “Register New User” dialog box still offers a choice between North
American and International IDs. It was left this way because
administrators often use the North American or International distinction
for administration purposes, or there may be older versions of the
software still in use in some companies. In addition, countries have their
own import rules. Preserving this distinction will allow Lotus to respond
to specific country changes, if required.
Note These regulations pertain only to export from the United States.
For other countries with import regulations, customers need to check the
requirements of the specific country. While Lotus takes all steps to
acquiesce with governmental encryption regulations worldwide, Lotus
recommends that customers familiarize themselves with local encryption
regulations to remain in compliance.
Interoperability issues
• Support for ID types. Both North American and International ID
types continue to be supported for the Global release. This is for
backward compatibility with pre-5.0.4 clients. Lotus Notes users can
keep their existing International IDs if the Global version of the
software is installed. The Global version will automatically allow the
use of stronger encryption. Browser users can keep their existing key
ring, but users must follow the manufacturer’s recommendations for
upgrading the browser to stronger encryption.
• Interoperability with post-5.0.4 releases. If your organization’s
clients and servers are all running release 5.0.4 or later, it makes no
difference whether you create North American or International IDs.
Both types of ID will work the same way.
Encryption and Electronic Signatures 43-3

• Interoperability with pre-5.0.4 releases. Lotus Notes users, as well
as Domino servers which have been upgraded to release 5.0.4 and
later, can authenticate and continue day-to-day operations securely
with clients and servers running on earlier releases of software.
However, if your organization has clients or servers running releases
earlier than Notes and Domino 5.0.4, you should continue to create
the same types of IDs you created with the earlier versions.
International versions of releases prior to 5.0.4 do not allow users to
switch to North American IDs, so when registering new international
users, you shouldn’t create only North American IDs. Similarly,
North American versions of earlier releases use weaker
cryptography when running with International IDs, so you shouldn’t
create only International IDs.
The best strategy for deciding between North American and
International IDs is to continue using the decision process that was in
place for earlier releases of Notes and Domino. Eventually, as you
upgrade the Notes clients and Domino servers, the decision will not
matter.
Mail encryption
Mail encryption protects messages from unauthorized access. Only the
body of a mail message is encrypted; the header information — for
example, the To, From, and Subject fields — is not.
Notes users can encrypt mail sent to other Notes users or to users of mail
applications that support S/MIME — for example, Microsoft Outlook
Express and Netscape Communicator.
Users can use Notes mail encryption to encrypt mail sent to other Notes
users, encrypt mail received from other Notes users, or encrypt all
documents saved in a mail database. Notes uses the recipient’s public
key, which is stored in the sender’s Personal Address Book or in the
Domino Directory, to encrypt outgoing and saved mail.
In general, mail sent to users in a foreign domain cannot be encrypted.
However, if the recipient of the mail uses Notes and the sender has
access to the recipient’s public key, the sender can encrypt the mail
message. The recipient’s public key can be stored in the Domino
Directory, in an LDAP directory to which the sender has access, or in the
sender’s Personal Address Book.
Notes users can also use S/MIME to encrypt mail sent to recipients
who use mail applications that support S/MIME. Senders must have
the recipient’s public key in order to encrypt the message for S/MIME.

Security
The recipient’s public key is stored in an Internet certificate in either a
Domino Directory or LDAP directory to which the sender has access or
in the sender’s Personal Address Book. The sender must also have a
cross-certificate that indicates to Notes that the recipient’s public key can
be trusted.
For information on setting up a Notes client for S/MIME encryption, see
the chapter “Setting Up Clients for S/MIME and SSL.”
Encrypting a message — with either Notes mail encryption or S/MIME
encryption — does not affect the speed at which the message is routed
from sender to recipient. However, encryption does increase the time
required to send and to open a message. The extra time is required
because the message must be encrypted at the beginning of the
transmission and decrypted each time the recipient opens it. The time
required to send and open a message is based on the size of the message
and the number of bitmaps and other graphics, objects, and attachments
in the message. In most cases, the delay is not noticeable.
How outgoing Notes mail encryption works

1. The sender sends an outgoing message and selects the Encrypt
option.
2. Notes generates a random encryption key and encrypts the message
with it.
3. Notes encrypts the random encryption key with the recipient’s
public key and appends the new key to the message. The recipient’s
public key must be stored in either a Domino Directory or LDAP
directory that a user can access or in the sender’s Personal Address
Book.
4. If the encrypted message is addressed to multiple recipients, the
message is encrypted only once with one random key, and the
random key is encrypted using the public key of each recipient.
5. When the recipient attempts to open the encrypted message, the
user’s mail application attempts to decrypt the random key, using
the recipient’s private key. If this is successful, the random key
decrypts the message.
6. If decryption is successful, the recipient can read the message. If
decryption is unsuccessful, the user receives a message indicating
that the decryption failed and the mail application does not allow the
user to access the message.

How outgoing S/MIME mail encryption works
1. The sender sends an outgoing message and selects to encrypt it. (The
exact option to do this depends on the mail application used.)
2. The sender’s mail application (Notes or another S/MIME-compliant
mail program) generates a random encryption key and encrypts the
message with it.
3. The sender’s mail application looks for the recipient’s public key. For
S/MIME mail sent from Notes, the recipient’s Internet certificate
must be stored in the sender’s Personal Address Book or a Domino
Directory or LDAP directory to which the sender has access.
a. If a certificate is found, Notes looks for a cross-certificate in the
sender’s Personal Address Book to validate the Internet
certificate. If a cross-certificate does not exist, Notes asks whether
the client wants to create a cross-certificate on demand.
b. If no certificate for the recipient is found or if a cross-certificate is
not created for the certificate, the sender receives a warning that
encryption is not possible for this recipient. The sender is then
given a choice of not sending the message or sending it
unencrypted.
4. The sender’s mail application encrypts the random encryption key
with the recipient’s public key and appends the encrypted key to the
message. Notes uses the recipient’s public key, found in the
certificate, to encrypt the message.
Some recipients may have dual Internet certificates — one certificate
used for encryption and the other used for signatures and SSL. If so,
Notes extracts the Internet encryption certificate, and uses it to
encrypt the message.
5. If the encrypted message is addressed to multiple recipients, the
message is encrypted only once with one random key, and the
random key is encrypted using the public key of each recipient.
6. When the recipient attempts to open the encrypted message, the
user’s mail application attempts to decrypt the random key, using
the recipient’s private key. If this is successful, the random key
decrypts the message.
7. If decryption is successful, the recipient gains access to the message.
If decryption is unsuccessful, the user receives a message indicating
that the decryption failed, and the mail application does not allow
the user to access the message.

Security
Encrypting mail
Encrypt outgoing, incoming, and saved mail to protect messages while
they are in transit and stored in mail databases on the server. Users can
encrypt outgoing mail messages sent to recipients who use either Notes
or S/MIME. If recipients prefer to receive mail in MIME format, then
encrypted mail will be in S/MIME format. Users can encrypt incoming
and saved mail only if they use Notes mail.
To encrypt outgoing mail

Encrypting outgoing mail ensures that only the recipient of a message
can read it while the message is in transit, stored in intermediate
mailboxes, or in the recipient’s mail file.
Each Notes client user must encrypt outgoing mail. The administrator
cannot encrypt all outgoing mail on a server.
Senders control the choice of MIME format or Notes format when
sending mail directly to the Internet or for messages that are addressed
to Internet addresses. Mail recipients control the format of incoming mail
in their user preferences. The message format determines the choice of
encryption method.
Notes uses S/MIME encryption for outgoing mail in the following
situations:
• The user selects “directly to Internet” in the “Send outgoing mail”
field in the Mail tab of the current Location document. Mail messages
sent from this location will use MIME format.
• The user selects “MIME format” in the “Format for messages
addressed to Internet addresses” field in the Mail tab of the current
Location document. Mail messages sent from this location to Internet
addresses that cannot be found in a Personal Address Book or
Domino Directory will use MIME.
• The user enables the field “When receiving unencrypted mail,
encrypt before storing in your mail file” on the Basics tab of the
user’s Person document. Mail sent to this user will use MIME.
• The user creates a message using a form in which the Body field in
the form’s design has “Store contents as HTML and MIME” selected
in Field Properties. If the recipient can accept either Notes or MIME
format (or if Notes cannot find a Person document for the recipient),
the message will use MIME format.
The sender of an encrypted S/MIME mail message must find an Internet
certificate for each intended recipient and a cross-certificate that verifies
the Internet certificate. The Internet certificate can be stored in the
Domino Directory, an LDAP directory that is accessible to the sender, or

in the sender’s Personal Address Book. The cross-certificate must be
stored in the sender’s Personal Address Book. If a Notes recipient’s
Internet certificate is not available to the sender, Notes attempts to use
the recipient’s Notes public key (if available) to encrypt the message.
Some recipients may have dual Internet certificates, meaning one
certificate is for encryption and the other is for signatures and SSL. If the
recipient uses dual certificates, Notes extracts the Internet encryption
certificate and uses it to encrypt the message.
The sender of an encrypted Notes mail message must have the public
key for each intended recipient. The public key can be stored in the
Domino Directory, in an LDAP directory that is accessible to the sender,
or in the sender’s Personal Address Book.
For information on encrypting outgoing mail, see Lotus Notes 6 Help.
To encrypt incoming mail for a mail file

If users have Editor access to their Person documents in the Domino
Directory, they can encrypt all incoming mail they receive. Otherwise,
the administrator must complete this procedure for them.
1. Open the user’s Person document in the Domino Directory.
2. Click Edit Person, and then click Basics.
3. In the field “When receiving unencrypted mail, encrypt before
storing in your mail file,” select Yes.
To encrypt saved mail

Users can encrypt drafts of unsent messages and messages that they save
after sending. For unsent mail, the message is encrypted only with the
sender’s public key. For sent mail, the message is encrypted with the
sender’s and the recipient’s public keys.
Only messages saved after this option is chosen are encrypted. To
encrypt previously saved messages, users must open and resave the
messages. Encrypting saved mail prevents unauthorized access to
messages by other users with unauthorized access to the mail server.
For information on encrypting outgoing mail, see Lotus Notes 6 Help.

Security
Electronic signatures
Electronic signatures are closely associated with encryption. An
electronic signature verifies that the person who originated the data is
the author and that no one has tampered with the data. Users can add an
electronic signature to mail messages and to fields and sections of
documents. A database designer controls whether or not users can sign
fields and sections of a database can be signed; individual users can
choose to sign mail messages.
Users can sign mail messages sent to other Notes users or to users of
other mail applications that support the S/MIME protocol — for
example, Microsoft Outlook Express and Netscape Communicator.
Domino uses the same keys used for encryption — the Notes and
Internet public and private keys — for electronic signatures.
You can also set up Notes to use separate keys for S/MIME signatures
and encryption, by adding two Internet certificates to your Notes ID file
and using one certificate for S/MIME encryption and the other for
S/MIME signatures and SSL client authentication. Having dual Internet
certificates lets you maintain separate public and private key pairs for
encryption and electronic signatures and SSL client authentication.
For information on creating signed fields and sections, see the book
Application Development with Domino Designer.
For information on dual Internet certificates, see the chapter “Setting Up
How electronic signatures work

Notes signatures
When the sender signs a message with a Notes signature, all fields of the
message are signed.
1. Notes generates a “hash” of the data — that is, a number that
represents the data — and then encrypts the hash with the private
key of the author of the data, forming a signature. The hash is also
sometimes called a message digest, and has some necessary special
properties:
• It is not possible to guess the original message from looking at the
digest.
• Even a small change in the message changes the digest in an
unpredictable way, and produces a completely different value.
2. Notes attaches the signature, the signer’s public key, and the signer’s
certificates to the data.

3. When the reader accesses the signed data, Notes verifies that the
signer has a common certificate or common certificate ancestor from
a certifier that the reader trusts. If so, Notes attempts to decrypt the
signature using the public key that corresponds to the private key
with which the data was signed.
4. If decryption is successful, Notes indicates who signed the message.
If decryption is unsuccessful, Notes indicates that it cannot verify the
signature. Unsuccessful decryption and comparision may indicate
that the data has been tampered with.
Note Certificate trust checking occurs independently of hash
decryption and comparison. Decryption and comparison may
succeed even if the certificate is not trusted. This might happen, for
example, when a user receives mail from a user in another company
and that user doesn’t have a cross-certificate.
S/MIME signatures
When the sender signs a message with an S/MIME signature, only the
body of the message and accompanying attachments are signed.
1. Notes generates a hash of the data being signed and then encrypts
the hash with the private key of the author of the data, forming a
signature.
2. Notes attaches a certificate chain — that is, all certificates in the
hierarchy for the certificate — and the signature to the data.
3. When the reader accesses the signed data, Notes or the mail
application attempts to decrypt the signature using the public key
that corresponds to the private key with which the data was signed.
If successful, Notes or the application verifies that the signer has a
common certificate or common certificate ancestor from a certifier
that the reader trusts.
Note Typically, the Notes user’s organizational certifier issues a
cross-certificate to the signer’s certificate authority (CA). Trust can
also be established if the Notes user issues a cross-certificate directly
to the signer’s certificate or to the signer’s Certificate Authority. Or,
the Notes user’s organizational certifier can issue a cross-certificate
directly to the signer’s certificate.
4. Notes or the mail application compares the decrypted hash with a
hash of the message generated by the reader. A match means that the
signature is valid.

Security
5. If the digest comparison is successful, Notes or the S/MIME mail
application indicates who signed the message. If decryption is
unsuccessful, the application indicates that it could not verify the
signature. Unsuccessful decryption and comparision may indicate
that the data has been tampered with.
Note Certificate trust checking occurs independently of hash
decryption and comparison. Decryption and comparison may
succeed even if the certificate is not trusted. This might happen, for
example, when a user receives mail from a user in another company
and that user doesn’t have a cross-certificate.
For more information on cross-certificates, see the chapter “Protecting
and Managing Notes IDs.”
Signing sent mail

Notes client users control whether the mail they send is signed. Users can
sign individual mail messages or sign all mail messages that they send.
When sending signed messages to users of S/MIME mail applications,
Notes users must have an additional set of Internet public and private
keys.
For information on obtaining Internet public and private keys, see the
chapter “Setting Up Clients for S/MIME and SSL.”
For more information on signing mail, see Lotus Notes 6 Help.

Security
Chapter 44
Setting Up a Domino Server-Based Certification
Authority
This chapter describes how to set up a Domino server-based certification

authority (CA) to issue server and client certificates using the CA process
server task.
Domino server-based certification authority

You can set up a Domino certifier that uses a server task, the CA process,
to manage and process certificate requests. The CA process runs as an
automated process on Domino servers that are used to issue certificates.
When you set up a Notes or Internet certifier, you link it to the CA
process on the server in order to take advantage of CA process activities.
Only one instance of the CA process can run on a server; however, the
process can be linked to multiple certifiers.
You can set up Notes and Internet certifiers to use the CA process.
Consider using the CA process because it:
• Provides a unified mechanism for issuing Notes and Internet
certificates.
• Supports the registration authority (RA) role, which you use to
delegate the certificate approval/denial process to lower-echelon
administrators in the organization.
• Does not require access to the certifier ID and ID password. After
you enable certifiers for the CA process, you can assign the
registration authority role to administrators, who can then register
users and manage certificate requests without having to provide the
certifier ID and password.
• Simplifies the Internet certificate request process through a
Web-based certificate request database.
• Issues certificate revocation lists, which contain information about
revoked or expired Internet certificates.
44-1
• Creates and maintains the Issued Certificate List (ICL), a database
that contains information about all certificates issued by the certifier.
• Is compliant with security industry standards for Internet certificates
— for example, X.509 and PKIX.
To manage the CA process from the Domino console, you use a set of
server Tell commands.
For more information on CA process Tell commands, see the appendix
Issued Certificate List (ICL)

Each certifier has an Issued Certificate List (ICL) that is created when the
certifier is created or migrated to the CA process. The ICL is a database
that stores a copy of each unexpired certificate that it has issued,
certificate revocation lists, and CA configuration documents.
Configuration documents are generated when you create the certifier
and sign it with the certifier’s public key. After you create these
documents, you cannot edit them.
CA configuration documents include:
• Certificate profiles, which contain information about certificates
issued by the certifier.
• CA configuration document, which contains information about the
certifier itself.
• RA/CA association documents, which contain information about the
RAs who are authorized to approve and deny certificate requests.
There is one document for each RA.
• ID file storage document, which contains information about the
certifier ID.
Another CA configuration document, the Certifier document, is created
in the Domino Directory when you set up the a certifier. This document
can be modified.
For more information, see the topic “Modifying a certifier” later in this
chapter.
Certificate Revocation List (CRL)

A CRL is a time-stamped list identifying revoked Internet certificates —
for example, certificates belonging to terminated employees. The CA
process issues and maintains CRLs for each Internet certifier. A CRL is
associated with a certifier, is signed by that certifier, and resides in the
certifier’s ICL database. A copy of the CRL is also stored in the Domino
Directory, where it is used to assert certificate validity by entities that
require certificate authentication.

Security
You configure the CRL when you create a new Internet certifier. You can
specify the length of time for which a CRL is valid and the interval
between publication of new CRLs. After CRLs are configured, the
certifier issues them on a regular basis and they operate unattended.
Using CRLs, you can manage the certificates issued in your organization.
You can easily revoke a certificate if the subject of the certificate leaves
the organization or if the key has been compromised. HTTP servers and
Web browsers check the CRLs to determine whether a given certificate
has been revoked, and is therefore no longer trusted by the certifier.
When you use Internet Site documents to configure Internet protocols on
the Domino, you can also enable CRL-checking for each protocol.
There are two kinds of CRLs: regular and non-regular. For regular CRLs,
you configure a duration interval — the time period for which the CRL is
valid — and the interval at which new CRLs are issued. Each certifier
issues a CRL at the specified time, even if no certificates have been
revoked since the last CRL was issued. This means that if an
administrator revokes a certificate, it appears in the next scheduled CRL
issued by the certifier. The CRL duration period should be greater than
the time period between each CRL issuance. This ensures that the CRL
remains valid. Otherwise, the CRL could expire before a new one is
issued.
However, in the event of a critical security break — for example, if the
administrator needs to revoke a particularly powerful certificate or the
certifier certificate is compromised — you can manually issue a
non-regular CRL — that is, an unscheduled CRL — to enforce the
emergency revocation. This type of revocation does not affect either the
timing or the content of the next scheduled CRL. You use a Tell
command to issue a non-regular CRL.
For more information on revoking a certificate, see the topic “Revoking a
certificate” later in this chapter.
For more information on enabling CRL-checking, see the chapter
“Installing and Setting Up Domino Servers.”
For more information on configuring a regular CRL, see the topic
“Creating an Internet CA” later in this chapter.
For more information on issuing a nonscheduled CRL, see the appendix
Setting Up a Domino Server-Based Certification Authority 44-3

Administering a Domino CA
There are a number of tasks associated with managing a certifier. If you
implement a certifier that uses the CA process, you can delegate Notes
and Internet certificate request approval and denial to other
administrators, each of whom acts as a registration authority.
Note Many of the manual tasks associated with managing a CA prior to
Domino 6 are now automated when you use the CA process.
Domino certificate authority administrator tasks

The Domino certificate authority administrator (CAA) is responsible for
these tasks:
• Create and configure certifiers.
• Modify certifiers. For example, only a CA administrator can edit ID
recovery information for a Notes certifier.
• Add or remove Certification and Registration Authority
administrators, or change the CA and RA roles assigned to users.
The CAA must have at least Editor access to the master Domino
Directory for the domain.
As a best practice, designate at least two CAAs for each certifier. You
then have a backup if one leaves the organization.
Note By default, the administrator who creates a certifier is
automatically designated as both a CAA and an RA for that certifier.
When you create additional CAAs, they must be assigned the RA role in
order to register users.
Domino Registration Authority administrator tasks

A registration authority (RA) administrator registers Notes users and
Domino servers, approves or denies Internet certificate requests, and, if
necessary, revokes Internet certificates. While a CA administrator can
also be a registration authority, the main advantage of having a separate
RA role is to offload these tasks from the Domino and/or CA
administrator. Moreover, the Domino administrator can establish one or
more RAs for each certifier enabled for the CA process.
An RA should approve only those requests that will be accepted by the
certifier. The CA Configuration document, stored in the CA’s ICL
database, describes what is acceptable.
Domino administrators who register Notes users should also be listed as
RAs for the Notes certifier.
If you are using the Web Administrator client, you need to set up a
server-based certification authority to register Notes users. The Web

Security
administrator, as well as the server on which the Web Administrator
database resides, must be listed as an RA for that certifier.
The Domino Registration Authority (RA) administrator is responsible for
these tasks:
• Register users, servers, and additional Notes certifiers.
• Approve or deny Internet certificate requests.
• Revoke certificates if they can no longer be trusted, such as if the
subject of the certificate leaves the organization, or if the key has
been compromised.
Note CAs and RAs must have at least Editor access to the master
Domino Directory for the domain.
Setting up a server-based Domino certification authority

To set up a server-based Domino certification authority, you must
configure and enable Notes and Internet certifiers to use the CA process.
You can enable only one type of certifier under the CA process — for
example, set up only Internet certifiers for the CA process — or you can
enable all certifiers for the CA process.
If your organization has existing Domino certifiers, you can migrate them
to the CA process.
To set up a Domino server-based certification authority, perform the
following tasks:
1. Migrate existing certifiers to the CA process.
2. Create new certifiers.
3. Add certifiers to the CA process on the server.
4. For each Internet certifier, set up the Certificate Requests database.
5. Set up SSL on the server.
Migrating a certifier to the CA process

To migrate an existing certifier to the CA process, you set up an Issued
Certificate List (ICL) database and configure its certificate duration. In
addition, for Internet certifiers, you configure CRL and key usage
information for the certificate.
2. On the Tools pane, choose Certification - Migrate Certifier.
3. In Migrate Certifier dialog box, click Select.

4. In the “Chose ID/key ring file” dialog box, select the CERT.ID of the
certifier you want to migrate.
• Choose the certifier ID (CERT.ID) and click Select to migrate a
Notes certifier.
• Choose the certifier key ring file and click Select to migrate an
Internet certifier.
5. The certifier ID’s path and filename now appear in the Migrate
Certifier dialog box. Enter the password for the certifier ID or key
ring file and click OK.
6. If you are migrating a Notes certifier, complete the procedure “To
migrate a Notes certifier.” Otherwise, see the procedure “To migrate
an Internet certifier.”
To migrate a Notes certifier

1. On the Basics tab, complete these fields:
Field Action
Select the Select the server that will store the migrated certifier.
server where Make sure that the client location document points to this
the certifier will server.
run
Name of ICL (Optional) ICLs are created automatically when you
database to be create a certifier, and named by default. You can modify
created the default name (for example: “icl\icl_Acme.nsf” for the
Acme certifier).
Although you can change the location of the ICL, it is
recommended that you use the default directory and
path.
2. For “Encrypt Certifier ID with,” choose one:

Option Security Password Action required
level required
Encrypt ID Lowest None None
with
Server ID
Encrypt ID Medium Enter a If you choose to encrypt the certifier ID
with new with the server ID and password, you
Server ID password need to activate the certifier. Use the tell
for this command:
certifier tell ca activate <password>
continued

Security
level required
Encrypt ID Highest Registered If you choose to encrypt the certifier ID
with Lock user ID with a lock ID, the certifier is locked
ID and when you create it. Use the tell
password command:
tell ca unlock
<idfile><password>
Note Encrypting a certifier ID with the password-protected Server

ID protects only that certifier. If you use a lock ID, you have the
option of using it with multiple certifiers. You then need to lock and
unlock those certifiers simultaneously.
3. (Optional) In the Administrators list, enter names of additional
CAAs and RAs. The name of the administrator migrating the CA is
automatically included in the list as both a CAA and an RA.
4. On the Certificates tab, complete these fields:
Field Action
Certificate duration Enter the default, minimum, and maximum
for EE certificate duration, in months, for an end-entity (EE)
certificate. An end-entity certificate is granted to
servers or end users.
for CA certificate duration, in months, for an certificate authority
(CA) certificate. A CA certificate is granted to
certifiers.
5. Click OK. A message appears saying that you have successfully

migrated the certifier.
6. Add the certifier to the CA process.
To migrate an Internet certifier

1. Migrate the key ring file.
2. Complete the Migrate Certifier dialog as described in the procedure
“To create an Internet certifier” later in this chapter.
For more information on using CA server commands, see the appendix
Adding a certifier to the CA process

When you create a certifier specifically for the CA process, you must
make sure that the CA process task is running on the server. To manage
the CA process, you use Tell commands at the server console.

To add a certifier to the CA process
1. Make sure that you have already migrated or created a certifier.
2. If this is the first certifier you are setting up to use the CA process, or
if the CA process is not already running, at the server console enter:
load ca
3. If the CA process task is already running, it automatically adds

newly-created certifiers when it refreshes, which takes place every 12
hours. However, the time period in which the Administration
Requests database processes CA requests will vary. If you want to
hasten the process, at the console enter:
tell ca refresh
And then enter the following to see if the new certifier has been
added:
tell ca stat
Note To load the CA task automatically, add the parameter ca to the

Server setting in the NOTES.INI file.
For more information on using CA server commands, see the appendix
Creating a certifier for a server-based CA

You can create additional Notes and Internet certifiers for your
organization and configure them to use the CA process.
To create a Notes certifier

1. Register an additional organization certifier or organizational-unit
certifier.
2. Migrate the certifier to the CA process.
To create an Internet certifier

You create one or more Internet certifiers to issue server and client
Internet certificates.
2. On the Tools pane, select Registration - Internet Certifier.
3. In the Register Internet Certifier dialog box, select “I want to register
a new Internet certifier that uses the CA process.”
4. In the Register a New Internet Certifier dialog box, click Basics.
5. Create the certifier name. Specify a common name and at least one
additional component:

Security
• Common name — Enter the certifier name.
• Organizational unit (optional) — Enter the name of the certifier’s
organizational unit, if applicable.
• Organization (optional) — Enter the name of the certifier’s
organization.
• City or locality (optional) — Enter the organization’s city or
locality.
• State or province (optional) — Enter the full name of the state or
province in which the organization resides.
• Country (optional) — Enter the two-character abbreviation for the
country in which the organization resides.
6. Choose the server on which to store the certifier.
7. (Optional) Modify the default ICL database name (for example:
“icl\icl_Acme.nsf”).
Note It is recommended that you use the default directory
structure.
8. For “Encrypt Certifier ID with,” select one:
level required
Encrypt ID with Lowest None None
Server ID
Encrypt ID with Medium Server ID If you choose to encrypt the
Server ID password certifier ID with the server
ID and password, you need
to activate the certifier. Use
the tell command:
tell ca activate
<password>
Encrypt ID with Highest Registered If you choose to encrypt the
Lock ID user ID and certifier ID with a lock ID,
password the certifier is locked when
you create it. Use the tell
command:
tell ca unlock
<idfile><password>
Note Encrypting a certifier ID with the password-protected Server

ID protects only that certifier. If you use a lock ID, you have the
option of using it with multiple certifiers. You then need to lock and
unlock those certifiers simultaneously.

9. (Optional) In the Administrators list, enter the names of additional
CAAs and RAs. The name of the administrator creating the CA is
automatically included in the list as both a CA administrator and an
RA administrator.
For more information on certifier administrators and registration
authorities, see the topic “Administering a Domino CA” earlier in this
chapter.
10. On the Certificates tab, complete these fields:
Field Action
Include CRL distribution (Optional) Select to enable an attribute that
point extension identifies the distribution point for the certifier
CRL on the server that you select in the “Using
server” list.
Backdate certificate Enter the date when the certificate becomes
validity valid, as this may differ from the date on which
the certificate is created.
certificate duration in months.
Key usage Choose the key usage extensions for this
certificate.
Note The default certificate type is end entity certificate. This means
that Internet certificates issued by this certifier apply to users of
certificates and/or end-user systems that are subjects of a certificate.
11. Click Miscellaneous, and then click “Create a local copy of the
certifier ID.” Specify the certifier ID file name and password, and
click OK. A copy of the certifier ID is saved to the default path
...\notes\data\ids\certs\cert.id. You can select a different path. Use
this local copy of the certifier ID as a backup to re-create the certifier
if it become corrupted.
12. Complete these fields to specify Certificate Revocation List
information for this certifier:
Field Action
Duration of CRL (in Enter the length of time, in days, for which a
days) given CRL is valid. It is recommended that this
time period extend beyond the time period
between issued CRLs, as this ensures that the
CRL is always valid.
Time between CRLs (in Enter the time interval, in days, between issued
days) CRLs.

Security
13. Complete these fields to specify “Key and certifier certificate”
information for this certifier:
Field Action
Signing algorithm Select the algorithm used to encrypt the
certificate’s signature.
Key length Enter the key length to use for encryption. This
setting determines the number of bits needed to
be able to represent any of the possible values of
a cryptographic key. The longer the key length,
the more difficult it is to decrypt encrypted text.
Certificate will expire on (Optional) Change the default certificate
expiration date.
14. Complete these fields to specify the Certifier PKIX Alternative

Name(s) information for this certifier:
Alternative name fields allow alternate names to be listed in
certificates. Alternate subject names can appear in any certificate. If a
CA has alternate names, those names should be included in the
certificates it issues. For example, you can include the certifier’s
e-mail address in the certificates it issues, so that users know how to
contact the certifier that issued them.
Note A PKIX Alternative Name is not the same as a Notes alternate
name. The Notes alternate name is the foreign language version of a
user name.
Field Action
Type Enter the type of alternative name you want to
use.
Value Enter the alternative name you want to use.
15. Click Add to add the alternative name to the certifier’s certificate.
16. Click OK. A message appears saying that you have successfully set
up a CA.
17. Complete these procedures:
• Add the new certifier to the CA process.
• Create the Certificate Requests application.

Key usage extensions and extended key usage
Key usage extensions
Key usage extensions define the purpose of the public key contained in a
certificate. You can use them to restrict the public key to as few or as
many operations as needed. For example, if you have a key used only for
signing, enable the digital signature and/or non-repudiation extensions.
Alternatively, if a key is used only for key management, enable key
encipherment.
The following table describes the key usage extensions available for keys
created using the CA process.
Note The digital signature and data encipherment key usage extensions
are enabled by default for all Internet certificates.
Key usage extension Description
Digital signature Use when the public key is used with a digital signature
mechanism to support security services other than
non-repudiation, certificate signing, or CRL signing. A
digital signature is often used for entity authentication and
data origin authentication with integrity.
Non-repudiation Use when the public key is used to verify digital signatures
used to provide a non-repudiation service.
Non-repudiation protects against the signing entity falsely
denying some action (excluding certificate or CRL signing).
Key encipherment Use when a certificate will be used with a protocol that
encrypts keys. An example is S/MIME enveloping, where
a fast (symmetric) key is encrypted with the public key
from the certificate. SSL protocol also performs key
encipherment.
Data Use when the public key is used for encrypting user data,
encipherment other than cryptographic keys.
Key agreement Use when the sender and receiver of the public key need to
derive the key without using encryption. This key can then
can be used to encrypt messages between the sender and
receiver. Key agreement is typically used with
Diffie-Hellman ciphers.
Certificate signing Use when the subject public key is used to verify a
signature on certificates. This extension can be used only in
CA certificates.
CRL signing Use when the subject public key is to verify a signature on
revocation information, such as a CRL.
continued

Security
Key usage extension Description
Encipher only Use only when key agreement is also enabled. This enables
the public key to be used only for enciphering data while
performing key agreement.
Decipher only Use only when key agreement is also enabled. This enables
the public key to be used only for deciphering data while
performing key agreement.
Extended key usage

Extended key usage further refines key usage extensions. An extended
key is either critical or non-critical. If the extension is critical, the
certificate must be used only for the indicated purpose or purposes. If the
certificate is used for another purpose, it is in violation of the CA’s
policy.
If the extension is non-critical, it indicates the intended purpose or
purposes of the key and may be used in finding the correct
key/certificate of an entity that has multiple keys/certificates. The
extension is then only an informational field and does not imply that the
CA restricts use of the key to the purpose indicated. Nevertheless,
applications that use certificates may require that a particular purpose be
indicated in order for the certificate to be acceptable.
If a certificate contains both a critical key usage field and a critical
extended key usage field, both fields must be processed independently,
and the certificate be used only for a purpose consistent with both fields.
If there is no purpose consistent with both fields, the certificate must not
be used for any purpose.
Extended key Enable for these key usage extensions

TLS Web server Digital signature, key encipherment or key agreement
authentication
TLS Web client Digital signature and/or key agreement
authentication
Sign Digital signature
(downloadable)
executable code
Email protection Digital signature, non-repudiation, and/or key
encipherment or key agreement
IPSEC End System Digital signature and/or key encipherment or key
(host or router) agreement
IPSEC Tunnel Digital signature and/or key encipherment or key
agreement
continued

Extended key Enable for these key usage extensions
IPSEC User Digital signature and/or key encipherment or key
agreement
Timestamping Digital signature, non-repudiation.
Examples of required key usage extensions

Application Required key usage extensions
SSL Client Digital signature
SSL Server Key encipherment
S/MIME Signing Digital signature
S/MIME Encryption Key encipherment
Certificate Signing Certificate signing
Object Signing Digital signature
Creating the Certificate Requests database

Each Internet certifier you create requires a Certificate Requests database
(CERTREQ.NSF) to manage server and client certificate requests. This
database stores active certificate and revocation requests that have been
submitted to the Administration Process for processing. Using a
browser-based interface, servers and clients request certificates and pick
up issued certificates.
You can store Certificate Requests databases on any server in the
domain, including servers that reside outside of a network firewall.
For more information on using the Certificate Requests database to
process certificate requests, see the chapter “Setting Up Clients for
S/MIME and SSL.”
To create the Certificate Requests database
1. Choose File - Database - New and select the server to store the
Certificate Requests database.
2. Enter the database title and file name — for example: Certificate
Requests and CERTREQ.NSF.
3. Choose the Certificate Requests (R6) template (CERTREQ.NTF).
4. Click OK. When the Certificate Requests database has been created,
it will open and the “About...” document will appear.
5. Close the “About...” document, and the Database Configuration form
will appear.

Security
6. In the Database Administration section, complete these fields:
Field Action
Supported CA Do the following:
1. In the Server field, enter the name of the server that
hosts the Internet certifier.
2. In the Certifier field, enter the name of the Internet
certifier to associate with the Certificate Request
database.
Supported Choose one:
certificate types • Client certificates only — Select this option if the
certifier will issue client Internet certificates. Do not
select this option if you want to create a server key
ring for SSL. If you select this option, you must
customize client requests.
• Server certificates only — Select this if the certifier
will issue server Internet certificates. If you select this
option, you must customize server requests.
• Both client and server certificates — Select this if the
certifier will issue both client and server Internet
certificates. If you select this option, then you need to
customize both server and client requests.
7. (Optional) In the Client Request Customization section, complete

these fields:
Field Action
Validity period Enter the number of years that client requests generated
with this database will specify as a validity period,
beginning at the time of request submission. Default is 1
year.
Key usages Choose the default key usage that will be submitted in
client certificate requests generated from this database.
Default settings are Key Encipherment and Digital
Signature, which are sufficient for a client S/MIME
certificate.
Extended key Choose the default extended key usage that will be
usages submitted in client certificate requests generated from
this database. Default settings are Client Authentication
and Email Protection.

8. (Optional) In the Server Request Customization section, complete
these fields:
Field Action
Validity period Enter the number of years that server requests generated
with this database will specify as a validity period,
beginning at the time of request submission. Default is 1
year.
Key usages Choose the default key usage that will be submitted in
server certificate requests generated from this database.
Default settings are Key Encipherment and Digital
Signature, which are sufficient for an SSL server
certificate.
Extended key The default extended key usage that will be submitted in
usages server certificate requests generated from this database.
Default is Server Authentication.
9. For “Processing method,” choose the method by which requests are

submitted to the Administration Process:
• Manual (default) — Choose this if you want an RA to review
requests submitted to the Certificate Requests to approve or deny
each request individually.
• Automatic — Choose this to have requests submitted to the
Certificate Requests database processed without RA intervention.
Requests will be approved or denied according to the certificate
policy. If this method is chose, the “Automatic Transfer Server”
field appears, in which you need to specify the server running the
administration process and to which certificate requests will
automatically be transferred.
Note If the Automatic method is chosen, the RA must be listed in
the group of users who can run unrestricted methods and operations
on the server. This can be set on the Security tab in the Server
document. There must also be a replica of the Certificate Requests
database on the specified transfer server.
10. For “Mail notification,” choose whether or not to send e-mail
notification when a certificate request has been processed by the CA.
• Yes (default) — Choose this if you want the requester to be
notified by e-mail when a certificate request has been processed
by the CA.
• No — Choose this if you do not want the requester to be notified
by e-mail when a certificate request has been processed by the CA.
11. Click Save & Close.

Security
Setting up SSL on a server-based CA server
Because server administrators and clients use browsers to access the CA
server to request and pick up certificates, use SSL to protect the CA
server. When you set up the CA server for SSL, you create the server key
ring file and request a server certificate. Domino automatically approves
the server certificate and merges the CA certificate as a trusted root.
For information on approving server certificate requests for Domino
servers that are not CA servers, see the topic “Signing server certificates”
To set up SSL on a server-based CA server

1. Create an Internet certifier.
2. Create the Certificate Requests application (CERTREQ.NSF).
3. Do the following to create a server key ring file to store the server
certificate, and merge the CA certificate as a trusted root into the
server key ring file:
a. In the Certificate Requests database, choose Domino Key Ring
Management - Create Key Ring.
b. In the Create Key Ring form, complete these fields:
Field Action
File name Enter a file name for the Key Ring file and keep
the .kyr.
Password Enter a password for the key ring file.
Key size Choose a key size.
Common name Enter the fully qualified host name — for
example, server.company.com.
Organization name Enter the name of the certifier organization.
State or province Enter the full name of the state or province in
which the organization is located.
Country Enter a two-letter abbreviation for the country in
c. Verify the information in the “Key Ring Created” dialog box,

then click OK to add your CA as a trusted root and generate a
certificate request for the server.
d. Verify the information in the “Merge Trusted Root Certificate
Confirmation” dialog box and click OK.

e. When the “Certificate received into key ring and designated as
trusted root” confirmation dialog box appears, click OK.
f. When the “Certificate Request Successfully Submitted for Key
Ring” dialog box appears, click OK.
If you chose Automatic as the processing method used by the
Certificate Requests database, continue with Step 5. If you chose
Manual, then complete Steps 4 through 6.
4. Do the following to transfer the certificate request to the
Administration Requests database:
a. In the Certificate Requests database, open the
Submitted/Waiting for Approval view. If the request does not
appear, press F9 to refresh the view.
b. If the request has been “Submitted to Administration Process,”
continue with Step 5. If the request is still Pending, highlight the
request and click “Submit Selected Requests.”
c. When you see “Successfully submitted 1 request(s) to the
Administration Process,” click OK.
5. Have an authorized registration authority approve the request. This
RA should be authorized for the certifier for which you are setting
up SSL.
a. Open the Administration Requests database (ADMIN4.NSF), and
then open the Certification Authority Requests/Certificate
Requests view and find the new request.
b. Open the request and verify the information in it.
c. Click Edit Request, then Approve Request. Press F9 until the
request changes from “New” to “Issued.”
6. Transfer the certificate request out of the Administration Requests
database:
a. Close the Administration Requests database and return to the
b. Open the Pending/Submitted Certificates view and locate the
request. If necessary, refresh the view.
c. If the certificate has not yet been issued, click “Pull Selected
Request(s).”

Security
7. After the CA signs the request for a server certificate and notifies you
to pick up the certificate, do the following:
a. Do one:
• Open the Administrator’s mail file, locate and open a message
with the subject “Your certificate request has been approved,”
and copy the pickup ID to the Clipboard.
• From the Certificate Requests database, open the
Submitted/Accepted view, then open the issued server request
and copy the “Request ID” to the clipboard.
b. In the Certificate Requests database, choose “Domino Key Ring
Management,” then “Pickup Key Ring Certificate.”
c. Enter the key ring file name and password, paste the pickup ID
into the form, and click Pickup Certificate.
8. Do the following to merge the approved server certificate into the
key ring file:
a. When the “Merge Signed Certificate Confirmation” dialog box
appears, verify the information and click OK.
b. When the “Certificate received into key ring” confirmation box
appears, click OK.
c. Copy or use FTP (in binary mode) to transfer the new key ring
file and its associated .STH file to the server’s data directory.
9. Configure the port for SSL:
a. In the Domino Directory, open the Server document. In the
Ports/Internet Ports section, click Edit Server and enter the name
of the new key ring file. (Do not include the full path to the key
ring file. Specify only the file name.) Enable the “SSL Port Status”
field and then click Save and Close.
Note As an optional step, while editing the Server document,
enable “Session authentication” in the Internet
Protocols/Domino Web Engine section. This ensures that HTTP
sessions will time out in the number of minutes that are specified
in the “Idle session timeout” field. The Maximum active sessions
may also be specified.
b. If HTTP is already running, at the console type “te http restart”
to enable SSL on the server.
c. To show SSL status and to verify that the HTTP server is
listening on both 80 and 443, type “te http show security” at the
server console.

10. Do the following to confirm that SSL is working on the server.
a. Open a browser, and enter the URL of the server — for example:
https://Server.Company.com/certreq.nsf
b. If the “New Site Certificate” dialog box appears, click Next.

c. Click More Info to verify the information, then click Next.
d. Decide whether or not to accept the new site certificate, and for
how long, then click Next.
e. Decide whether or not you want to see a warning every time you
access the new site, then click Next. When the dialog box
appears, click Finish.
If the Security indicator (a padlock icon) is closed (locked), you have
successfully established a secure session over SSL.
Signing server certificates using the Certificate Requests database

A Domino administrator can request a server certificate from a
server-based CA in order to enable SSL on a Domino server. The request
is entered and processed in the Certificate Request database, where a
registration authority (RA) administrator approves or denies the request.
Note If you chose Automatic as the processing method used by the
Certificate Requests database, you only need to complete Step 3. If you
chose Manual processing, then complete the entire procedure.
To sign a server certificate request

1. From the Domino Administrator, open the Certificate Requests
database.
2. Transfer the certificate request to the Administration Requests
database:
Pending/Submitted Requests view. If the request does not
appear, press F9 to refresh the view.
b. If the request has been “Submitted to Administration Process,”
continue with Step 3. If the request is still Pending, highlight the
request and click “Submit Selected Requests.”
c. When you see a “Successfully submitted 1 request(s) to the
Administration Process,” click OK.
3. Have an RA who is listed for this certifier approve the request.
a. Open the Administration Requests database (ADMIN4.NSF), and
then open the Certification Authority Requests/Certificate
Requests view and find the new request.

Security
c. Click Edit Request, then Approve Request. Press F9 until the
request changes from “New” to “Issued.”
database:
b. Open the Pending/Submitted Certificates view and locate the
request. If necessary, refresh the view.
c. If the certificate has not yet been issued, click “Pull Selected
Request(s).”
5. The certifier signs the request for a server certificate and notifies the
requester to pick up the certificate.
Modifying a server-based CA
After you migrate or create a certifier, you can modify it through the
certifier ICL or through the certifier document in the Domino Directory.
Note that how you open a certifier to modify it affects the number and
type of changes you can make.
Note Only CA administrators can modify a server-based CA. A CA
administrator must have Editor access to the Domino Directory in order
to modify a certifier.
To modify a certifier through the ICL

1. Shut down the CA process used by the certifier that you want to
modify. At the server console, type:
tell ca quit

3. On the Tools pane, choose Certification - Modify Certifier.
4. Select the server that hosts the CA you want to modify, if necessary
5. Select the certifier to recover by doing one of the following:
• Select the certifier document from the Domino Directory.
• Select the certifier ICL database.
Note If the certifier is protected with a lock ID, you must unlock it
in order to modify it.

6. In the Certifier dialog box, modify the certifier as needed. You can
change these features:
• Encryption mechanism for certifier ID
• CAs and RAs, and roles of current entries
• CRL distribution point extension
• Enable or disable backdating of certificate
• Certificate duration
• Certificate key usage (Internet certifiers only)
• CRL publication and duration (Internet certifiers only)
• For detailed information on these options, see the topic “Creating
a certifier for a server-based CA” earlier in this chapter.
7. Click OK.
To modify a certifier through the Certifier document

To modify a Certifier document, you must have Editor access to the
Domino Directory. Full-access administrators and administrators have
this access by default; however, be sure that all certificate authority (CA)
administrators also have this access.
Note If the certifier is protected with a lock ID, you must unlock it
in order to modify it.
• On the Basics tab, you can modify certifier name and issuer.
• Click “Modify CA configuration” to change CAA and RA
associations.
2. Click Save and Close.
Disabling a certifier
To modify a Certifier document, you must have Editor access to the
Domino Directory. Full-access administrators and administrators have
this access by default; however, be sure that all certificate authority (CA)
administrators also have this access.
Certificates view in the Server pane.
2. Select the certifier document you want to disable and double-click to
open it.
3. Click Edit Certifier.

Security
4. On the CA Configuration tab, disable the CA process for the certifier.
Caution If you disable the CA process for a certifier, and later want
to enable it, you must open the certifier document and enable it. You
can also repeat the CA migration process to enable it — however,
this creates a new ICL database for the certifier.
Revoking a certificate
A CA administrator can easily revoke an Internet certificate if the subject
of the certificate leaves the organization, or if the key has been
compromised. After a certificate is revoked, it can never again be trusted.
If you revoke a certificate, especially if a key has been compromised,
issue a non-regular CRL so that any entity checking CRLs has the most
updated revocation information.
To revoke a certificate
1. From the Domino Administrator, click Files. Open the ICL directory.
2. From the list of ICL databases, open the ICL for the certifier that
issued the certificate you need to revoke.
3. Open the Issued Certificates\By Subject Name view.
4. Open the Issued Certificate document for the certificate you want to
revoke.
The document name is the same as the subject name.
5. At the top of the document, click “Revoke Certificate.”
6. In the Revocation Reason dialog box, select the reason for revoking
the certificate, and click OK.
7. Issue a non-regular CRL.
The next time the CA process refreshes, the Issued Certificate document
will be updated to indicate that the certificate has been revoked. When
you open the Issued Certificate document again, the Revocation
Information section will indicate that the certificate has been revoked, the
revocation date and time, the reason for the certificate’s revocation, and
date and time the certificate became invalid.
For more information on issuing non-regular CRLs, see the appendix

Viewing certifiers running under the CA process
You can view a list of all the certifiers running under the CA process. At
the server console type:
tell ca status
The server returns a list of all certifiers using the CA process and their
current status. The number associated with each certifier is used in some
CA Tell commands.
For example:
10/22/2001 02:38:12 pm
CA Process status:
10/22/2001 02:38:12 pm
1. O=Acme
10/22/2001 02:38:12 pm
Certifier type: Notes
10/22/2001 02:38:12 pm
Active: Yes
10/22/2001 02:38:12 pm
ICL DB Path: icl\icl_Acme.nsf
10/22/2001 02:38:12 pm
2. CN=East/O=Acme/ST=Massachusetts/C=US
10/22/2001 02:38:12 pm
Certifier type: Internet
10/22/2001 02:38:12 pm
Active: Yes
10/22/2001 02:38:12 pm
ICL DB Path: icl\icl_East.nsf
For more information about using CA Tell commands, see the appendix
Viewing certificate requests

Domino CAs and RAs can view information about server and client
certificate requests waiting for approval, as well as approved and
rejected requests.
1. From the Domino Administrator, click Files and open the Certificate
Requests database for the certification authority for which you want
to see certificate requests.
2. Click Pending/Submitted Requests or Issued/Rejected Certificates.

Security
Backing up and recovering a certifier
Back up each certifier that you create, so that you can recover if there is a
problem — for example, if error messages are generated by the certifier
when you issue a “lo ca” or “tell ca refresh” command.
To back up a certifier
1. When you create a new certifier, keep a local copy of the certifier ID
file.
2. After you create the certifier, make a copy of the ICL database and
keep it in a safe place. Back up the ICL periodically to incorporate
any changes you make to the certifier.
To recover a certifier
1. From the Admin client, click Configuration.
2. On the Tools pane, choose Certification - Modify Certifier.
3. Select the CA server from the list, and click OK.
4. Select the server that hosts the CA you want to modify, if necessary.
5. Select the certifier to recover by doing one of the following:
• Select the certifier document from the Domino Directory.
• Select the certifier ICL database.
6. You may be prompted for the certifier ID and password. Enter the
path and filename for the local copy of the ID that you created when
you first set up the certifier, and click OK.
Note You will be prompted for the certifier ID only if the certifier
determines that it cannot proceed without it.
7. In the Modify Certifier dialog box, confirm that the certifier
information is correct. Click OK.
If the certifier is still having problems — for example, configuration
documents are corrupted or missing — replace the ICL database with the
back up copy. The location of the ICL database is specified in the certifier
document.

Security
Chapter 45
Setting Up a Domino 5 Certificate Authority
This chapter describes how to set up a Domino 5 certificate authority

(CA) to issue server and client certificates using a CA key ring file.
Using a Domino 5 certificate authority

You can set up a Domino certificate authority (CA), or certifier, in one of
two ways: you can use a CA key ring or you can use the CA process.
Using a Domino 5 certificate authority requires that you:
• Have access to the CA key ring and password in order to administer
the certifier and issue certificates.
• As an administrator, must administer and safeguard the certifier ID.
• Issue Notes and Internet certificates separately.
A CA key ring file is a binary file that is password-protected and is used
to store the CA certificate. This certificate is then used to sign server and
client Internet certificates.
Once you have created a certifier on a Domino server, you can then
enable SSL on that server to provide secure communications for
certificate requests and pickups. You do this by creating a server key ring
file and merging the CA certificate into it as a trusted root certificate.
Setting up a Domino 5 certificate authority

A Domino CA server hosts the Domino Certificate Authority application.
Users, server administrators, and Domino CAs use the application to
manage server and client certificates. Most organizations need only a
single Domino CA server.
To set up a Domino CA server, you must perform these tasks:
1. Set up the server as a Domino Web server.
For more information, see the chapter “Setting Up the Domino Web
Server.”
2. Create the Domino 5 Certificate Authority application.
45-1
3. Create a CA key ring file and CA certificate.
4. Configure the CA profile to specify key ring and mail settings.
5. Set up SSL on the CA server.
Creating the Domino Certificate Authority application

1. Set up the server as a Domino Web server.
2. Using the Domino Designer, create the Domino Certificate Authority
application on the server using the Domino R5 Certificate Authority
template (CCA50.NTF). To view the template file, select the option
Advanced templates. You can name the application anything you
wish — for example, CERTCA.NSF.
3. Edit the ACL of the Domino 5 Certificate Authority database, as
follows:
a. Add the names of the administrators who will issue and manage
Internet certificates. Assign Editor with Delete access and the
[CAPrivlegedUser] role to each administrator.
b. Set the -Default- access to Author with Create documents
privilege.
4. Create a CA key ring file and certificate.
Tip To hide the Domino Certificate Authority application so that it
doesn’t appear when users choose File - Database - Open and when Web
clients browse a database list, deselect “Show in Open Database dialog”
on the Tools tab in the Database Properties box.
Creating a CA key ring file and certificate

When you use the Domino Administrator to create the CA key ring file, it
is stored by default in the client’s data directory.
Make sure that you keep the key ring file in a secure location, especially
if you copy it to a shared location. To prevent unauthorized access, only
the administrators that you specify should have access to the CA’s key
ring file and password.
To create a CA key ring file and certificate

1. Make sure you created the Domino Certificate Authority application.
2. From the Domino Administrator, click Files, and open the Domino
Certificate Authority application.
3. Click Create Certificate Authority Key Ring & Certificate.

Security
Field Action
Key ring file Enter the explicit path and file name for the CA key
name ring. The default is CAKEY.KYR in the Domino
Administrator’s data directory. It’s helpful to use the
extension .KYR to keep server and CA key ring file
names consistent.
Key ring Specify a password for the key ring.
password
Password verify Enter the password entered into the previous field. This
helps ensure the password is entered correctly.
Key Size Select the size of the public and private key pairs. The
larger the size, the stronger the encryption.
Common name Enter a descriptive name that identifies the CA
certificate — for example, Acme SSLCA.
Organization Enter the name of the certifier organization. This is
usually a company name, such as Acme.
Organizational (Optional) Enter the division or department in which
Unit the certifier resides.
City or Locality (Optional) Enter the city or town where the certifier
resides.
State or Province Enter three or more characters that represent the state
or province where the certifier resides, such as
Massachusetts. (For U.S. states, enter the complete state
name, not the abbreviation.)
Country Enter the two-character representation of the country
where the certifier resides — for example, US for
United States or CA for Canada.
Note The Common name, Organization, Organizational Unit, City

or Locality, State or Province, and Country make up the CA server’s
distinguished name. Choose the CA name carefully; it is a costly
process to reissue certificates if you change the name.
5. Click Create Certificate Authority Key Ring.
6. After you review the information about the key ring file and CA
name, click OK.
7. Make a backup copy of the Certificate Authority key ring file, and
store it in a secure location.
8. Configure the Domino Certificate Authority application profile.
Setting Up a Domino 5 Certificate Authority 45-3

To change the password for the CA key ring file
To ensure the continued security of the CA key ring file, periodically
change its password.
2. Click View Certificate Authority Key Ring, and then click Change
CA Key Ring Password.
3. Enter the old password, and then click OK.
4. Enter a new password, and then click OK.
Configuring the Domino Certificate Authority application profile

The Domino Certificate Authority application profile identifies the CA’s key
ring file and specifies the name of the CA server. Domino adds a link to the
CA server when you send a message to clients and server administrators
who request certificates. The clients and server administrators use this
information to determine where to pick up certificates.
1. Make sure you created a CA key ring file and certificate.
3. Click Configure Certificate Authority Profile.
4. If necessary, enter the CA key ring path and file name in the CA Key
File field. By default, Notes looks for the key ring file on the local
hard drive. You can also specify a network drive accessible to other
administrators.
5. Enter the TCP/IP DNS name of the server that runs the CA
application in the Certificate Server DNS name field. Domino uses
this name to indicate where to pick up signed certificates in the
messages sent to administrators and clients.
The following fields set default values for the Approved Client
Certificates screen. You can override these when approving a certificate.
Field Action
Use SSL for Choose one:
certificate • Yes (default) to specify whether the e-mail message
transactions? generated during the security request process includes
a reference to the SSL port for secure certificate pick-up.
• No to specify SSL will not be used.
Certificate Server Enter the number of the TCP/IP port for the server.
port number Domino uses this port when sending an e-mail notifica-
tion to clients to pick up certificates. The default is 80.
continued

Security
Field Action
Mail confirmation Choose one:
of signed • Yes to generate an e-mail confirmation for a signed
certificate to certificate request.
requester?
• No (default) to not send the confirmation.
Submit signed Choose one:
certificates to • Yes (default) to submit the signed certificate request
AdminP for to the Administration Process, which then stores this
addition to the certificate in the Domino Directory.
Directory?
• No to not submit the certificate.
Default validity Specify the period, in years, for which the signed
period certificate is valid. Default is 2 years.

7. Set up SSL on the CA server.
Setting up SSL on the CA server

Because server administrators and clients use browsers to access the CA
server to request and pick up certificates, use SSL to protect the CA
server. When you set up the CA server for SSL, you create the server key
ring file and request a server certificate. Domino automatically approves
the server certificate and merges the CA certificate as a trusted root.
1. Make sure you configured the Domino Certificate Authority
application profile.
2. From the Domino Administrator, click the Files tab, and open the
Domino Certificate Authority application.
3. Click Create Server Key Ring & Certificate.
Field Action
Key ring file Enter the name of the server key ring file. By default,
name this is stored in the data directory of the Domino
Administrator used to create the file. Do not use the
same name as the CA key ring file.
Key ring Specify a password for the key ring.
password
Password verify Enter the password entered into the previous field. This
helps ensure the password is entered correctly.
Key size Select the size of the public and private key pairs. The
larger the size, the stronger the encryption.
continued

Field Action
CA certificate Enter the label to display when you view the CA
label certificate in the server key ring file.
Common name Enter the TCP/IP fully-qualified host name — for
example, www.lotus.com.
Set up the server certificate so that the common name
matches the DNS name, since some browsers check for
this match before allowing a connection.
Organization Enter the name of the certifier organization. This is
usually a company name, such as Acme.
Organizational (Optional) Enter the division or department where the
Unit certifier organization resides.
City or Locality (Optional) Enter the city or town where the certifier
organization resides.
State or Province Enter three or more characters that represent the state or
province where the certifier organization resides, such
as Massachusetts. (For U.S. states, enter the complete
state name, not the abbreviation.)
Country Enter a two-character representation of the country
where the certifier organization resides — for example,
US for United States or CA for Canada.
5. Click Create Server Key Ring.

6. Enter the CA key ring file password, and then click OK. The server
SSL key ring file is created.
7. Copy the server key ring file to the Domino data directory on the
server. The Domino Certificate Authority application creates the file
locally; however, the server needs the key ring file to use SSL.
Note If you choose to store the server key ring file in some place
other than the Domino data directory, you must specify the full
directory path to it in the Server document or Site document.
8. Configure the SSL port. Enable server authentication on the server.
For more information on configuring an SSL port, see the chapter
“Setting Up SSL on a Domino Server.”
9. If clients use Netscape Navigator, do the following:
a. From the Domino Administrator, click the Files tab, open the
Domino Certificate Authority application, and then open the
Database Properties box.
b. On the Basics tab, choose “Web Access: Require SSL connection”
to force browsers to use SSL to connect to this database.

Security
Note If clients use Microsoft Internet Explorer, do not complete this
step, which forces users to use SSL to access the application. Clients
who use Internet Explorer must use TCP/IP to access the Domino
Certificate Authority application and merge the certificate as a
trusted root. Internet Explorer does not allow clients to accept a site
certificate for a server for which they do not have the trusted root
certificate.
Displaying the CA key ring file

2. Click View Certificate Authority Key Ring.
3. Click Display CA Key Ring.
4. Enter the password when prompted.
5. Double-click the CA Key Pair document you want to open and view.
6. To exit the document after viewing, click Close.
Exporting the CA key ring file

Export the CA key ring to a text file to troubleshoot problems with the
CA server and compare key ring files.
2. Click View Certificate Authority Key Ring.
3. Click Dump CA Key Ring to Text.
4. Enter the password when prompted.
5. Enter the name of the file to which you want to export the key ring.
Notes creates this text file and places it in the data directory.
6. To view the text file, open it with a text editor.
Signing server certificates

The certificate authority signs a server certificate to add its digital
signature to the certificate. A request for a server certificate appears in
the Server Certificate Requests view in the Domino Certificate Authority
application. When the certificate authority signs a certificate, the
certificate authority can automatically notify the requesting server
administrator by e-mail. The e-mail describes how to pick up the
certificate and includes a pick-up ID, which the server administrator
must use to identify the certificate during the pick-up process. Domino
automatically generates the pick-up ID.

To sign a server certificate with a Domino 5 Certificate Authority
Before you begin, make sure that:
• The requesting server administrator has merged the Certificate
Authority’s certificate into the server key ring as a trusted root.
• You understand your organization’s policy on signing certificates.
Sign certificates only if the certificate requests comply with your
organization’s security policy.
1. From the Domino Administrator, click Files and open the Domino
2. Click Server Certificate Requests.
3. Open the request to sign.
4. Review the user information and distinguished name. Make sure that
the information provided complies with your organization’s security
policy.
If you want to deny the request, complete Step 5. Otherwise, go to
Step 6.
5. To deny the request, do the following:
a. Enter a reason for the denied request.
b. If you do not want to notify the server administrator by e-mail,
deselect “Send a notification email to the requester.” Otherwise,
Domino sends the server administrator an e-mail indicating that
you denied the request and the reason why you denied the
request.
c. Click Deny.
6. To approve the request, do the following:
a. Enter a validity period. For short-term projects, 90 days is typical;
for ongoing projects, you can enter several years.
b. If you do not want to notify the server administrator by e-mail to
pick up the certificate, deselect “Send a notification email to the
requester.” Otherwise, Domino sends the server administrator an
e-mail with a URL indicating the location to pick up the
certificate.
c. Click Approve.
d. Enter the password for the CA’s key ring file, and then click OK.
7. Have the server administrator complete the procedure “Merging a
server certificate into the key ring file.”

Security
Viewing requests for certificates
Domino certificate authority administrators can view information about
server and client certificates waiting for approval, approved requests
waiting for pick-up, and requests that have been denied.
1. From the Domino Administrator, click Files and open the Domino
2. Click Server Certificate Requests or Client Certificate Requests.
3. Use the Actions menu to display requests waiting for approval,
approved requests, and denied requests.

Security
Chapter 46
Setting Up SSL on a Domino Server
This chapter describes how to set up SSL on a Domino server to allow

secure Internet and intranet access at your organization.
SSL security
Secure Sockets Layer (SSL) is a security protocol that provides
communications privacy and authentication for Domino server tasks that
operate over TCP/IP.
SSL offers these security benefits:
• Data is encrypted to and from clients, so privacy is ensured during
transactions.
• An encoded message digest accompanies the data and detects any
message tampering.
• The server certificate accompanies data to assure the client that the
server identity is authentic.
• The client certificate accompanies data to assure the server that the
client identity is authentic. Client authentication is optional and may
not be a requirement for your organization.
Internet protocols supported by Domino and SSL

You must set up the Domino server and then set up SSL. You can use SSL
security for Internet clients who use one of the following Internet
protocols to connect to the Domino server:
• Web server and Web Navigator (HTTP)
• Internet Inter-ORB Protocol (IIOP)
The Java applet that uses this protocol must be set up to use SSL.
• Internet Message Access Protocol (IMAP)
• Lightweight Directory Access Protocol (LDAP)
• Post Office Protocol 3 (POP3)
• Simple Authentication and Security Layer (SASL)
46-1
Domino uses SASL automatically if SSL with client authentication is set
up on the server and if the LDAP client supports the protocol. No
additional configuration is necessary.
• Simple Mail Transport Protocol (SMTP)
Setting up SSL on a Domino server

Set up SSL on a Domino server so that clients and servers that connect to
the server use SSL to ensure privacy and authentication on the network.
You set up SSL on a protocol-by-protocol basis. For example, you can
enable SSL for mail protocols — such as IMAP, POP3, and SMTP — and
not for other protocols.
To set up SSL on your server, you need a key ring containing a server
certificate from an Internet certificate authority. You can request and
obtain a server certificate from either a Domino or third-party certificate
authority (CA) and then install it in a key ring. A server certificate is a
binary file that uniquely identifies the server. The server certificate is
stored on the server’s hard drive and contains a public key, a name, an
expiration date, and a digital signature. The key ring also contains root
certificates used by the server to make trust decisions.
This describes the process to follow if you need to set up SSL on a
Domino server that is not already a Domino certificate authority server.
You complete the setup process regardless of whether you request a
server certificate from a Domino or third-party CA.
Note You can enable SSL on a server when you register the server if you
have already have a Domino server-based certification authority running
in the Domino domain.
For more information about enabling SSL on a server at server
registration, see the chapter “Installing and Setting Up Domino Servers.”
To set up SSL on a Domino server

1. Set up the Server Certificate Admin application (CERTSRV.NSF),
which Domino creates automatically during server setup.
2. Create a server key ring file to store the server certificate.
3. Request an SSL server certificate from the CA.
4. Merge the CA certificate as a trusted root into the server key ring file.
5. The CA approves the request for a server certificate and sends
notification that you can pick up the certificate.
6. Merge the approved server certificate into the key ring file.

Security
7. Configure the port for SSL.
8. If you are using client authentication, add the client’s name to
database ACLs and access lists for design elements.
Setting up the Server Certificate Admin application

Domino automatically creates the Server Certificate Admin application
during server setup. If the Server Certificate Admin application is not
available after you start the Domino server, use the Server Certificate
Admin template (CSRV50.NTF) to create it. Use the Server Certificate
Admin application to:
• Request server certificates from either a Domino or third-party CA
• Add a CA certificate as a trusted root
• Manage server certificates in a key ring file
• Create a self-certified certificate for testing purposes
To set up the Server Certificate Admin application
1. Make sure you set up the server as a Domino Web server.
For more information, see the chapter “Setting Up the Domino Web
Server.”
2. Edit the ACL of the Server Certificate Admin application, as follows:
• Add the names of server administrators who will need to obtain
and manage server certificates. Assign Manager access.
• Set -Default- access to No access to prevent others from using the
database.
3. Create a server key ring file.
Tip To hide the Server Certificate Admin application when users
choose File - Database - Open, deselect “Show in ’Open Database’
dialog” in the Database Properties box.
Creating a server key ring file

Before you request a certificate from a CA, you must create a key ring file
to store the certificates. A key ring file is a binary file that is
password-protected and stored on the server’s hard drive. When you
create a server key ring file (.KYR), Domino generates an unsigned server
certificate and automatically includes several trusted root certificates.
The unsigned server certificate is not valid until it is signed by a certifier.
Domino also creates a stash file (.STH) using the same name as the key
ring file, but with the file extension .STH. Domino uses the stash file to
store the key ring file password for unattended access to the server key
ring file.
Setting Up SSL on a Domino Server 46-3

Every server certificate includes a distinguished name used for SSL
connections. You set up this distinguished name when you create the
server key ring file. Some components of a distinguished name are
optional; however, the more components you include, the less likely you
are to encounter an identical name elsewhere on the Internet.
Note If you are requesting a server certificate from a server-based
certification authority, you can use the Notes client to create the server key
ring and request a server certificate in the Certificate Requests database.
For more information, see the topic “Requesting an SSL server
certificate” later in this chapter.
To create a server key ring file

1. Set up the Server Certificate Admin application.
2. From the Notes client, open the Server Certificate Admin application
on the server for which you want to enable SSL.
3. Click “Create Key Ring.”
Field Action
Key Ring File Enter the key ring file name. The default is
Name KEYFILE.KYR. It’s helpful to use the extension .KYR to
keep key ring file names consistent.
Note The server’s key ring file name appears in any
Internet Site documents that you have configured, or, if
Internet Site documents are not being used, on the Ports
- Internet Ports tab of the Server document. If you
specified a name other than the default, you need to edit
the name where it appears - in the Internet Site
documents or in the Server document.
Key Ring Enter the password for the key ring.
Password
Key Size Specify the key size Domino uses when creating the
public and private key pairs. The larger the size, the
stronger the encryption.
Common name Enter the server’s TCP/IP fully-qualified domain name
— for example, www.acme.com.
Set up the server certificate so that the common name
matches the host name since some browsers check for
this match before allowing a connection.
Organization Enter the name of the organization — for example, a
company name, such as Acme.
continued

Security
Field Action
Organizational (Optional) Enter the name of certifier division or
Unit department.
City or Locality (Optional) Enter the organization city or locality.
State or Province Enter the full name of the state or province in which the
certifier organization resides.
Country Enter the two-character abbreviation of country in
which organization resides
5. Click “Create Key Ring.”

6. After you read the information about the key ring file and
distinguished name, click OK. Notes creates the key ring file and
stash (.STH) file and places them in the Notes data directory on the
client machine used to create the key ring.
7. Copy the key ring file and stash (.STH) file to the Domino data
directory on the server.
Caution You must ensure that the key ring password in the stash
file is protected. The key ring file password is altered in the stash file
so that it cannot be recognized by a casual observer, but it is not
encrypted. You should not allow unauthorized persons access to
either the stash file or the key ring file. In the normal course of
operation, only the server itself should have access to those files;
however, administrators may also need permission to remove or
replace the files. As with all server resources, managing proper file
permissions and protections is vital to the security of the system.
8. Request an SSL server certificate.
Requesting an SSL server certificate

When you request an SSL server certificate, you use Public-Key
Cryptography Standards (PKCS) format, an industry-standard format
that many CAs, including Domino, understand. Before you request a
certificate from a third-party CA, make sure the CA uses the PKCS
format, not some other format, such as Privacy-Enhanced Mail (PEM). If
you are unsure of the format required by a third-party CA, check with
that CA.
A certificate request is essentially certificate data that has not been signed
by a CA. The CA turns the request into a certificate by signing it.
If you are requesting a server certificate from a server-based certification
authority, you can use the Notes client to create the server key ring and
the server certificate in the Certificate Requests database. You must be
able to access the Domino server using the Notes client.

To request a server certificate using a Notes client
1. From the Notes client, open the Certificate Requests database for the
certifier from which you want to request a server certificate.
2. Do the following to create a server key ring file to store the server
certificate and merge the CA certificate as a trusted root into the
server key ring file:
a. In the Certificate Requests database, choose Domino Keyring
Management - Create Keyring.
b. In the Create Key Ring form, complete these fields:
Field Action
File name Enter a file name for the Key Ring file and keep the .kyr.
Password Enter a password for the key ring file.
Key size Choose a key size.
Common name Enter the fully qualified host name — for example,
server.company.com.
Organization Enter the name of the certifier organization.
name
State or Enter the full name of the state or province in which
province the organization is located.
Country Enter a two-letter abbreviation for the country in
c. Verify the information in the “Key Ring Created” dialog box,

then click OK to automatically add the CA as a trusted root and
generate a certificate request for the server.
d. Verify the information in the “Merge Trusted Root Certificate
e. Click OK when the “Certificate received into key ring and
designated as trusted root” confirmation dialog box appears.
f. Click OK when the “Certificate Request Successfully Submitted
for Key Ring” dialog box appears.
After an RA approves the request for a server certificate, the CA
issues a server certificate and sends notification that you can pick up
the certificate.
3. In the Issued/Rejected Certificates view, open the issued server
request and copy the Request ID to the Clipboard.
4. Choose Domino Key Ring Management - Pickup Key Ring Certificate.
5. Enter the key ring file name and password, paste the pickup ID into
the form and click Pickup Certificate.

Security
6. Verify the information in the “Merge Signed Certificate
7. When the “Certificate received into key ring” dialog box appears,
click OK.
8. Copy or use FTP (in binary mode) to transfer the new key ring and
its associated .STH file to the server’s data directory.
From a Domino CA using a Web browser

This procedure for generating a server certificate request is the same
regardless of whether you are requesting a server certificate from a
Domino server-based certification authority or a Domino 5 certificate
authority.
1. Make sure you already created the server key ring file and mapped a
drive to the directory that contains the server key ring file.
2. From the Notes client, open the Domino Directory of the server on
which you want to create SSL, and open the Server Certificate
Admin application.
3. Click “Create Certificate Request.”
Field Enter
Key Ring File The name of the server key ring file, including the
Name path to the file
Log Certificate Choose one:
Request • Yes (default) to log information in the Server
Certificate Admin application
• No to not log information
Method Choose Paste into form on CA’s site
5. Click Create Certificate Request.

6. Enter the password for the server key ring file.
7. Copy the certificate request to the system Clipboard (include the
Begin Certificate and End Certificate lines), and click OK.
8. On the server, use one of these methods to browse to the Domino
certificate authority application (the Certificate Requests application
for a server-based certification authority, and the Domino Certificate
Authority for a Domino 5 Certificate Authority) on the Domino
server’s Web site:
• If you use Microsoft Internet Explorer, use SSL (HTTPS) to
connect to the application. You need to trust server certificate in
order to use SSL to access the server. To install (and trust) the

server certificate, in the IE security alert dialog box click “View
Certificate” - “Install Certificate,” and follow the instructions. To
trust all site certificates certified by a given CA, click “Accept this
authority in your browser” before accessing the server with SSL.
This option is available in both the Certificate Requests and
Domino Certificate Authority applications.
• If you use Netscape, use SSL to connect to the application. Then
use the instructions provided by the browser software to accept
the site certificate.
9. Click “Request Server Certificate.”
10. Enter your name, e-mail address, phone number, and any comments
for the CA.
11. Paste the certificate request into the dialog box, and then click
“Submit Certificate Request.”
12. Merge the CA certificate as a trusted root.
From a third-party CA
1. Make sure you already created the server key ring file.
2. From the Notes client, open the Server Certificate Admin application
on server for which you want to set up SSL.
Field Enter
Key Ring File The name of the server key ring file including the path
Name to the file
Log Certificate Choose one:
Request • Yes (default) to log information in the Server
Certificate Admin application
• No to not log information
Method Choose one:
• Paste into form on CA’s site (recommended)
• Send to CA by e-mail
Note You must choose the paste option to submit a
request to VeriSign, which doesn’t use PKCS format for
requests sent by e-mail. If you choose “Send to CA by
e-mail,” enter the CA’s e-mail address, and your e-mail
address, phone number, and location.

6. Enter the password for the server key ring file.

Security
7. If you selected “Paste into form on CA’s site” in Step 4, do the
following:
a. Copy the certificate request to the system Clipboard (include the
Begin Certificate and End Certificate lines).
b. Use a browser to visit the CA’s site, and then follow the
instructions that the CA’s site provides for submitting a request
for a new certificate.
8. Merge the CA certificate as a trusted root.
Merging a CA certificate as a trusted root

The server certificate must contain the CA certificate as a trusted root.
The trusted root allows servers and clients that have a common CA
certificate to communicate. Before you merge a server certificate signed
by a CA, merge the CA certificate into your key ring file as a trusted root.
From a Domino CA
Note This procedure is the same regardless of whether you are using a
Domino server-based certification authority or a Domino 5 certificate
authority.
1. Make sure that you requested the server certificate and mapped a
drive to the directory that contains the key ring file.
2. Browse to the certificate authority application (the Certificate
Requests application for a server-based certification authority, and
the Domino Certificate Authority for a Domino 5 Certificate
Authority) on the Domino CA:
• If you use Microsoft Internet Explorer, use HTTP to connect to the
application.
• If you use Netscape, use SSL to connect to the application. Then,
use the instructions provided by the browser software to accept
the site certificate.
3. Click “Accept This Authority in Your Server.”
4. Highlight the certificate text and copy it to the system Clipboard
(include the Begin Certificate and End Certificate lines).
5. From the Notes client, open the Server Certificate Admin application.
6. Click “Install Trusted Root Certificate into Key Ring.”
7. Enter the name of the key ring file that will store this certificate. You
specified this name when you created the server certificate request.
8. Enter the name that the key ring file will use to identify this
certificate. If you leave this field blank, Domino uses the
distinguished name of the certificate.

9. In the Certificate Source field, choose Clipboard. Paste the Clipboard
contents into the next field.
10. Click “Merge Trusted Root Certificate into Key Ring.”
11. Enter the password for the key ring file, and then click OK.
12. Have the CA sign the server certificate.
View the default trusted roots in the key ring file to make sure the
third-party CA’s certificate is not already included. If it is already
included, you do not need to complete these steps.
For more information, see the topics “Default Domino SSL trusted roots”
and “Viewing SSL server certificates” later in this chapter.
1. Make sure that you requested the server certificate and mapped a
drive to the directory that contains the key ring file.
2. Browse to the Web site of the CA and obtain the CA’s trusted root
certificate. In most cases, the trusted root certificate is in a file
attachment, or the certificate is available for you to copy to the
Clipboard.
4. Click “Install Trusted Root Certificate into Key Ring.”
5. Enter the name of the key ring file that will store this certificate. You
specified this name when you created the server certificate request.
6. Enter the name that the key ring file will use to identify this
certificate. If you leave this field blank, Domino uses the
distinguished name of the certificate.
• If you copied the contents of the CA’s certificate to the Clipboard
in Step 2, choose Clipboard in the Certificate Source field. Paste
the Clipboard contents into the next field.
• If you received a file that contained the CA’s certificate in Step 2,
detach the file to your hard drive and select File in the Certificate
Source field. Enter the file name in the File name field.
8. Click “Merge Trusted Root Certificate into Key Ring.”
9. Enter the password for the key ring file, and then click OK.
10. Have the CA complete the procedure “Signing server certificates.”

Security
Default Domino SSL trusted roots
Domino includes several trusted root certificates by default when you
create a server key ring file. You do not need to merge a third-party CA’s
certificate as a trusted root if it exists in the key ring file by default.
Trusted root certificate name Organization Organizational Unit Country

VeriSign International Server VeriSign, Inc. Class 3 Public US
CA - Class 3 Primary
Certification
Authority
VeriSign Class 3 Public VeriSign, Inc. Class 3 Public US
Primary Certification Primary
Authority Certification
Authority
Authority
Authority
VeriSign Test Certificate VeriSign, Inc. Test CA US
Authority
RSA Secure Server RSA Data Secure Server US
Certificate Authority Security, Inc. Certification
Authority
Netscape Test Certificate Netscape Test CA US
Authority Communications
Corp.
RSA Low Assurance RSA Data Low Assurance US
Certificate Authority Security, Inc. Certification
Authority

Signing server certificates
The CA creates a digital signature over the server certificate request
using the CA’s private key. This action creates a server certificate.
Essentially, the act of signing the certificate request turns the request into
a certificate. The server certificate is then considered valid.
The method used to sign a server certificate depends on whether the
certificate was issued by a Domino or third-party CA.
For more information on how a Domino server-based certification
authority signs certificates, see the chapter “Setting Up a Domino
Server-Based Certification Authority.”
For more information on how a Domino 5 certificate authority signs
certificates, see the chapter “Setting Up a Domino 5 Certificate
Authority.”
Signing methods for third-party CAs will vary. If you choose to use a
third-party CA, check with that CA for information about how they sign
certificates.
Merging a server certificate into the key ring file

After you merge the CA’s certificate as a trusted root and the CA
approves your server certificate request, merge the signed certificate into
the server’s key ring file.
From a Domino CA
Note This procedure is the same regardless of whether you are
requesting a server certificate from a Domino server-based certification
authority or a Domino 5 certificate authority.
1. Make sure the CA signed the certificate and you mapped a drive to
the directory that contains the server key ring file.
2. Obtain the server certificate by doing one of the following:
• If the CA gave you the URL to use to pick up the certificate in the
Domino Certificate Authority database, browse to the URL
provided in the e-mail.
or
• Obtain the pickup ID from the CA, and then do the following:
a. Open the Certificate Requests or Domino 5 Certificate
Authority application with a browser.
b. Click Pick Up Server Certificate.
c. Enter the pickup ID and click “Pick Up Signed Certificate.”

Security
3. Highlight the certificate text and copy it to the system Clipboard
(include the Begin Certificate and End Certificate lines).
5. Click “Install Certificate into Key Ring.”
6. Enter the file name for the key ring that will store this certificate. You
specified this key ring file when you created the server certificate
request.
7. In the Certificate Source field, choose Clipboard. Paste the Clipboard
contents into the next field.
8. Click “Merge Certificate into Key Ring.”
9. Enter the password for the key ring file, and then click OK to
approve the merge.
10. Configure the SSL port.
1. Make sure the CA signed the certificate and you mapped a drive to
the directory that contains the server key ring file.
2. Use the instructions provided by the CA to pick up the certificate. In
most cases, the CA mails the certificate as a file attachment or gives
you a URL to visit to copy and paste the certificate to the Clipboard.
4. Click “Install Certificate into Key Ring.”
5. Enter the file name for the key ring that will store this certificate. You
created this key ring file when you created the server certificate
request.
• If you copied the certificate to the Clipboard, choose Clipboard in
the Certificate Source field. Paste the Clipboard contents into the
next field.
• If you received a file attachment that contains the certificate,
detach the file to your hard drive, and then choose File in the
Certificate Source field. Enter the file name in the File name field.
7. Click “Merge Certificate into Key Ring.”
8. Enter the password for the server key ring file, and then click OK to
approve the merge.
9. Configure the SSL port.

SSL port configuration
The SSL protocol always provides an encrypted, integrity-checked,
communications channel and authenticated server identity. SSL servers
can be optionally configured to request various forms of client identity
authentication.
You must enable SSL on a protocol-by-protocol basis. Some Internet
protocols do not support client certificate authentication.
To set up a port for SSL authentication, do the following:
1. Configure the port.
2. Determine whether you require users to access the server using only
SSL or both SSL and TCP/IP.
If you are using Internet Site documents, you configure most SSL port
parameters in the Internet Site document for each protocol. However,
you must still configure the following settings in the Server document for
each Internet protocol: TCP/IP port and status, SSL port and status. You
must also specify whether you want to enforce server access settings for
the TCP/IP port of a given protocol.
Using server authentication only

Server authentication encrypts data and authenticates server identity. To
control access to databases on the server by user name, set up
name-and-password authentication. To enable SSL for server
authentication only:
• The server must have a certificate from a Domino or third-party CA.
• The clients must have the server’s CA certificate marked as a trusted
root. Clients can also trust the SSL server certificate directly, by
creating a cross-certificate for it.
• If you are using a Notes client, the Notes client must have a
cross-certificate for the server CA or the SSL server’s certificate.
For more information on name-and-password authentication, see the
Domino Servers.”

Security
Using client certificate authentication
In addition to the security provided by server authentication, client
certificate authentication verifies the client’s identity through the use of
Internet (x.509) client certificates. Using server and client certificate
authentication, you can control access to databases by specifying
individual client user names in the database ACLs. To enable SSL for
client certificate authentication:
• Complete the above requirements for server authentication.
• The clients must have certificates from a Domino or third-party CA.
• The server must have the client’s CA certificate marked as a trusted
root.
• Each client must have a Person document in the Domino Directory
that contains the SSL public key from the client certificate.
For more information on setting up client authentication, see the chapter
“Setting Up Clients for S/MIME and SSL.”
Configuring a port for SSL

You can configure a port to use only server authentication or to use both
server and client authentication.
If you are using Internet Site documents, see the chapter “Installing and
Setting Up Domino Servers.”
To configure a port for SSL in the Server document

1. From the Domino Administrator, click Configuration - Servers, and
2. Click the Ports - Internet Ports tabs.

Field Enter
SSL key file The file name of the server key ring file that the server uses.
Note Domino does not use this field for IIOP, which uses a
separate key ring file. You cannot change the name of the
IIOP key ring file.
SSL protocol Choose one:
version • V2.0 only to allow only SSL 2.0 connections.
• V3.0 handshake to attempt an SSL 3.0 connection. If this
fails and the requester detects SSL 2.0, then attempts to
connect using SSL 2.0.
• V3.0 only to allow only SSL 3.0 connections.
• V3.0 and V2.0 handshake to attempt an SSL 3.0
connection, but start with an SSL.2.0 handshake, which
displays relevant error messages. Makes an SSL 3.0
connection, if possible.
• Negotiated (default) to attempt an SSL 3.0 connection. If it
fails, the server attempts to use SSL 2.0. Use this setting
unless you are having connection problems caused by
incompatible protocol versions.
Note Domino does not use this field for HTTP.
Accept SSL Choose one:
site • Yes to allow this server to accept the site certificate and
certificates use SSL to access an Internet server, even if the Domino
server does not have a certificate in common with the
Internet server.
• No to not allow this server to accept site certificates.
Accept Choose one:
expired SSL • Yes to allow clients to access the server, even if the client
certificates certificate is expired.
• No to not allow clients to access the server with expired
client certificates.

Security
4. Click the tab for the protocol that you want to configure, and then
complete these fields:
Field Enter
SSL port Enter the port number on which Domino listens for SSL
number requests. You configure this here regardless of whether you
are using Internet Sites or the Web Configurations view.
Note If you change the default port number, clients must
change their configurations as well. The default port
number is usually changed only if a firewall proxy uses the
reserved port number.
SSL port Choose Enabled to allow SSL connections on the port. You
status configure this here regardless of whether you are using
Internet Sites or the Web Configurations view.
Note Since a Domino server can be either an SMTP server
or an SMTP client, you have two choices for the SSL port
status field. To set up a Domino server as an SSL-enabled
SMTP server, choose Enabled in the SMTP Inbound field.
Client Choose one:
certificate • No to not use client authentication.
• Yes to use client authentication.
SMTP and IIOP do not support client authentication.
Name & Choose one:
password • No to not use name-and-password authentication.
• Yes to use name-and-password authentication.
Anonymous Choose one:
• Yes to allow anonymous access. You must choose Yes if
you want users to connect using server authentication
only.
• No to prevent anonymous access.
If you choose Yes for both Anonymous and Client
certificate, Domino first tries to authenticate the client. If
that fails, Domino tries to connect the user anonymously.
If you choose Yes for Anonymous, Client certificate, and
Name & password, Domino first tries to authenticate the
client using the client certificate. If that fails, Domino tries
to use name-and-password authentication. If that fails,
Domino tries to connect the user anonymously.
LDAP must be configured to allow anonymous SSL
connections in order to do name lookups.
IMAP, POP3, and SMTP do not support anonymous access.

For information on how Domino authenticates clients when
anonymous, client authentication, and name and password are
enabled, see the chapter “Setting Up Name and Password and
Requiring an SSL connection to a server

Require SSL connections when you want to make sure that clients use a
secure connection to access databases on the server. You do this by
redirecting connection requests that come in over the TCP/IP port to the
SSL port. If you do not require an SSL connection, clients can use either
SSL or TCP/IP to connect to the server.
You can set up the redirection of TCP/IP to SSL for the HTTP, IMAP,
and LDAP protocols only. POP3 and SMTP do not support the “Redirect
to SSL” setting.
You enable “Redirect to SSL” in one of two ways:
• For Domino 6 servers, use a Web Site document for requiring SSL
connections for HTTP clients. For IMAP and LDAP, you do this in
the Server document.
• For all protocols on Domino 5 servers, configure this in the Server
document.
To require SSL connections to a server in the Server document

2. Click the Ports - Internet Ports tab.
3. Click the tab for the protocol for which you want to require SSL.
4. In the TCP/IP port status field, select “Redirect to SSL.”
For individual databases

You can also require clients to use SSL to connect to the server on a
database-by-database basis, by configuring the requirement to connect
with SSL in the database application itself.
1. Start the Notes client.
2. Select the database for which you want to force clients to use SSL.
3. Open the Database Properties box.
4. On the Basics tab, click Web Access: Require SSL connection.

Security
Setting up database access for SSL clients
After you set up SSL on a Domino server, you must give the clients
access to databases on the server.
For anonymous users

If you set up a client for server authentication only, you cannot enter the
user’s name in a database ACL since the client does not use a user name
to access the server. Instead, you add the entry Anonymous to database
ACLs and design element access lists. If you do not specify Anonymous
access, Domino gives anonymous users -Default- access.
For client authentication

If you set up a client for client and server authentication, you can control
the client’s access to databases by adding the client’s name to database
ACLs and design element access lists. You must use the first name listed
in the User name field of the Person document for the client. For example,
if a User name field contains the entries Alan Jones/Acme, ajones, Alan,
AJ; add the name Alan Jones/Acme to the ACL and design element
access lists. Alan Jones can authenticate with the server using any of the
names listed, but Domino uses the first name in the User name field to
verify entries in ACL and design element access lists. It is strongly
recommended that the first name be in hierarchical name format.
For more information, see the chapter “Controlling User Access to
Domino Databases.”
SSL session resumption

SSL session resumption greatly improves performance when using SSL
by recalling information from a previous successful SSL session
negotiation to bypass the most computationally intensive parts of the SSL
session key negotiation. HTTP is the protocol that benefits the most from
SSL session resumption, but other Internet protocols may benefit as well.
By default, the server caches information from the 50 most recently
negotiated sessions. This number can be modified by setting the variable
SSL_RESUMABLE_SESSIONS in the NOTES.INI file. Increasing that
number may improve performance on servers that tend to carry large
numbers of concurrent SSL sessions.
SSL session resumption can be disabled by setting
SSL_RESUMABLE_SESSIONS=1 on the server.
SSL_RESUMABLE_SESSIONS has no effect on the Notes client. The
Notes client will cache the most recent SSL session.
Note You cannot configure SSL sessions to time out and expire.

Managing server certificates and certificate requests
Do the following to manage your server certificates and certificate
requests:
• View SSL server certificates
• Renew an expired certificate
• View requests for certificates
• Mark or unmark a CA’s certificate as a trusted root
• Change the password for the server key ring file
Viewing SSL server certificates

Each SSL server certificate contains this information:
• The expiration date. The default trusted roots that come with
Domino do not have expiration dates.
• The distinguished name of the server that requested the certificate.
• The distinguished name of the CA that signed the certificate.
• The size of the public key. The size determines the strength of the
encrypted public key.
To view an SSL server certificate

1. Map a network drive to the directory that contains the key ring file.
2. From the Notes client, open the Server Certificate Admin
(CERTSRV.NSF) application.
3. Click “View & Edit Key Rings.”
4. Click “Choose Key Ring to Display.”
5. Enter the name of the key ring file that contains the certificates you
want to view.
6. Enter the password for the key ring file.
7. Do one of these:
• To view the server certificate, select a document in the Site
Certificates category.
• To view a trusted root certificate, select a document in the
Certification Authorities category.

Security
Renewing expired certificates
After a certificate expires, you can no longer use it to communicate with
servers and clients.
If you obtained a server certificate from a Domino certificate authority,
request a new one.
If you obtained a server certificate from a third-party certificate
authority, you may be able to renew it by submitting a request to the
third-party CA’s Web site, which often includes your user name,
password, and a challenge phrase. If it is possible to renew your server
certificate, this information is accepted and you will be prompted to
renew. If you cannot renew your server certificate, you will have to
submit a request for a new one.
Viewing requests for certificates

Server administrators can view information about certificate requests
that they sent to a CA to keep track of the request. The request document
tracks the method used to submit the certificate, date and time of the
request, the key ring file for the certificate, information about the
certificate, and, if used, the e-mail address to which the server
administrator sent the request.
To view certificate requests

2. Click “View Certificate Request Log.”
3. Open the request document.
Marking or unmarking a CA’s certificate as a trusted root

Remove a CA’s certificate as a trusted root from the server certificate
when you no longer want to communicate with servers and clients that
use certificates signed by that CA.
1. Map a drive to the directory that contains the key ring file.
2. From the Notes client, click the Files tab, and open the Server
Certificate Admin application.
4. Click “Choose Key Ring to Display.”
5. Enter the name of the key ring file that contains the certificates you
want to view.

7. In the Certification Authorities category, open the document that
contains the certificate you want to edit.
8. Click one:
• “Trust This Certificate” to mark a certificate as a trusted root.
• “Do Not Trust This Certificate” to unmark a certificate as a trusted
root.
Domino marks the certificate as untrusted but does not remove
the certificate from the database. To delete a certificate
permanently from the key ring file, click Delete. After you delete
the certificate, you cannot recover it. Instead, you must merge the
certificate as a trusted root again.
Changing the password for the server key ring file

1. From the Notes client, click the Files tab, and open the Server
Certificate Admin application.
3. Click “Change Key Ring password.”
4. Enter the name of the key ring file, and then click OK.
5. Enter the current password, and then click OK.
6. Enter the new password of at least 12 alphanumeric characters, and
then click OK.
Creating a self-certified certificate to test SSL certification

You can create a self-certified certificate to test the certificate procedure
at your organization. Because this certificate is not certified by a CA, use
it only for testing purposes.
1. From the Notes client, open the Server Certificate Admin application,
and then click “Create Key Rings & Certificates.”
2. Click “Create Key Ring with Self-Certified Certificate.”
3. Complete these fields, and then click “Create Key Ring with
Self-Certified Certificate”:
Field Enter
Key ring file A file name with the extension .KYR.
name
Key ring At least 12 case-sensitive, alphanumeric characters.
password
continued

Security
Field Enter
Common name A descriptive name that identifies the server certificate
— such as, Acme SSLCA.
Organization The name of the organization — for example, a
company name, such as Acme.
Organizational (Optional) Name of certifier division or department.
Unit
City or Locality (Optional) The organization city or locality.
State or Province Three or more characters that represent the state or
province in which the organization resides — for
example, Massachusetts. (For U.S. states, enter the
complete state name, not the abbreviation.)
Country A two-character representation of the country in which
the organization resides — for example, US for United
States or CA for Canada.
4. Copy the key ring file and stash (.STH) file to the Domino data
directory of the server.
5. Configure the port for SSL.
6. Set up database access.
Modifying SSL cipher restrictions

SSL uses public, private, and negotiated session keys. Every SSL certificate
has one pair of keys — a public key and private key — that are created
when the SSL certificate is generated, and enable certificate owners to
identify themselves over the network and to use S/MIME to encrypt and
sign messages. Certificates contain only the public key. The private key is
kept in the ID file for the Notes client, and is kept in the key ring in the case
of the SSL server.
The session key is negotiated during the handshake — the main
purposes of the handshake are to generate the session key and to identify
the server to the client and, optionally, the client to the server. The size of
the session key is determined by the cipher being used. For example, the
cipher RSA_WITH_RC4_128_MD5 uses a 128-bit session key. The cipher
RSA_EXPORT_WITH_DES40_CBC_SHA uses a 40-bit session key.
What ciphers are available are also limited by the size of the server’s
public key. The RSA_EXPORT_ ciphers can only be used with 512-bit
RSA keys and smaller. The RSA_EXPORT1024_ ciphers can only be used
with 1024-bit RSA keys and smaller. Ciphers that do not contain the
EXPORT designation do not have any RSA key size restrictions.

You can restrict the use of SSL ciphers for Internet protocols. You can
specify the use of a 128-bit cipher only for the HTTP service, for example,
to require users to access a server using a domestic browser version. If no
configuration parameters are set, then there is no restriction on the SSL
ciphers used for that protocol.
There are three ways to configure SSL ciphers, depending on how you
choose to configure Internet protocols on your Domino server:
• In an Internet Site document. If you use Internet Site documents, you
can specify a different set of SSL cipher restrictions for each protocol.
• Through the Server document. However, if you use the Server
document you can restrict SSL ciphers for HTTP only. You must use
the NOTES.INI variable SSLCipherSpec to restrict ciphers for
protocols other than HTTP.
• Through the NOTES.INI variable SSLCipherSpec. All SSL cipher
settings configured in either Site documents or in the Server
document will be superseded by the INI variable.
For information about changing SSL cipher restrictions in Internet Site
documents, see the chapter “Installing and Setting Up Domino Servers.”
To modify SSL cipher restrictions in the Server document

Server document in the Domino Directory.
2. Click Ports - Internet Ports - Web.
3. In the SSL Ciphers field, click Modify. This displays a list of available
SSL cipher specifications.
4. Select the cipher specification(s), then click OK.
To modify SSL cipher restrictions using the NOTES.INI file

Use the NOTES.INI setting SSLCipherSpec to specify SSL restrictions for
all protocols. Ciphers are specified by a 2-digit code. You can add as
many ciphers as you need.
For example, to enable 3DES and RC4128SHA ciphers, enter the
following line in the NOTES.INI file:
SSLCipherSpec=050A
where 05 = 3DES and 0A = RC4128SHA.

Caution Using SSLCipherSpec overrides all SSL cipher restrictions in
Internet Site documents and in the Server document.

Security
Authenticating Web SSL clients in secondary Domino and LDAP
directories
When a Web client authenticates with a server, by default, the server
checks the primary Domino Directory to see if the client certificate exists
in the Person document. If your organization uses a secondary Domino
Directory and/or an LDAP directory to verify client certificates, you can
set up Domino to check those additional directories. To do so, you set up
the secondary Domino and LDAP directories as trusted domains in the
Directory Assistance database.
When you mark the domain as trusted, Domino searches the primary
Domino Directory for the user and then searches the trusted secondary
Domino and LDAP directories. When you set up directory assistance,
you specify the order in which Domino searches the secondary
directories.
In addition, Domino checks the primary Domino Directory and
secondary directories you trust when you add SSL client certificates to
the Domino Directory using the Domino Certificate Authority
application. You cannot, however, add client certificates to an LDAP
directory even if the LDAP directory is set up on a Domino server.
It is recommended that you use SSL to secure information sent between
the server and the LDAP directory server.
For information on adding client certificates to the Domino Directory and
using SSL to secure LDAP directory lookups, see the chapter “Setting Up
For information on using SSL for LDAP directory lookups, see the
chapter “Setting Up Directory Assistance.”
The hierarchical name returned by the Domino Directory or LDAP
directory is checked against the trusted rule in the Directory Assistance
database to verify that the organization and organizational units match
the specified rule. For example, if the user name returned is Dave
Lawson/Acme, the Directory Assistance document must include the rule
*/Acme.
Searching multiple directories is also available for authenticating users
who use name-and-password authentication.
For more information on setting up secondary Domino and LDAP
directory authentication of SSL clients, see the chapter “Setting Up
Directory Assistance.”

Security
Chapter 47
Setting Up Clients for S/MIME and SSL
This chapter describes how to set up a Notes client to use SSL and send
secure S/MIME messages. It also describes how to set up an Internet
client to use SSL to connect to a Domino server.
SSL and S/MIME for clients

Clients can use a Domino certificate authority (CA) application or a
third-party CA to obtain certificates for secure SSL and S/MIME
communication.
Authenticating clients and servers using SSL

Notes and other Internet clients use the SSL protocol to encrypt data,
authenticate server identity and, optionally, authenticate client identity
when a Notes or other Internet client connects to an Internet server — for
example, a Web server or an LDAP server.
On the server, SSL is set up on a protocol-by-protocol basis. You can
enable SSL on all protocols or enable SSL on some protocols but not
others. For example, you can enable SSL on mail protocols (IMAP, POP3,
SMTP) and disable it for HTTP.
Server authentication lets clients verify the identity of the server to which
they are connecting, to make sure that another server is not posing as the
server they want to access.
Client certificate authentication lets server administrators identify the
client accessing the server and control access to applications based on
that identity. For example, if you want Alan Jones to have Editor access
to a database and all others accessing the database to have no access, you
can set up the application database ACL to include Alan Jones as an
Editor and Anonymous as No Access.
47-1
Notes and other Internet clients that use client certificate authentication
have an Internet certificate that is stored in the Notes ID file for Notes
client, and in a local file for Internet clients. The certificate includes a
public key, a name, an expiration date, and a digital signature. The
corresponding private key is stored in the ID file, but is stored separately
from the certificate. For Notes clients, the client certificate is also stored
in the Domino Directory so that others can access the public key.
Notes and Internet clients can obtain Internet certificates from either a
Domino certification authority or a third-party certifier.
How you set up the client depends on whether the server requires client
certificate authentication.
As an administrator, you should carefully consider whether you want to
require client certificate authentication. If you do not need to identify
Internet users who access the server, you do not need to set up client
authentication. In fact, in some cases, requiring an Internet certificate
may deter users from accessing a server — for example, a server that
hosts a Web site. If you require an Internet certificate, users need to
perform additional steps to obtain the certificate and set up client
certificate authentication.
Note By enabling the setting “Accept SSL Site Certificates” in the
Location record, the Notes client can ignore cross-certificates and server
authentication entirely. The user can also choose to create
cross-certificates on the fly when connecting to a server using SSL.
Securing messages with S/MIME

S/MIME is a protocol used by clients to sign mail messages and send
encrypted mail messages over the Internet to users of mail applications
that also support the S/MIME protocol — for example, Microsoft
Outlook Express and Netscape Communicator. The Notes client uses the
public key stored in the Internet certificate in the Personal Address Book,
Domino Directory, or LDAP directory to encrypt messages.
Encrypted mail messages cannot be read by unauthorized users while
the message is in transit. Electronically signed messages show that the
person who signed the message had access to the private key associated
with the certificate stored in the signature.
For more information on S/MIME signatures and encryption, see the
chapter “Encryption and Electronic Signatures.”

Security
Setting up Notes and Internet clients for SSL authentication
You can set up Notes or other Internet clients for server authentication to
encrypt data and authenticate the server identity when connecting to an
Internet server. You do not need an Internet certificate if you set up a
client for server-only authentication.
On the server, SSL is set up on a protocol-by-protocol basis. You can
choose to enable SSL on all protocols, or enable SSL on some protocols
but not others. For example, you can enable SSL on mail protocols
(IMAP, POP3, SMTP) and disable it for HTTP. You must also enable the
port for anonymous access; otherwise, Domino requires an Internet
certificate or a name and password from the client.
To access an Internet server using SSL, clients must have:
• Software, such as a Web browser or a Notes client, that supports SSL.
• A trusted root certificate from a Domino or third-party certifier.
• (Notes client only) A cross-certificate created using the trusted root
certificate for the Domino or third-party certifier. The trusted root
certificate is no longer necessary after you create a cross-certificate.
Note Secure transactions are indicated by the use of the term https:// in
URLs for SSL-secured sites. A browser user can specify this when
initiating a secure transaction. More likely, the user will navigate to a
login page, where it is necessary to log in with a name and password in
order to access the secure Web page.
Obtaining a trusted root certificate for SSL authentication

The copy of the CA’s certificate is called a trusted root certificate. After
obtaining the trusted root certificate and — if you are using a Notes
client — an Internet cross-certificate for the root certificate, the client will
trust the CA and by extension, any certificates issued by this CA. If you
are setting up server authentication for an Internet client, you add this
trusted root to a local file. If you are setting up server authentication for a
Notes client, you add this trusted root to a Domino Directory that users
can access to generate a cross-certificate in their Personal Address Book.
Notes clients can also obtain a trusted root certificate and cross-certificate
to gain access to the server; however, adding the trusted root certificate to
the Domino Directory simplifies the process of setting up server
authentication for users.
Setting Up Clients for S/MIME and SSL 47-3

Note A users can accept certificates automatically, without having to
obtain the roots or cross-certificates, by enabling the option “Accept site
certificates” in the location document for the Notes client. However,
accepting certificates from unknown servers is a security risk. If a user
doesn’t know the sources of the certificates being accepted, it is possible
to accept certificates from malicious sources.
To obtain a trusted root certificate for a Notes client

1. Make sure that you have a trusted root certificate for the CA. In the
Domino Administrator, click Configuration - Certificates -
Certificates, and view the certificate in the Internet Certifiers
category.
2. Instruct clients to complete the procedure “Creating an Internet
cross-certificate for a CA.”
To obtain a trusted root certificate for an Internet client

You can use the following procedures to obtain a trusted root certificate
for an Internet client.
If the trusted root certificate is for a Domino CA, the Internet client
performs these steps:
1. Browse to the Domino Certificate Requests (for Domino 6) or
Certificate Authority (Domino 5) application.
2. Select “Accept This Authority In Your Browser.”
Note If you use an SSL connection to browse to the application, the
server prompts you to accept the site certificate. Check the CA properties
to make sure that the certificate that is presented is from a source you
trust before accepting the certificate as a trusted root.
If the trusted root certificate is for a third-party CA, the Internet client
follows the third-party CA’s established procedure to merge the trusted
root certificate for the CA. If both the client and server have certificates
issued from the CA or already have a CA in common, then this step is
not necessary.
Creating an Internet cross-certificate for a CA

Before a Notes client can authenticate servers or send secure S/MIME
messages, the client must first create a cross-certificate for the CA server
and store it in the Personal Address Book. This allows the Notes client to
trust servers or clients that have certificates issued by that CA. The client
uses a trusted root certificate to create the cross-certificate. Once the
cross-certificate is created, the client no longer needs the trusted root
certificate.

Security
SSL server authentication for Internet clients other than Notes does not
require a cross-certificate.
A Notes client can also create a cross-certificate for a server or client;
however, this allows the Notes client to trust only that server or client.
The Notes client does not then trust other servers and clients with
certificates issued by a CA.
To create an Internet cross-certificate

1. Make sure the CA created a trusted root certificate in the Domino
Directory.
2. Instruct clients to retrieve an Internet cross-certificate through the
User Security dialog box.
For information on how Notes users can retrieve Internet
cross-certificates, see Lotus Notes 6 Help.
To view Internet cross-certificates

Notes users can view the Internet cross-certificates contained in their
For information on how Notes users can see their Internet
cross-certificates, see Lotus Notes 6 Help.
Internet certificates for SSL and S/MIME

Before Internet and Notes clients can use client authentication or send
signed mail, they must have an Internet certificate. To send encrypted
mail using S/MIME, they must have the recipient’s Internet certificate.
You need to complete these steps for Internet and Notes clients who are
creating new public and private keys for the Internet certificate. You do
not need to complete these steps if you are using a Notes client and the
CA issued certificates in the Person document of the Domino Directory.
Notes automatically adds Internet certificates stored in the Person
document to the Notes ID file when the user authenticates with the
server.
You can also set up Notes clients to use different certificates for signing
and encryption. You designate one Internet certificate authentication and
signing, and another for encryption.
For more information, see the topic “Dual Internet certificates for
S/MIME encryption and signatures” later in this chapter.

To obtain an Internet certificate for a Notes client
The procedure that Notes clients follow to request an Internet certificate
is same whether a Domino CA or third-party CA is issuing the
certificates.
1. Have users request an Internet certificate.
2. The CA approves the request, and Domino automatically adds the
client’s Internet certificate to the user’s Person document.
3. Have users merge the Internet certificate into their ID file.
For information on how Notes users request and merge Internet
certificates, see Lotus Notes 6 Help.
You can also issue Internet certificates for Notes clients without requiring
them to submit an Internet certificate request. See the topic “Issuing
Internet certificates in a Person document” later in this chapter.
To obtain an Internet certificate for an Internet client

The procedure you follow to request an Internet certificate depends on
whether you want to request a certificate from a Domino CA or a
third-party CA.
Domino CA
1. If you are using a Domino server-based certification authority,
browse to the Certificate Request application. If you are using a
Domino 5 certificate authority, browse to the Domino Certificate
Authority application.
• If you use Microsoft Internet Explorer, use HTTP without SSL to
connect to the Certificate Authority application. Internet Explorer
does not allow you to accept site certificates into your browser.
• If you use Netscape, use SSL to connect to the Domino Certificate
Authority application. When the browser asks whether you want
to accept the server certificate as a trusted root, follow the steps
provided by the browser to accept the certificate.
2. Click “Request Client Certificate” in the left pane.
3. Enter your name and organizational information. This information
will appear on your Internet certificate.
4. Enter any additional contact information that you want to send to the
CA.
5. Enter the size for the public and private keys. The larger the number,
the stronger the encryption.
6. Click “Submit Certificate Request” to send the request to the CA.

Security
Third-party CA
The third-party CA determines how you request an Internet certificate.
Browse to the third-party CA’s site, and enter the certificate request. A
dialog box appears that allows you to request the certificate.
Signing an Internet client certificate and adding the certificate to the

Domino Directory
When a CA signs an Internet client certificate, the CA adds a digital
signature to the certificate and, if you are using a Domino CA, adds the
public key to the Domino Directory. If you are using a third-party CA,
you must complete additional steps to add the public key to the Domino
Directory.
You do not need to complete these steps if you are using a Notes client
and the CA issued certificates in the Person document of the Domino
Directory. Notes automatically adds Internet certificates stored in the
Person document to the Notes ID file when the user authenticates with
the server.
The steps you follow to sign and add an Internet client certificate to the
Domino Directory depend on whether the certificate is issued from a
Domino server-based certification authority, a Domino 5 Certificate
Authority, or a third-party CA.
Before you approve client certificates for signing:
• Make sure you understand your organization’s policy on signing
certificates. Sign client certificates for clients if the certificate requests
comply with your organization’s security policy.
• Make sure you have the Administration Process set up on the server.
If you are signing a certificate for an Internet client, make sure you
created a Person document.
Domino server-based certification authority

The steps are completed by the Domino CA. You must be a registration
authority (RA) to approve client certificates for signing.
Certificate Requests application.
2. Transfer the certificate request into the Administration Requests
database.
Pending/Submitted Requests view. Press F9 to refresh the view
if the client request does not appear there.

b. If the view shows that the request has been “Submitted to
Administration Process,” go to the next step. If it is still in the
Pending state, highlight the request and click “Submit Selected
Requests.”
c. You should see a “Successfully submitted 1 request(s) to the
Administration Process” message. Click OK.
3. Approve or deny the request.
a. Open the Administration Requests database (ADMIN4.NSF),
open the Certification Authority Requests/Certificate Requests
view, and find the new client request.
c. Click Edit Request, and then click Approve Request or Reject
Request. Press F9 to make sure that the request changes state,
from New to Approved (or Rejected).
database.
b. Open the Issued/Rejected Certificates view and locate the client
request (you may need to refresh the view).
5. Notify the user who requested the client certificate.
a. If you enabled the option for e-mail confirmation upon
completion of the client request, then the once, the CA
automatically notifies the requester to pick up the certificate. If it
is denied, it sends the requester e-mail indicating that the request
was rejected.
b. If you did not enable the option for e-mail confirmation upon
completion of the client request, then you need to click “Send
Confirmation Mail” to notify the requester of the outcome.
Note If the Certificate Requests database is configured for automatic
request processing, then client requests are sent to the Administration
Requests database automatically by the database. The Registration
Authority only to approve or reject the request.
Domino 5 Certificate Authority

The Internet certificate request appears in the Client Certificate Requests
view in the Domino Certificate Authority application. When the CA signs
a certificate, the CA can automatically send e-mail to the client. This
e-mail describes where to pick up the certificate and includes a pickup
ID, which the client must use to identify the certificate during the pickup
process. Domino automatically generates the pickup ID.

Security
Note The steps below apply to signing client certificates issued by a
Domino CA. The steps are completed by the Domino CA.
2. Click “Client Certificate Requests” in the left pane.
3. Open the request you want to sign.
4. Review the user information and distinguished name. Make sure the
information provided complies with your organization’s security
policy.
5. Leave the option “Register certificate in the Domino Directory”
selected to add the client’s public key automatically to the Person
document.
If you want to deny the request, complete step 6. Otherwise, go to
step 7.
6. To deny the request:
a. Enter a reason for the denied request.
b. If you do not want to send the person e-mail, deselect “Send a
notification e-mail to the requester”; otherwise, the Domino
Certificate Authority application sends the person e-mail
indicating that you denied the request and the reason why you
denied the request.
c. Click Deny.
7. To approve the request:
a. Enter a validity period. For short-term projects, 90 days is typical;
for ongoing projects, you can enter several years.
b. If you do not want to send the client e-mail indicating that the
client can now pick up the certificate, deselect “Send a
notification e-mail to the requester”; otherwise, the Domino
Certificate Authority application sends an e-mail with a URL
indicating the location to pick up the certificate.
c. Click Approve and enter the password for the CA key ring file.
This places a request in the Administration Requests database.
When the Administration Process next runs, it processes the
request and adds the certificate to the client’s Person document
in the Domino Directory.
Note The client cannot use the certificate to authenticate against
database ACLs until the Administration Process completes the
request.

Third-party CA
If a user obtains an Internet certificate from a third-party CA using the
Notes client, the certificate is automatically added to their Person
document.
If a user obtains an Internet certificate from a third-party CA through a
browser, the certificate must then be added to their Person document.
For more information, see the topic “Publishing third-party CA client
certificates in a Person record” later in this chapter.
Issuing Internet certificates in a Person document

If you need to issue Internet certificates for Notes clients and you do not
want to require each user to submit an Internet certificate request and
merge the certificate into the ID file, you can issue the Internet certificate
using the existing public and private keys in the Notes ID file and add it
to the user’s Person document. Using the Domino Directory to issue
Internet certificates simplifies the process of distributing Internet
certificates to users.
The server on which you issue Internet certificates must be set up for the
Administration Process, and the users must have an Internet address
specified in their Person documents. In addition, you must add Internet
certificates that are created using a Domino certifier.
To issue an Internet certificate in a Person document

1. Make sure you have the Administration Process set up on the server.
2. From the Domino Administrator, click People & Groups.
3. Select the names of the users who need Internet certificates.
4. Choose Actions - Add Internet Cert to Selected People.
5. Check to make sure that the name of the correct registration server
appears at the top of the dialog box next to the Server button. If it
does not, click Server to choose the correct registration server.
6. Choose whether to supply the certifier key ring file and password, or
to use the CA process.
• If you choose to supply the certifier key ring file and password,
select the CA’s key ring file, and when prompted, enter the
password.
• If you choose to use the CA process, choose a certifier from the
drop-down list.
7. In the “Add Internet Certificates to Selected Entries” dialog box,
confirm that the expiration date is valid. If not, enter the correct date.
8. Click Certify.

Security
9. The certifier processes the request.
If you chose to provide a certifier ID, Domino creates a certificate for
each selected user and stores it in an “Add Internet Certificate to
Person Record” request in the Administration Request database.
If you chose to use the CA process, a certificate request is created in
the Administration Request database for each selected user. When
the CA processes the request, it creates the “Add Internet Certificate
to Person Record” request.
a. When the Administration Request database replicates with the
Domino Directory’s administration server, the Administration
Process places the certificate in the user’s Person document.
b. After the Domino Directory replicates with the user’s mail server
and the user subsequently accesses the mail server, Notes
recognizes there is a certificate in the Domino Directory that is
not in the user’s ID file. Notes automatically places the Internet
certificate in the user’s ID file.
Exporting and importing Internet certificates

Users can only use Internet certificates in the browser in which they
requested them. However, you can export Internet certificates from a
Person document and make them available to other users. You can also
import other’s Internet certificates into Person documents in the Domino
Directory. You can also import and export Internet certificates for use
between other Internet applications, such as Microsoft Outlook.
To export an Internet certificate from a Person document

1. From the Domino Administrator, click People & Groups, and open
the People view.
2. Open the Person document from which you want to export Internet
certificates.
3. Click Action - Export Internet Certificates.
4. In the Export Internet Certificates dialog box, select the certificate
that you want to export from the list box and click OK.
5. In the Select Export File Format dialog box, choose the file format in
which to save the exported certificate, and click OK. The default is
PKCS 12 encoded.
6. In the Export Options dialog box, enter a user-friendly name for the
exported file. Domino will suggest a default name.

7. In the “Password for Export File Containing Internet Certificates,”
enter a password to protect the export file. If you choose not to
assign a password to this file, click No Password. However, it is
highly recommended that you assign a password to protect this
information.
8. In the Specify Export File dialog box, choose the directory path and
file name for the file that contains the exported certificates, and click
OK. The certificates are successfully exported to the specified file.
9. Note the file name and password of the exported file for future
reference.
To import an Internet certificate into a Person document

1. From the Domino Administrator, click People & Groups, and open
the People view.
2. Open the Person document for which you want to import Internet
certificates.
3. Click Action - Import Internet Certificates.
4. In the Specify Export File dialog box, choose the directory path and
file name for the file that contains the exported certificates, and click
OK. Note that the file may not appear with the assigned file
extension. It is recommended that you choose the all files option in
the “Files of type” field to ensure that the exported files are
displayed in the file selection list box.
5. In the Select Import File Format dialog box, choose the file format in
which to save the imported Internet certificate, and click OK. The
default is PKCS 12 encoded.
6. In the “Enter Password” dialog box, enter the file password.
7. In the “Import Internet Certificates” dialog box, choose the Internet
certificate that you want to import, if there is more than one. Or you
can click “Accept All” to import all certificates in the file.
Viewing and deleting Internet certificates

When you no longer want an Internet client to use SSL client
authentication to access a Domino server or a Notes client to send
S/MIME encrypted mail to a specified recipient, delete the Internet
certificate from the Internet client’s Person document or the specified
recipient’s Person document in the Domino Directory. The client still has
the Internet certificate, but without the Internet certificate in the Person
document, the Internet client cannot use client authentication to access a
Domino server, and the Notes client cannot send S/MIME encrypted
mail to the specified recipient.

Security
An Internet client can still access the Domino server anonymously if you
have anonymous access set up on the server, or use name-and-password
authentication to access the server. A Notes client can still send
unencrypted mail messages to the user.
You can also view information about Internet certificates in the Domino
Directory.
To view or delete an Internet certificate

1. From the Domino Administrator, click People & Groups, and edit the
Person document for the Internet user whose certificate you want to
view or delete.
2. Click Examine Internet Certificate(s).
3. To delete the Internet certificate, select the certificate and click
Delete. Note that the certificate will remain displayed until you exit
or save the document.
Setting up Notes clients for S/MIME

You can set up a Notes client to use S/MIME encryption and electronic
signatures when sending mail to other users of mail applications that
support S/MIME.
For information on selecting MIME format for sent mail, see the chapter
“Encryption and Electronic Signatures.”
Setting up Notes clients to send encrypted messages

Notes clients need the following to send encrypted messages:
• The recipient’s Internet certificate stored in the Personal Address
Book, Domino Directory, or LDAP directory. If the Internet certificate
is stored in a Domino Directory in another domain or in an LDAP
directory, the directory needs to be accessible using directory
assistance.
• A cross-certificate issued for either the recipient or the CA that
issued the recipient’s Internet certificate. This cross-certificate must
be stored in the client’s Personal Address Book.
Note It is not necessary to have the cross-certificate prior to sending
S/MIME encrypted mail. Users will be prompted to generate the
cross-certificate when they try to send the message.
For more information, see the topic “Adding a recipient’s Internet
certificate and cross-certificate for encrypted S/MIME messages” later in
this chapter.

Setting up Notes clients to decrypt encrypted messages and send
signed messages
To decrypt sent messages and send signed messages, Notes clients need
an Internet certificate stored in the Notes ID file.
For more information, see the topic “Creating Internet certificates for
Notes S/MIME clients” later in this chapter.
Setting up Notes clients to verify signed messages

To verify the signature on a signed message, Notes clients need a
cross-certificate issued for either the sender of the message or the CA that
issued the sender’s Internet certificate. This cross-certificate must be
stored in the client’s Personal Address Book.
For information on creating cross-certificates, see the topic “Creating an
Internet cross-certificate for a CA” later in this chapter.
Creating Internet certificates for Notes S/MIME clients

The procedure you complete to create Internet certificates is the same,
whether you use Domino or a third-party CA to issue the certificates.
To set up Notes clients with certificates for S/MIME

The CA and client complete these steps to add a Domino Internet
certificate to the Notes ID file. A Notes client can use one Internet
certificate or use dual Internet certificates for S/MIME encryption and
signatures.
1. Before issuing certificates, the CA must determine if Internet
certificates should be created using the existing public and private
keys from the Notes ID file or if the CA wants to issue certificates
based on new keys generated from a browser certificate request. If
clients use a browser that supports PKCS #12, clients can also import
an existing Internet certificate into the Notes ID file. Depending on
the environment, the administrator may choose to use a combination
of these options for different users.
For more information on importing Internet certificates in a Notes
client, see Lotus Notes 6 Help.
2. The CA adds a trusted root certificate to a Domino Directory that the
client can access.
The client can also add a trusted root certificate to the Personal
Address Book; however, adding a trusted root certificate to the
Domino Directory simplifies the process of setting up Notes clients
for S/MIME because the trusted root is accessible to many clients.
3. The client creates a cross-certificate using the trusted root certificate
for the CA and stores it in the Personal Address Book.

Security
4. To create a certificate using the existing public and private keys in
the Notes ID file, do the following:
a. The CA adds an Internet certificate to the Person document.
b. The client authenticates with the home server. Notes
automatically merges the Internet certificate into the ID file.
5. To use new public and private keys to create an Internet certificate,
do the following:
a. The client requests the Internet certificate from the CA.
b. The CA approves the request, and Domino automatically adds
the client’s Internet certificate to the user’s Person document.
c. The client merges the Internet certificate into the ID file.
For more information on how Notes clients merge Internet certificates
into their ID files, see Lotus Notes 6 Help.
Adding an Internet certificate and cross-certificate for encrypted

S/MIME messages
To send an S/MIME-encrypted message, the sender must have the
recipient’s Internet certificate in the Personal Address Book, Domino
Directory, or LDAP directory. The sender must also have a
cross-certificate issued for the recipient or for the certifier who issued the
recipient’s Internet certificate. If a cross-certificate is issued for a
recipient’s Internet certificate, only messages to that recipient can be
encrypted. If a cross-certificate is issued to the recipient’s CA, you can
send encrypted messages to all recipients who have certificates issued by
that CA, if you have the recipients’ Internet certificates.
If the Internet certificate is stored in a Domino Directory in another
domain or in an LDAP directory, the directory needs to be accessible
using directory assistance.
To add an Internet certificate and cross-certificate for encrypted

S/MIME messages
1. The recipient must send an S/MIME signed message to you.
For information on signing mail, see Lotus Notes 6 Help.

2. When you open the signed message, Notes asks if you want to add a
cross-certificate if you do not already have a cross-certificate issued
for either the author or the CA who issued the certificate to the
author. Complete these fields and then click Cross Certify:
Field Enter
Certifier The certifier ID that is cross-certifying the
certificate. By default, the certifier is your ID. If
you have access, you can choose an ID that is
higher in the hierarchical name scheme.
Server The registration server that holds the
cross-certificate that is created. By default, it is
stored locally in your Personal Address Book. Do
not change this setting, since the cross-certificate
must be stored in your Personal Address Book in
order to validate the Internet certificate of the
person to whom you are sending an encrypted
message.
Subject name The certificate that is being cross-certified. You
can choose to cross-certify the sender of the
signed message or you can cross-certify the CA
that issued the certificate to the sender. If a
cross-certificate is issued to the sender of the
signed message, you can encrypt messages to
only that person. If a cross-certificate is issued to
the sender’s CA, you can send encrypted
messages to anyone who has an Internet
certificate issued by that CA and for whom you
have an Internet certificate.
Subject alternate name Alternate names attached to the ID, if any.
list
Expiration date The date that the cross-certificate expires.
3. To add the author’s Internet certificate to the Personal Address Book,

choose Tools - Add Sender to Address Book. Notes creates a Contact
document for the person and adds an Internet certificate to the
document.
For information on adding an Internet certificate and cross-certificate
when users have dual certificates, see the topic “Dual Internet certificates
for S/MIME encryption and signatures” later in this chapter.

Security
Dual Internet certificates for S/MIME encryption and signatures
You can add two Internet certificates to your Notes ID file and then use
one certificate for S/MIME encryption and another for S/MIME
signatures and SSL client authentication. Doing so lets you maintain
separate public and private key pairs for encryption and electronic
signatures and SSL client authentication.
Adding multiple certificates

To add multiple Internet certificates to your Notes ID file when the
certificates are issued by different CAs, follow the procedure provided
by the CA. If the Internet certificates you want to add are issued by the
same CA, add one of the certificates by following the CA’s procedure
and add the second certificate by importing it into the ID file. If you try
to add multiple Internet certificates issued by the same CA and you do
not import the certificate, Notes uses the last certificate added to the ID
file for S/MIME encryption and signatures.
For information on importing certificates, see Lotus Notes 6 Help.
Specifying the default signing certificate

Once the Internet certificates are added to the ID file, you can specify a
default certificate to use for S/MIME signatures. You specify this
certificate in the User Security dialog box. If the Internet certificate you
select is used for both signatures and encryption, then Notes uses this
certificate as the default for signatures and encryption. Otherwise, Notes
uses the Internet certificate you specify for signatures and the last
Internet certificate added to the Notes ID file for encryption. The default
signing certificate is also the certificate used for SSL client authentication.
For information on specifying a default signing certificate, see Lotus
Notes 6 Help.
Adding an Internet certificate to the Personal Address Book

If you send a signed message and you have two different certificates for
signatures and encryption, Notes sends the recipient the default Internet
certificates used for encryption and signatures. When the recipient
chooses Tools - Add Sender to Address Book, Notes adds a Contact
document and adds the Internet certificates for encryption and
signatures to the Contact document. When you send an encrypted
message, Notes extracts only the Internet certificate for encryption from
the Contact document.

Adding a cross-certificate on demand
When a recipient receives a signed message, Notes checks the Personal
Address Book for a cross-certificate that indicates that the signing
certificate included with the message is trusted. If the cross-certificate is
not present, Notes displays a dialog box that allows the recipient to
cross-certify “on demand.” You can create a cross-certificate to either the
leaf certificate or to the CA. Creating a cross-certificate to a leaf certificate
indicates trust for only the owner of the certificate, in this case the sender
of the signed message. A cross-certificate to a CA indicates trust for all
people who have a certificate issued by that CA.
When you cross-certify on demand, Notes creates a cross-certificate for
the signing certificate, but does not create a cross-certificate for the
encryption certificate. However, if the signing and encryption certificates
are issued from the same CA and you create a cross-certificate for the
CA, the cross-certificate created for the signing certificate can also be
used to validate the encryption certificate. If the signing and encryption
certificates are issued from different CAs, then you must create a
cross-certificate for the CA that issued the encryption certificate before
you can send an encrypted message.
For more information on adding an Internet certificate and creating a
cross-certificate on demand, see the topic “Adding a recipient’s Internet
certificate and cross-certificate for encrypted S/MIME messages” in this
chapter.
Setting up Notes and Internet clients for SSL client authentication

You can set up a Notes or Internet client for client authentication with a
server. You cannot use client authentication for SMTP and IIOP
connections. For SSL client authentication, the Notes or Internet client
must have:
• An Internet certificate issued by a Domino or third-party certifier.
• A trusted root certificate for a Domino or third-party certifier.
• (Notes clients only) A cross-certificate for the Domino or third-party
certifier created from the trusted root certificate. The trusted root
certificate is not necessary for Notes clients after you create the
cross-certificate.
• Software, such as a Web browser or a Notes workstation, that
supports the use of SSL.

Security
If an LDAP client supports the Simple Authentication and Security Layer
protocol (SASL), Domino automatically uses this protocol when the client
uses SSL client authentication to connect to the server. SASL is not
supported for TCP/IP connections or SSL connections with only server
authentication.
To set up Notes clients with certificates issued by a Domino CA

The CA and client complete these steps.
1. Before issuing certificates, the CA must determine if Internet
certificates should be created using the existing public and private
keys from the Notes ID file or if the CA wants to issue certificates
based on new keys generated from a browser certificate request. If
clients use a browser that supports PKCS #12, clients can also import
an existing Internet certificate into the Notes ID file. Depending on
the environment, the administrator may choose to use a combination
of these options for different users.
2. The CA adds a trusted root certificate to a Domino Directory that the
client can access.
The client can also add a trusted root certificate to the Personal
Address Book; however, adding a trusted root certificate simplifies
the process of setting up Notes clients for SSL because the trusted
root is accessible to many clients.
3. The client creates a cross-certificate using the trusted root certificate
for the CA and stores it in the Personal Address Book.
4. To create a certificate using the existing public and private keys in
the Notes ID file:
a. The CA adds an Internet certificate to the Person document.
b. The client authenticates with the home server. Notes
automatically adds the Internet certificate to the ID file.
5. To use new public and private keys to create an Internet certificate,
do the following:
a. The client requests the Internet certificate from the CA.
b. The CA approves the request, and Domino automatically adds
the client’s public key to the user’s Person document.
c. The client merges the certificate into the ID file.
d. The CA adds an Internet certificate to the user’s Person
document.

To set up Internet clients with certificates issued by a Domino CA
1. The CA administrator creates a Person document for the Internet
client.
2. The client obtains the trusted root certificate for the server’s CA.
3. The client requests the Internet certificate from the CA.
4. The CA approves the request, and Domino automatically adds the
client’s public key to the user’s Person document.
5. The client merges the certificate into the local file.
To set up Notes and Internet clients with certificates issued by a

third-party CA
The CA and client complete these steps.
1. (Internet clients only) The CA administrator creates a Person
document for the client.
2. Using any browser, the client follows the third-party CA’s
established procedure to request and merge the Internet certificate.
For example, to obtain an Internet certificate from VeriSign, visit the
site http://digitalid.verisign.com and follow the instructions
provided.
3. The Internet client follows the third-party CA’s established
procedure to merge the trusted root certificate for the CA.
4. The CA adds the client’s public key to the Person document.
Setting up a Person document for an Internet user using SSL client

authentication
In the Domino Directory on your Domino server, set up a Person
document for Internet clients using SSL client authentication to connect
to a Domino server. The Person document for the user stores the user’s
Internet certificate, which is used to verify the user’s identity. The Person
document also lists the names that a Domino server can use to
authenticate an Internet user. When an Internet user tries to connect to a
server, Domino looks for the Internet certificate name in the User name
field in the user’s Person document. Domino compares the Internet
certificate presented with the one stored in the Person document. The
comparison lets Domino authenticate the user, even if there are multiple
users with the same name, since each user’s public key is unique. If
Domino finds a match and the public key is valid, then the first name
listed in the User name field is used to check database ACLs and design
element access lists.

Security
For example, if the User name field contains these entries: Alan Jones,
AJones, Alan, Al Jones and the client uses the name Al Jones to access the
server, Domino authenticates the user, verifies that the public key
presented matches the public key in the Person document, and uses the
name Alan Jones to check database ACLs and design element access lists.
For more information, see the chapter “Controlling User Access to
To set up a Person document

1. Create a new Person document in the Domino Directory.
2. Enter the client’s first, middle, and last names in the First name,
Middle initial, and Last name fields.
3. Enter the client’s common name on the certificate in the User name
field.
4. (Optional) Enter additional information about the client in the
Work/Home tab.
Tip If the client wants to authenticate with a Domino server in another
domain, add the user’s Person document to the Domino Directory for
that domain. Make sure you set up directory assistance so Domino can
find the client in the Domino Directory for the domain.
For information on setting up directory assistance, see the chapter
Publishing third-party CA client certificates in a Person record

Notes and Internet users who have a client certificate from a third-party
certifer may want to have this certificate published in their Person record
so that, if a user authenticates with a Domino server over SSL with that
certificate, Domino will be able to determine the user’s Notes identity.
The server can the use the Notes identity to check server database ACLs
to determine the user’s access to those databases. If the certificate with
which a user authenticates isn’t in a Person document, Domino gives the
user anonymous access, even though the user has authenticated using
SSL authentication.
To publish a third-party client certificate in a user’s Person record, use
the Certificate Publications Request database. Clients submit certificate
publication requests to the database, where they are approved by an
administrator. After a request is approved, a publication request is

created automatically in the Administration Process database. When the
request is completed, the third-party client certificate is published in the
requester’s Person record.
In order to use this database, the server on which it is hosted must:
• Be configured for SSL, accepting both client certificates and
anonymous access
• Have trusted root certificates installed in its server key ring for any
certifier whose certificates you want to accept for publication
In order for users to make a publication request, they must be able to
authenticate to the Certificate Publications database with the certificate
they want to have published.
Note The user does not have to have a Person document in the Domino
Directory to make a publication request. The administrator can create a
Person document once the request has been entered, and it has been
decided that the certificate’s owner can be trusted.
To create the Certificate Publications Request database

1. From the Domino Administrator, click File - Database - New.
2. Create a new database using the Domino Certificate Publications
Request template (CERTPUB.NTF).
To publish a third party CA client certificate in a Person record

1. The client opens the Certificate Publications Request database using a
browser, completes the Certificate Registration Request form, and
submits it.
2. The administrator approves or denies the publication requests in the
Waiting for Approval view.
3. If the request is approved, it is submitted to the Administration
Process and the client certificate is published in the requester’s
Person record.
Setting up SSL for Notes or Domino using SMTP

A Notes client or Domino server can act as an SMTP client when routing
mail to an SMTP server. The Notes client or Domino server can use SSL
to connect to a Domino server running the SMTP service or to another
type of SMTP server. You cannot set up a Notes client or Domino server
for SSL client authentication when connecting using SMTP.
For more information on SMTP, see the chapter “Setting Up Mail
Routing.”

Security
If you do not have the server’s CA marked as a trusted root in the server
key ring file for the Domino server, Domino automatically adds the
certificate and logs the condition in the log file. Other Internet protocols
do not allow users to proceed unless they have the server’s CA marked
as a trusted root. You should, however, mark the CA certificate as a
trusted root instead of automatically adding the trusted root to ensure
that the trusted root you receive is valid.
For information on setting up a Notes client to use SSL to connect to an
SMTP server, see Lotus Notes 6 Help. Or got to www.lotus.com/ldd/doc
to download or view Lotus Notes 6 Help.
To set up SSL for a Domino server routing mail to an SMTP server

2. Select the Ports - Internet Ports - Mail tab.
3. In the SMTP Outbound column, select Disabled in the TCP/IP port
status field.
Note If you do not select Disabled in the TCP/IP port status field,
Domino always connects to the SMTP server without using SSL.
4. In the SMTP Outbound column, select Enabled in the SSL port status
field.
6. Add the trusted root certificate for the CA of the SMTP server.
Using SSL when setting up directory assistance for LDAP directories

Directory assistance allows you to extend directory services from a
server’s primary Domino Directory to other Notes directories, such as
secondary Domino Directories, and to remote LDAP directories. To set
up directory assistance, you create a directory assistance database from
the DA50.NTF template, and then create Directory Assistance documents
in the database to configure services for specific directories.
When setting up directory assistance for an LDAP directory, you can
instruct a Domino server to use SSL when connecting to the LDAP
directory server. This helps secure communications between the Domino
server and the LDAP server. You should use SSL if a Domino server uses
the remote LDAP directory to authenticate Internet clients, or to look up
groups for database authorization.

When a Domino server uses SSL to connect to an LDAP directory server,
both servers must have certificates trusted by the other. If this is not the
case, you must add a trusted root certificate to the server’s key ring file
before your server can connect to the LDAP server.
For more information on directory assistance for LDAP, see the chapter
For more information on adding a trusted root certificate, see the chapter
“Setting Up SSL on a Domino Server.”

Chapter 48
Rolling Out Databases
This chapter describes the tasks involved in rolling out a database for
Database Management
production after it has been designed. Be sure to test the database
application thoroughly before announcing its location to users.
Database design, management, and administration

The tasks involved with application design, database design, database
management, and Lotus Domino system administration may overlap,
depending on the size of your organization and the structure of job
responsibilities. In some organizations, an application developer may be
responsible for both application and database design, while in others, a
database manager may handle all database design and management
tasks. In addition, database management overlaps with Domino system
administration.
Therefore, depending on your organization, make sure you work closely
with the people who are responsible for design, management, and
administration tasks. For example, controlling user access is primarily a
Domino system administrator’s responsibility, yet the application
developer may determine these access levels because they are often
integral to the database design. If design changes are necessary after a
database is in production, be sure to:
• Work with the application developer or database designer to
implement and coordinate design changes
• Consider server resources and the connections between servers when
putting databases on servers
For more information on designing or redesigning databases, see the
Release Notes and the book Application Development with Domino Designer.
Rolling out a database

The following tables list mandatory and optional tasks for a Domino
administrator to complete before putting a database into production. You
must have Manager access in a database access control list (ACL) to
perform these tasks.
48-1
Mandatory tasks
Perform these tasks before copying a new database or database replica to
a production server.
Task Considerations
Set up the database ACL If you plan to make replicas of a database, make sure
for users and servers that that the database ACL lists the name of each server
require access containing a replica. If the database uses roles,
assign all roles to each server.
If you assign ACL settings on the original database
before copying it to a server, assign yourself
Manager access on the original. Otherwise, you
won’t have Manager access to the new copy.
Verify that server ACLs Without proper access in a server ACL, users and
are set up correctly servers won’t have access to databases on the server.
Verify that the Domino Create a Group document in the Domino Directory
Directory contains the before adding a Group name in a database ACL. If
necessary Group you must create a Group, make sure that the Group
documents document replicates before you copy the database to
a server.
Copy the new database Consider server disk space, topology, and network
to a server protocols. Placing a database on a cluster requires
that you consider cluster resources.
Verify that the database While designing a database, the database designer
appears in the Open often removes the database title from the list that
Database dialog box appears in the Open Database dialog box. This
deters users from opening the database. After the
database is completed, make sure that the database
title appears in the Open Database dialog box.
Decide which servers To make this decision, consider the purpose and size
require replicas of the of the database, the number and location of users
database and then create who need access to the database, and the existing
the replicas replication schedules between servers.
Verify that Server Server documents are, by default, enabled for
documents in the replication, but to avoid any problems, verify this.
Domino Directory are
enabled for replication
Create or edit If several servers have a replica of the database,
Connection documents make sure that any necessary Connection
documents are set up so that replication can occur.
Set up a replication Consider the location and time zones of users and
schedule the frequency of database updates.

Optional tasks
The following tasks are not required, but you may want to perform them
after your database is in production. Whether or not you need to do these
tasks depends on the type of database you are rolling out to the
production server and the roles assigned to an application developer,
database manager, or Domino administrator in your organization.
Task Considerations
Database Management
Create About This Database Provide the name, phone number, and e-mail
and Using This Database address of database managers in the About This
documents Database document. Provide information about
the application in the Using This Database
document.
For more information, see Application Development
with Domino Designer.
Create an index for the Create a full-text index for the database if users
database need to search the database for information. If
you create the index before you copy a new copy
of the database or a replica to a server, the index
settings carry over to the new copy or replica.
Distribute encryption keys If the database design includes encrypted fields,
distribute encryption keys to users.
For more information, see the book Application
Create a Mail-In Database If the database is designed to receive mail, you
document must create a Mail-In Database document in the
Domino Directory.
List the database in the By default, all databases except mail databases
database catalog are listed in the default views of the database
catalog. You can add categories to control how
the database appears in the catalog views and to
help users narrow the scope of a domain search.
Publish the database in a Create a library of selected databases on one
database library server or several servers for users.
Sign the database Sign a database to provide a signature for it. Do
this, for example, so that an Execution Control
List (ECL) can evaluate the signature.
Add the database to the If an application database will be useful to a wide
Domain Index audience, include the database in the Domain
Index.
Notify users that the Provide the database title, file name, and server
database is available location.
Rolling Out Databases 48-3

Copying a new database to a server
Plan the deployment of new databases before copying them to a server.
Tasks to perform include:
• Setting up all appropriate Server documents in the Domino
Directory, including a Mail-In Database document if the database is
designed to receive mail.
• Making sure that users and other servers are listed in the server’s
access control list. Otherwise, they won’t be able to access the
database.
• Using subdirectories to group related databases rather than copy
them to the root directory. Users can find related databases more
easily if they are in one location. This also helps administrators by
allowing them to replicate “like” databases, because Connection
documents let you replicate according to directory.
For more information on replication, see the chapter “Creating Replicas
and Scheduling Replication.”
To copy a new database to a server

1. Make sure that you have Manager access in the database ACL or the
Create new databases privilege in the Server Access section of the
Server document in the Domino Directory.
2. Select the database icon from your bookmarks page, choose File -
Database - Properties, click the Design tab, and make sure that
“Show in ’Open Database’ dialog” is selected.
3. Choose File - Database - New Copy.
4. Next to Server, click the arrow to display a list of servers. Then select
the server on which you want to place the copy.
5. Next to Title, enter a title for the database. The database icon and the
Open Database dialog box display this title.
6. Next to File Name, enter the path and file name of the database.
Limit the file name to eight characters plus the NSF extension.
7. Choose one:
• “Database design and documents” to copy the database design
and all documents
• “Database design only” if you do not want to copy any existing
documents

8. Optional steps:
• Choose “Access Control List” to copy the ACL.
You can assign ACL settings (including roles) before or after
copying a local database to a server. Before copying the database,
assign yourself Manager access to the ACL so that you will have
Manager access to the new copy. If you do not copy the ACL
when you copy the database to a server, the ACL in the new copy
automatically lists you with Manager access.
Database Management
• Select “Create Full Text index” to create a full-text index on the
new copy.
Note You can also create a full-text index later.
• Choose “Encryption” to encrypt the new copy of the database.
This option is intended to prevent unauthorized users from
accessing a database from a workstation, laptop computer, or
server. If you use this option, Notes encrypts the database using a
specified ID so that only a user with that ID can gain access to the
database directly from a server or workstation. You can choose
one of three encryption levels. This encryption setting also carries
over to copies of the database made at the operating system level.
Note The maximum database size is 64GB on Windows and UNIX.
For more information on encryption, see the book Application
Creating a Mail-In Database document for a new database

If a database is designed to receive mail, you must create a Mail-In
Database document in the Domino Directory. This document must exist
in the Domino Directory of every server that stores a replica of the
database. The database cannot receive mail until you create this
document. When replicating Mail-in databases to servers in another
Domino domain, create a matching Mail-in database document in the
Domino Directory of the target server.
1. Make sure you have at least Author access with the Create
Documents privilege selected.
2. From the People & Groups tab of the Domino Administrator, choose
Create - Server - Mail-in Database.

3. On the Basics tab, complete these fields and then save the document:
• Mail-in name — The entry for this database in the Domino
Directory. Users and applications use this name to send
documents to the database.
• Internet message storage — The message storage preference: No
preference (default); Prefers MIME or Prefers Notes Rich Text.
• Internet address — SMTP address in the format
mailfile@organization.domain. Complete this field if you want
Internet users to be able to send messages to the database.
4. On the Database Information tab, complete these fields:
• Domain — Domino domain of the server where the database
resides.
• Server — The fully-distinguished hierarchical name of the server
where the database resides; for example, Server1/Sales/Acme.
• Filename — The path and filename of the database relative to the
Domino Directory. For example, if the database named
MAILIN.NSF is in the MAIL directory of the DATA directory,
enter MAIL\MAILIN.NSF.
5. On the Administration tab, complete these fields and then click Save
& Close:
• Owners — Fully distinguished hierarchical name of users allowed
to modify this document.
• Administrators — Users or groups who can edit this document.
• Foreign directory sync allowed — “Yes” allows entry to be
exchanged with foreign directories — for example, a cc:Mail®
directory — so that users on the other system can look up the mail-in
database in the cc:Mail post office directory and send mail to it.
• Encrypt incoming mail — Mail sent to the mail-in database is
encrypted with the Notes certified public key entered in the next
field.
• Notes certified public key — The certified public key to use when
encrypting mail sent to this database. To copy a certified public
key from the Domino Directory to this field, click “Get
Certificates” and choose a name.
6. Give the name of the database to users so they can enter it in the To:
field of messages destined for the database.
For more information on setting up a database to receive mail, see the

Adding a database to the Domain Index
If an application database will be useful to a wide audience, include the
database in the Domain Index.
1. From the Domino Administrator, choose File - Database - Open.
2. Select the database that you want to add to the Domain Index, and
click Open.
Database Management
3. Choose File - Database - Access Control, and make sure you have
Manager access.
5. Click the Design tab.
6. Make sure that the “List in Database Catalog” option is selected, and
enter one or more categories.
Note These categories appear on the Domain Search form to
provide a user with a way to narrow a search. Categories are also
displayed in views of the database catalog and Domain Catalog.
7. Select “Include in multi-database indexing.”
Signing a database or template

You can sign a template or database to vouch for its integrity. You might
want to do this, for example, to sign an agent so that the Agent Manager
on a server can verify that the signer has the rights to execute the agent.
Or you might sign a database or template so an ECL on a Notes client can
evaluate which database actions to carry out. If you sign a template, any
databases created from the template inherit the signature.
Note If you want to sign only one specific design document or one
design element in a document, for example, a specific agent, you must
first determine the Note ID for the document. To determine the Note ID
for a document, select the document, choose File - Document Properties,
click the last tab of the properties box. The bottom line is the Note ID, for
example NT00000902.
1. Select the server that stores the databases or templates that you want
to sign.
2. On the Files tab, select the databases or templates that you want to
sign.
3. Choose Tools - Database - Sign.

4. Choose one of the following:
• Active User’s ID to sign using your ID.
• Active Server’s ID to sign using the ID of the server that stores the
database or template.
5. Choose one of the following options to specify which elements to
sign:
• All design documents to sign every design element. If you sign
multiple databases or templates and select this option, the signing
process may take a while.
• All data documents to sign all active content (Hotspots) found in
the data documents.
• All documents of type to sign a specific type of design element
• This specific Note ID to sign a specific design element.
6. Select “Update existing signatures only (faster)” to update only
design elements that have been signed previously. Use this to change
the signature on previously signed design elements.
7. Click OK. A dialog box shows the number of databases processed
and the number of errors that occurred (if any). See the Notes Log for
details.

Chapter 49
Organizing Databases on a Server
This chapter discusses how to organize databases that are in the Domino
Database Management
data directory or on another server and how to create links to directories
and databases that are not in the Domino data directory.
Organizing databases on a server

When organizing databases on a server, you can:
• Store databases in the Domino data directory. This is the default.
• Create subdirectories of the Domino data directory to store groups of
related databases.
• Create directory folders to store databases outside the Domino data
directory and create links to the databases from the Domino data
directory.
• Restrict access to the server’s data directory
When you create directory and database links, you can increase database
security by specifying the ACL access for an individual user or group in
the Create New Link dialog box. The database ACL, not the database
link, controls access to individual databases that have database links.
Directory links
You can store databases in a directory outside the Domino data directory
to take advantage of disk space available on other servers. Then you
create a link in the Domino data directory that points to that directory. In
the Domino data directory, users see the directory link MKTG.DIR as the
subdirectory MKTG, with a directory folder icon next to it. Users who do
not have access to a linked directory can see the directory link, but
cannot access the directory.
You can use a directory link on a Web server to point browser users to a
directory outside the Domino data directory. When you create this link,
you must specify access for browser users — for example, you can
specify access for anonymous users or enter the names of users who use
name-and-password or SSL client authentication.
49-1
Database links
You can store a single database outside the Domino data directory and
create a database link to it from the Domino data directory. A database
link appears in the Domino data directory as a database icon followed by
the name of the linked database.
You can use a database link on a Web server to point browser users to a
database in a directory outside the Domino data directory. If the
database link points to a database on another server, browser users
cannot access the database.
Creating directory folders

When you create a directory folder, enter only the folder name. After you
create the directory folder, you can create directory or database links to
the folder.
To create a directory folder

1. From the Domino Administrator Server list, select the name of the
server on which you want to create the directory folder. The server
can be local or remote.
2. Click the Files tab, and then choose Tools - Folder - New.
3. In the Create New Folder dialog box, enter the name of the new
directory, and then click OK.
4. To verify that the directory was created, click the refresh icon.
5. Move designated databases into the directory you just created, and
then create a directory or database link.
To delete a directory folder

After you delete a directory folder that is no longer needed, delete the
links that point to it.
server. The server can be local or remote.
2. Click the Files tab, and then select the directory to delete.
3. Choose Tools - Folder - Delete.
4. In the Delete Folder dialog box, click Yes.
5. To verify that the directory was deleted, click the refresh icon.
6. Delete the links that point to the deleted directory folder.

Creating directory and database links
Directory links and database links are text files that appear as directory
or database icons in the Domino data directory. In the Domino
Administrator and in the Open Database dialog box in the Notes client,
directory links appear to the user as a directory folder icon, and database
links appear as a database icon.
Create the directory link to point to a subdirectory, not to a root
Database Management
directory. For example, create the directory link PROJECTS.DIR to point
to the directory D:\PROJECTS\SALES. On a Domino Server for
NetWare, a DIR file can point to SYS:SALES but not to SYS:. On a
Domino Server for UNIX, a DIR file can point to /sales but not to /.
Create the database link using the complete path and file name of the
database you want to link to. For example, create the database link
SALES.NSF to point to the database D:\PROJECTS\SALES\SALES.NSF.
Domino automatically appends the NSF extension to the database name.
If you want to move a linked database to another location, delete the old
link, create a new database link, and move the database to the new
location. When you delete the database link, you remove the link, but not
the database link references.
To create or update a link

Use links to organize databases on servers. Create a directory folder link
to point users to multiple databases stored in the Domino data directory,
in subdirectories of the Domino data directory, or in directories outside
of the Domino data directory. Create a database link to point users to a
single database stored in the Domino data directory, in subdirectories of
the Domino data directory, or in a directory outside the Domino data
directory.
server on which to create the link. This server can be local or remote.
2. Click the Files tab, and then choose Tools - Folder - New Link or
Tools - Folder - Update Link.
3. In the Link name box, enter a name for the link as the link name
should appear to the user.
Domino automatically appends a DIR extension to the file name for a
directory link and an NSF extension for a database link.
4. Next to “Link to a,” choose Folder for a directory link or Database for
a database link.
5. In the “Path and filename to that folder or database” box, enter the
complete path to the directory or database to which the link points.
Organizing Databases on a Server 49-3

Be sure to move the database named in this step to the directory you
specify here.
For example, for a directory link, enter the directory path,
D:\PROJECT\SALES. For a database link, enter the complete
directory and file name path, D:\PROJECT\SALES\SALES.NSF.
6. (Optional) To restrict access to a linked directory, enter the names of
specific users to whom you want to grant access in the “Who should
be able to access this link?” box. Click the person icon to select the
names or groups from the Domino Directory that you want to have
access to the link.
Note The database ACL, not the database link, controls access to
individual databases that have database links.
7. Click OK.
8. To verify that the link was created, click the refresh icon.
9. (Optional) To prevent Web browser users from using directory links,
edit the NOTES.INI file to include this setting:
DominoNoDirLinks=1
To delete a link
server.
2. Click the Files tab, and then select the directory or database link to
delete.
3. Choose Tools - Folder - Delete, and then click Yes.
4. To verify that the link was deleted, click the refresh icon. View the
result in the Results pane.
Restricting access to a server’s data directory

You can restrict Notes user access to a server’s data directory or a
subdirectory of the data directory by defining an access list for it. By
default any Notes user who can access a server can access the server’s
entire data directory.
Creating a data directory access list

To restrict access to a server’s data directory:
1. Make sure you have at least database administrators access to the
server.
2. From the Domino Administrator, connect to the server.
3. Click the Files tab.

4. In the left pane, select the directory to which you are restricting
access. The access restrictions apply to any subdirectories of the
directory as well.
5. In the Tools pane on the right, select Database - Directory ACL.
6. Below “Who should be able to access this directory?” click the person
icon.
7. In the dialog box that opens, do the following for each name that you
Database Management
want to allow to access the directory:
a. Select the name from a Domino Directory, or type the name in
the “Add name not in list” box. You can specify the name of a
user, server, group or a wildcard, for example, */Sales/Acme.
b. Click Add.
8. When you are finished defining the access list, click OK.
9. Click OK again. In the left pane, the directory now displays a lock
icon.
Changing or deleting a data directory access list

To change or delete a data directory access list:
1. Make sure you have at least database administrators access to the
server.
2. From the Domino Administrator, connect to the server
4. In the left pane, select the directory with the access list.
5. In the Tools pane on the right, select Database - Directory ACL.
• To remove a name from the access list, below “Who should be
able to access this directory?” select the name and click the red X.
To delete the access list entirely, remove each name from the list.
• To add a name to the access list, below “Who should be able to
access this directory?” click the person icon, select or type the
name, click Add, then click OK.
Organizing Databases on a Server 49-5

NOTES.INI file settings used to organize databases on a server
The following table lists the NOTES.INI setting you can use to organize
databases on a server.
For more information on NOTES.INI settings, see the appendix
“NOTES.INI File.”
NOTES.INI file Description

setting
DominoNoDirLinks Prevents Web browser users from using directory links.

Chapter 50
Setting Up and Managing Full-text Indexes
You must index a database for full-text searches to allow users to quickly
Database Management
search and locate information within that database.
Full-text indexes for single databases

You can create full-text indexes to allow users to quickly search for
information in databases. To search in a database, users enter a word or
phrase in the search bar of the database to locate all documents
containing the word or phrase.
To create an index for a single database, you must have at least Designer
access to the database. Sometimes the application developer of the
database has already created an index. You can find out whether or not a
database is indexed by looking at the Database Properties box (Full Text
tab, “Last Index Time” from the Files tab of the Domino Administrator.)
The Domino Administrator lets you create single indexes for more than one
database at a time. Users can create full-text indexes for local databases.
Database indexes and replication

Because full-text indexes don’t replicate, you must create a full-text index
for each database replica. When you create the replica, you have the
option to create a full-text index on the replica. The index options on the
replica are the same as the index options for the full-text index of the
original database.
For more information, see the chapter “Creating Replicas and Scheduling
Replication.”
Database indexes and the Domain Index

You can also include the full text of databases in the Domain Index, a
centralized full-text index of multiple databases on subjects of
widespread interest across a Notes domain that allows users to search on
a word or phrase when they don’t know which database contains the
information. To search in the Domain Index, users click the arrow beside
the Search icon on the right-hand side of the Notes menu bar and choose
“Domain Search.”
50-1
The Domain indexing process is completely separate from that for
individual databases, and including a database in the Domain Index does
not preclude the need to create a separate index for a popular database.
For more information on adding the full text of a database to the Domain
Index or on setting up the Domain Index, see the chapter “Setting Up
Domain Search.”
Security and full-text indexes for single databases

When you create a full-text index for a single database, selecting the
option “Index encrypted fields” can compromise system security in the
following ways:
• Search results might display a list of all documents that contain a
specific word or phrase, even in encrypted fields. The user won’t be
able to read the field but will know that the document contains the
word or phrase. For example, the Employee form in the Personnel
database contains the encrypted field Salary. Any user can search the
full-text index for “50,000,” and documents that contain that figure
are included in the search results. However, the user cannot read the
contents of the field without the encryption key.
• A full-text index file is unencrypted plain text; therefore, anyone
with access to the server can read the file. A user may be able to read
text that was previously encrypted.
• The encryption key, which is part of the server ID, is active for all
databases on the server. If you index a different database and do not
deselect “Index encrypted fields,” any fields using that encryption
key are compromised.
For more information on encrypted fields, see the chapter “Encryption
and Electronic Signatures.”
Creating and updating full-text indexes for single databases

As you create a full-text index for a database, select indexing options and
update frequency options carefully, as they can affect server disk space
and processing speed.
Lotus Domino stores the index file in a subdirectory of the directory
where the database file is located, usually the Domino data directory. The
name of this subdirectory is filename.FT, where filename is the file name of
the indexed database — for example, /EMPLOYEE.FT. Domino can also
store the index file in a directory to which you have created a link.
For more information on directory and database links, see the chapter
“Organizing Databases on a Server.”

You must periodically update full-text indexes on servers to keep them
synchronized with changes to the databases. When you create an index,
you can either accept the default schedule for updating it (nightly at 2
AM) or specify a different schedule. You can modify this setting at any
time.
You can also do manual index updates for server databases at any time
from the Domino Administrator.
Database Management
Note Users update full-text indexes for local databases whenever they
replicate with the server. Users can also do manual index updates for
local databases at any time.
To create one or more indexes

1. From the Domino Administrator, select the server that stores the
database or databases you want to index.
3. In the Tools pane, make sure that you have at least Designer access in
the ACL of any database you want to index.
4. Select one or more databases to index.
5. In the Tools pane, choose Database - Full Text Index.
6. Select Create.
7. (Optional) Select any of the following indexing options (all of which
increase index size). Index size is also dependent on the amount of
text in the database (non-text elements such as bitmaps, buttons, and
agents are not indexed). To check index size after indexing a
database, look on the Full Text tab of the Database Properties box.
Indexing option Description
Index attached files Indexes attachments. Also choose either “With found
text” to include just the ASCII text of attachments, or
“With file filters” to include the full binary content of
attachments. Choosing “With found text” creates the
index faster than choosing “With file filters,” but is
less comprehensive.
Index encrypted Indexes text in encrypted fields.
fields Selecting this option can compromise system security.
Index sentence and Includes sentence and paragraph breaks in addition to
paragraph breaks word breaks to allow users to do proximity searches.
Enable case Allows searches by exact case match. This option
sensitive searches increases the size of the index by about 15%, as each
word must be indexed twice — for example, apple
and Apple.
Setting Up and Managing Full-text Indexes 50-3

Note You can view your indexing selections later on the Search tab
of the Database Properties box.
8. (Optional) Change the default setting for index update frequency.
Update frequency options are described in the following table.
Update frequency Updates occur Select when
option
Daily (the Nightly when the Updall The database is very large,
default) server program runs at 2 because updating a large
AM. index can take some time.
To change the time that
Updall performs automatic
daily index updates, use the
ServerTasksAthour setting
in the NOTES.INI file.
Hourly Every hour, as scheduled by Frequent changes are made
the Chronos server task. to the database contents. If
subsequent monitoring of
the database and server
reveals slow performance
of either, change to another
frequency setting.
Immediate As soon as possible after Very frequent changes are
you close the database. made to the database
contents. If subsequent
monitoring of the database
and server reveals slow
performance of either,
change to another
frequency setting.
Scheduled As scheduled by a Program None of the update
document for the Updall frequency options
server task in the Domino described here meet your
Directory. needs.
If you select the Scheduled
option, you must specify a
schedule for Updall in a
Program document;
otherwise, scheduled
updates will not occur.
9. Click OK.
10. Inform users that the database or databases are indexed.

Setting a schedule for Updall in a Program document
When creating a full-text index for a single database, if you select the
index update frequency option “Scheduled,” you must set up a Program
document in the Domino Directory to specify the schedule you want for
the Updall server task.
1. From the Domino Administrator, click the Configuration tab and
expand the Server section.
Database Management
2. Click Programs.
3. Create or edit a Program document.
4. On the Basics tab:
a. Type Updall in the “Program name” box.
b. Type any optional arguments in the “Command line” box.
c. Type the server name on which the full-text indexed database
resides in the “Server to run on” box.
5. On the Schedule tab:
a. Select Enabled in the Enabled/disabled box.
b. Select the time for Updall to update the index in the “Run at
times” box.
c. Select a repeat interval, if any, in the “Repeat interval of” box.
d. Select the days of the week for Updall to update the index in the
“Days of week” box.
6. Save and close the Program document.
Changing update frequency for a database’s full-text index

If a database is already full-text indexed, you can change the existing
frequency setting on the Full Text tab of the Database Properties box.
database.
2. On the Files tab, select the database for which you want to change
the index update frequency.
3. Using the Tools pane, make sure that you have at least Designer
access in the database ACL.
4. Choose File - Database - Properties, and click the Full Text tab.
Note If you know you want multiple indexes to have the same
frequency setting, you can select the databases and use the Tools
pane’s Databases - Full Text Index command to change all their
indexes to that setting, but the Tools pane does not provide a means

to check whether databases are indexed or verify current update
settings.
5. In the “Update frequency (servers only)” box, select one of the
options described here.
Update frequency option Updates occur
Daily Nightly when the Updall server program runs by
default at 2 AM
Hourly Every hour, as scheduled by the Chronos server
task
Immediate As soon as possible after you close the database
Scheduled Note As scheduled by a Program document for
the Updall server task in the Domino Directory
If you select the Scheduled option and do not
create a Program document for Updall, scheduled
updates do not occur.
6. Click OK.
Manually updating full-text indexes for single databases

You can use Domino Administrator to update indexes manually after
new information or documents have been added to databases. You can
update a single index in the Database Properties box, or update one or
more indexes from the Tools pane.
Note The Database Properties box (Full Text tab) provides useful
information about an index, such as the number of unindexed documents
currently in the database, the last time the index was updated, and its
size.
To update an index in the Database Properties box

database.
2. On the Files tab, select the database whose index you want to update.
3. Choose File - Database - Access Control and make sure that you have
at least Designer access in the database ACL.
5. Click the Full Text tab.
6. Click Update Index.

To update one or more indexes from the Tools pane
databases.
3. From the Tools pane, make sure that you have at least Designer
access in the ACL of any database for which you want to update the
index.
Database Management
4. Select all the databases for which you want to update the index.
5. From the Tools pane, choose Tools - Database - Full Text Index.
6. Select Update.
7. Click OK.
Deleting full-text indexes for single databases

Delete a full-text search index when you no longer need it, when you
need to the change the index options, or when you discover problems
with the index.
database or databases.
3. Using the Tools pane, make sure that you have at least Designer
access in the ACL of any database for which you want to delete the
index.
4. Select all the databases for which you want to delete the index.
5. From the Tools pane, choose Tools - Database - Full Text Index.
6. Select Delete.
7. Click OK.

Chapter 51
Setting Up Database Libraries and Catalogs
This chapter discusses setting up and managing database libraries —
Database Management
which administrators create to help particular groups of users find
pertinent databases — and database catalogs — which list for users all
databases on a given server. This chapter does not cover the Domain
Catalog, which lists databases on all servers across a Domino domain.
For information on the Domain Catalog, see the chapter “Setting Up
Domain Search.”
Database libraries
You can create a database library that contains databases that pertain to a
specific collection of users or to a specific topic. For example, a corporate
database library might include all databases that deal with corporate
policies and procedures, and a marketing database library might include
databases that are useful to the marketing staff.
The main view in a library lists the databases it contains alphabetically
by title, and gives a short description of each database. Each database
document displays the database’s title, short and long descriptions,
replica ID, and database manager, as well as buttons that let users
browse the database or add it to their bookmarks.
Note Instead of creating database libraries to point users to the
databases they need, you can use Desktop policy settings to add
bookmarks directly to their workspaces.
For more information on Desktop policy settings, see the chapter “Using
Policies.”
Server libraries
The databases you choose to include in a library can be located on any
server. More than one library can reside on a server. When a user opens a
database from a database library, Lotus Domino uses the database’s
replica ID number to search for it. Domino first searches for the database
on the user’s workspace, then on the user’s home server, and finally
looks for a Domain Catalog to find a path to a replica of the database on
51-1
another server. If a database is moved to another server, Domino
automatically opens the database at its new location and then updates
the database’s replica ID in the database library.
When you create a database library on a server, you automatically
become the librarian for that database library with Manager access in the
library ACL. The -Default- access in the library ACL is Reader. If a user
with Reader access in the database library ACL attempts to publish a
database, Domino automatically sends the librarian an e-mail containing
the request to publish the database. The librarian then publishes the
database for the user. If you want users to be able to publish databases in
the library themselves, change -Default- access to Author.
Local libraries
You can create a local library for your own use, which lists databases on
your own hard drive as well as databases on servers. The only difference
between a local library and libraries on servers is that no other users can
use your local library or become librarians for it.
Creating a database library and assigning librarians

To use the library template to create a library on a server, you must have
“Create new databases” access in the Server Access section of the Server
document.
If you plan to create many libraries on a server, create a subdirectory in
the Domino data directory to store them. Then users can easily locate all
available libraries.
To create a database library

1. From the Domino Administrator, choose File - Database - New.
2. Enter a location for the database library (server or local), title, and
file name for the library.
3. Select “Show advanced templates” at the bottom of the dialog box.
4. Select the Database Library template (DBLIB4.NTF), and click OK.
If you do not see the template in the list, click the “Template server”
arrow, and choose a server that contains the advanced templates
from the list.
Note You are automatically listed in the database as a librarian.

To assign librarians
You must be a librarian of a database library in order to make other users
librarians.
1. If someone other than you created the library, make sure you have
Editor or higher access in the library ACL.
2. Make sure that the users to whom you are giving librarian status
have at least Author access in the database library ACL.
Database Management
3. From the Domino Administrator, select the server that holds the
database library.
4. On the Files tab, double-click the title of the database library.
5. In the Librarians view, click “Edit Librarians.”
6. Type the names of all users who will be librarians, pressing ENTER
after each name.
7. Close and save the Librarians document.
Publishing databases in a library

To publish a database in a database library means to add a database to
the library. Unlike a database catalog, which lists all the databases on a
server, a library contains links to selected databases from one or several
servers. For the convenience of different user groups, there can be more
than one library on a server.
To publish a database in a library

1. Make sure you have Author or higher access in the database library
ACL.
database you want to publish to the library.
3. On the Files tab, select the title of the database you want to publish to
the library.
4. Choose File - Database - Publish.
5. Select the database library title from the “Available libraries” list,
and click OK.
Setting Up Database Libraries and Catalogs 51-3

6. Enter information in the following fields, and then close and save the
database document:
• In the Abstract field, type a short description of the database to
serve as the description that appears next to the database’s title in
the database library.
• In the “Long Description” field, type a more complete description
of the database contents that appears when you open the database
document.
To delete a database from a library

1. In the database library ACL, make sure you have Author access to a
database to delete the database documents you’ve created and Editor
or higher access to delete documents others have created.
database library.
3. On the Files tab, double-click the title of the database library.
4. In the Databases by Title view, select the database you want to delete.
5. Choose Edit - Delete.
Database catalogs
A database catalog provides a list of all databases on a server. You use
the server Catalog task to create a database catalog. The Catalog task
bases the catalog file (CATALOG.NSF) on the CATALOG.NTF template
and adds the appropriate entries to the catalog’s ACL.
All databases on a server are included in the catalog when the Catalog
task runs. Only administrators can see listings for some databases (those
with the “List in Database Catalog” option selected in the Database
Properties box), as these databases are not included in the default views.
For databases in the default views, you can specify categories in the
Database Properties box to determine how the databases appear in the
categorized view of the catalog. For large catalogs, you can create a
full-text index to make searching the catalog faster.
To help users locate databases across an organization, or to keep track of
all the replicas for each database, you must set up a Domain Catalog — a
catalog that combines the information from the database catalogs of
multiple servers — on one of your servers. You can set up a Domain
Catalog regardless of whether you plan to implement Domino’s Domain
Search capability.
For more information on the Domain Catalog, see the chapter “Setting
Up Domain Search.”

Uses for a server’s database catalog
Besides allowing users to see what databases are on a particular server,
catalogs provide useful information about databases. For each database
in a view, a Database Entry document provides information such as file
name, replica ID, design template, database activity, replication, full-text
index, and ACL, as well as buttons that let users browse the database or
add it to their bookmarks. In addition, the document displays a link to
the database’s Policy (About This Database) document, which, for
Database Management
databases users are not authorized to access, they can view by sending
an e-mail request to the database manager.
Administering a server’s database catalog

Lotus Domino runs the Catalog task daily at 1 AM by default to create or
update a database catalog on every server. The Catalog task creates a
CATALOG.NSF database from the CATALOG.NTF template and
populates the catalog with a list of all databases on the server. You can
populate the catalog at any time by typing the following server
command at the server console:
load catalog
To view the documents in the database catalog, open the catalog from the
Domino Administrator or the Web Administrator tool (Files tab).
Setting up a server’s database catalog

You create a server’s database catalog by running the Catalog task. Then
you can make the catalog more useful for your users by:
• Creating your own categories to control the list of databases that
appear in the Databases by Category view of the catalog.
• Determining if there are any databases to exclude from the catalog’s
default views (such as mail files).
• Notifying users that the catalog exists and is ready for use.
To create a database catalog

From the server console, type the following server command:
load catalog
Note The Catalog task assigns Manager access in the ACL to

administrators and to the server that stores the catalog.
Setting Up Database Libraries and Catalogs 51-5

To assign a category to a database
Assign one or more categories to a database to determine how the
catalog groups the databases listed in the Databases by Category view. If
you do not specify categories, then the Databases by Category view is
blank.
1. Make sure you have at least Designer access in the database ACL.
database that you want to assign a category to.
3. On the Files tab, select the database that you want to categorize.
5. Click the Design tab, and select “List in Database Catalog.”
6. In the Categories box, type one or more categories for the database.
Separate category names with a comma or semicolon.
To exclude a database from a catalog’s default views

All databases on the server are listed in the catalog’s default views. You
might want to exclude some databases, such as mail databases, from the
default views by performing the following steps for each database that
you want to exclude.
Note Excluding a database from a catalog’s default views does not
prevent administrators from creating views that display a complete
listing of databases on the server.
1. Make sure you have at least Designer access in the database ACL.
database that you want to exclude from the catalog.
3. On the Files tab, select the database that you want to exclude.
5. Click the Design tab, and then deselect “List in Database Catalog.”

Chapter 52
Monitoring the Domino Server
This chapter explains how monitor the statistics and events that occur on
the Domino server and how to view and analyze performance statistics.
Monitoring the Domino system

Domino generates statistics that you can use to monitor system activity and
platform use, and includes many server-monitoring features that work
together to inform you about the processes, networks, and use of the
Domino system. Using one of three tools — the Domino Administrator, the
Monitoring
Web Administrator, or the server console — you can monitor the system. For
example, from the Domino Administrator, you can use the Domino server
monitor and statistics charts to view graphical representations of system
status; and from the server console, you can view a representation that uses
your predefined colors and text attributes to illustrate the status of a process.
The Domino Administrator includes these system-monitoring tools that
you use to configure, view, and track the Domino system:
• Monitoring databases — Store monitoring documents, information, and
results. The Monitoring Configuration database (EVENTS4.NSF) stores
the documents you use to set up monitoring. It also includes information
about statistics, statistic thresholds, and event messages. The Monitoring
Results database (STATREP.NSF) stores the gathered statistics reports
and can be configured to store information about logged events. The log
file (LOG.NSF) stores the server’s log documents.
• Monitoring Configuration documents — Define and configure what
constitutes an event, and how the event is handled. Also allow you to
customize the messages that appear on the console when an event
occurs.
• Server tasks — Collect and record information about the Domino
system. The Event Monitor task determines if an Event Handler has
been configured for the event, and if so, routes the event to the
specified person, database, or server-management program for
processing. The Statistic collector task gathers Domino server
statistics and creates statistics reports in the Monitoring Results
52-1
database (STATREP.NSF) or to another database you can specify.
The ISpy task executes TCP server and mail-routing event
generators.
• Statistics — Domino gathers statistics that show the status of
processes currently running on the system — for example, the
statistic “Free space on drive C” indicates the amount of free space
available on drive C. You use these statistics along with the
predetermined statistics thresholds to monitor both your Domino
system and platform statistics.
• Domino server monitor — Provides a visual representation of the
status of the servers you are monitoring.
Monitoring Configuration database

The Monitoring Configuration database (EVENTS4.NSF) includes a set of
default documents you use to set up system-monitoring. You can edit the
default documents or use the configuration wizards in the Monitoring
Configuration database to create new ones. The Monitoring
Configuration database includes these documents:
Document Description
Event Generator Defines the parameters of an event.
Event Handler Describes what action to take when an event occurs.
Event Notification Defines the notification method to use when the Event
Method Handler document prescribes notification.
Log Filter Specifies events that you do not want to log.
Server Console Sets the text, background, and color attributes for the
Configuration Domino server console.
Statistic Description Describes a statistic.
Server Statistic Specifies one or more servers from which statistics are
Collection collected and identifies the server that performs the
collecting.
Monitoring events on the Domino system

Every occurrence that happens on the Domino system is an event. Events
signal both that the system is working smoothly, processing data, and
performing tasks; and that the system is malfunctioning, perhaps by not
processing data or performing required tasks.

Domino generates events continuously. Therefore, to monitor the
Domino system efficiently, you must decide which events you want to
know about. For example, the event “Replicating files with servername”
occurs every time a file replicates with a specified server; consequently,
you may want to know about the event only if it fails. You configure
events that you want to know about, based on what type of information
is important to you. To configure an event, you determine three critical
pieces of information: what type of event it is, what the severity level is,
and how you want it handled. You configure your events using Event
Generator and Event Handler documents. Event generators describe the
condition that must be met for an event to be generated; event handlers
describe what happens when the event occurs.
After deciding which events you want to know about, decide what will
happen when the event occurs. You have several choices. You can log the
event to the log file (LOG.NSF); you can mail a notification of the event
to a file or an administrator; or mail the event to another application for
further processing.
Monitoring
You create an Event Handler document to specify to log the event to a
specified destination, and simultaneously receive notification of the
event’s occurrence and run a program for additional processing. You can
also prevent the event from being logged or handled at all. However, if
you want to know about an event, you must have an Event Handler
document. Otherwise the event is not recorded. There is no default way
of handling an event. So if you do not create event handlers, then events
are not logged or stored anywhere (except for server or add-in task
events, which are stored in the log). After an event is passed to the Event
Monitor task, it can invoke one or more configured Event Handlers.
Event generators
Event generators gather information by monitoring a task or a statistic or
by probing a server for access or connectivity. Each event generator has a
specified threshold or condition, which, when met, causes an event to be
created The event is passed to the Event Monitor task, which checks
whether an associated event handler has been defined. If an event
handler has not been defined, the Event Monitor task does nothing. If an
event handler has been defined, the Event Monitor carries out the
instructions in the event handler. The Event Monitor task, formerly know
as the Event task, starts automatically when you start the server and
must run on all servers that you want to monitor.
For more information about event handlers, see the topic “Event
handlers” later in this chapter.
Monitoring the Domino Server 52-3

The Domino Administrator includes a set of default event generators,
which are listed in the Event Generators view of the Monitoring
Configuration database (EVENTS4.NSF). To monitor other events that
are important to you, you must create an event generator and define the
type and severity of the event. The following table lists the types of event
generators you can create. If you purchased an add-in product designed
to work with server-management programs, you may see additional
types of events listed.
Event generator Description

Database event generator • Monitors database activity and free space
• Monitors frequency and success of database
replication
• Reports on ACL changes, including those made
by replication or an API program
Domino server response • Checks connectivity and port status of
event generator designated servers in a network
Mail routing event • Sends a mail-trace message to a particular
generator user’s mail server and gathers statistics
indicating the amount of time, in seconds, it
takes to deliver the message
Statistic event generator • Monitors a specific Domino or platform statistic
Task status event generator • Monitors the status of Domino server and
add-in tasks
TCP server event generator • Verifies the availability of Internet ports (TCP
services) on servers and generates a statistic
indicating the amount of time, in milliseconds,
it takes to verify that the server is responding
on the specified port
Event severity levels

The severity of an event indicates the level of required action.
Severity level Meaning

Fatal Imminent system crash
Failure Severe failure that does not cause a system
crash
Warning (high) Loss of function requiring intervention
Warning (low) Performance degradation
Normal Status messages

Creating a database event generator
Create a database event generator to monitor database use and ACL
changes.
then open the Monitoring Configuration view.
2. Open the Event Generators - Database view, and then click New
Database Event Generator.
3. On the Basics tab in the “Databases to monitor” section, complete
these fields:
Field Action
File name Enter the name of the database.
Servers Choose one:
• All in the domain
• Only the following. Then select one or more servers to
monitor.
Monitoring
4. In the “What to monitor” section, choose one or more of the
following:
• Monitor ACL Changes — To monitor all ACL changes, including
those made by replication.
• Monitor replication — To monitor the frequency and success of
database replication. Then complete these fields on the Replication
tab:
Field Action
Server(s) with Choose one:
which the database • All in the domain.
must replicate
• Only the following. Then select one or more
servers from the list.
Replication timeout Enter a time-out value. The default is 24 hours.
• Monitor unused space — To monitor the amount of white space

(free space) in one or more selected databases on a server. Then
complete these fields on the Unused Space tab:
Field Action
Trigger the event when unused Enter a percent. The default is 30%.
space exceeds
Automatically compact the (Optional) Select this option (the
database when the above default) to compact the database.
condition is met

• Monitor for user inactivity — To monitor database activity and to
determine which databases are not being used. Then complete
these fields on the user Inactivity tab:
Field Action
Time periods to Choose one:
monitor • Daily
• Weekly
• Monthly
Minimum sessions Enter a minimum number of sessions that will
trigger an event. The defaults are:
• Daily — 10 sessions
• Weekly — 50 sessions
• Monthly — 300 sessions
5. On the Other tab, complete these fields, and then save the document:
Field Action
Generate a database event Select a severity level.
of severity
Create a new event Click this button to launch the Event
handler for this event Notification Wizard and create an event
handler.
Creating a Domino server event generator

Create a Domino server event generator to configure a server that checks
connectivity and port status of designated servers in the network every
three minutes.
2. Open the Event Generators - Domino Server Response view, and
then click New Domino Server Event Generator.
Field Action
Target server(s) Choose one or more servers to probe.
Probing server Choose the server that will probe the target servers.
(source)
4. For the field “Interval n minutes,” enter an interval in minutes at

which you want to send the probe. The default is three.

5. Choose one of the following options:
• Check just the ability to access the destination server
• Check the ability to access the destination server and open this
database, and then enter a file name
6. Click the Probe tab, and then complete these fields:
Field Action
Ports Do one:
• Enable the field to use any configured port to check
access.
• Disable the field, and specify the port to use.
Time-out Enter a number that represents the allocated amount of
threshold time (in milliseconds) to open the database or access
the server. The default is 1000 milliseconds.
The Resulting Statistic field, which is not editable, shows the name of
the statistic that is generated.
Monitoring
7. Click the Other tab, complete these fields, and then save the
document:
Field Action
On time-out, generate a Server Select a severity level.
event of severity
Create a new event handler for Click to launch the Event Notification
this event Wizard and create an event handler.
Creating a mail-routing event generator

Create a mail-routing event generator to test and gather statistics on mail
routes. To test a mail route, the ISpy task sends a mail-trace message to a
specified user’s mail server.
This event generator creates a statistic that indicates the amount of time,
in seconds, it takes to deliver the message. If the mail-routing trace fails,
the statistic has the value -1. If the Statistic Collector task is running, the
Monitoring Results database (STATREP.NSF) stores the statistics. The
format of a mail routing statistic is:
QOS.Mail.RecipientName.ResponseTime
In addition, the ISpy task monitors the local mail server by default and
generates events for traces that fail. To monitor other Domino mail
servers, create an event generator and set up an event handler to notify
you when an event has occurred.

To create a mail-routing event generator
1. Make sure that you started the ISpy task on the server.
For more information on the ISpy task, see the topic “Starting and
stopping the ISpy task” later in this chapter.
3. Open the Event Generators - Mail view, and click New Mail Routing
Event Generator.
Field Action
All Domino servers in Do one:
the domain will probe • Check this option to have each server to probe
themselves only the local mail box.
• Uncheck this option to probe specified servers.
Recipient Enter the address of the recipient for which you
want to check the mail route or use the drop-down
box to select a recipient from a Domino Directory
or Address Book. Do not enter more than one user
and do not enter a group name.
Probing servers Select the name of the server from which to start
(source) the probe.
Show intermediate Enable this option to track intermediate hop times.
hop times
5. Click the Probe tab, and complete these fields:

Field Action
Send interval Enter the number of minutes between probes. The
default is 15.
Time-out threshold Enter the number of minutes the probing server
(source) waits for a response before logging a
failure.
6. Click the Other tab, complete these fields, and then click Save &
Close.
Field Action
On time-out, generate Select the severity level.
a Mail event of
severity
Create a new event Click this button to launch the Event Notification
handler for this event Wizard and create an event handler.

Creating a statistic event generator
The Monitoring Configuration database (EVENTS4.NSF) includes a
definition of each Domino system and platform statistic. Each definition
also includes a default threshold value. To monitor a statistic, create a
statistic event generator. In the statistic event generator, you can change
the default threshold and specify how you want the event to be handled
when the threshold is met.
To generate statistic events, statistic alarms must be enabled on either the
Domino Server or the Domino Administrator. Enabling statistic alarms
instructs the Collector task to periodically check the value of configured
statistics with the thresholds specified in their event generator
documents. When a threshold is exceeded an alarm document is created
in the Monitoring Results database (STATREP.NSF). The first time an
alarm is reported, a statistic event is generated. Alarms continue to be
reported at the alarm interval specified when you enabled alarms.
However, after the first alarm, subsequent events are generated, by
default, once daily until you clear the alarm in the Statistics - Alarms
Monitoring
view of the Domino Administrator.
You enable alarms in the Domino Administrator by setting
Administration Preferences. You enable alarms on the server, in the
Server Statistic Collection document.
For more information on enabling statistics alarms in the Domino
Administrator, see the chapter “Setting Up and Using Domino
Administration tools.” For more information on enabling alarms on the
Domino Server, see the topic “Creating a Server Statistic Collection
document,” later in this chapter.
To create a statistic event generator

2. Open the Event Generators - Statistic view, and click New Statistic
Event Generator.
3. Under Servers to monitor, choose one:
• Only the following. Then select one or more servers you want to
monitor.
4. Under Statistic to monitor, select a statistic, and then choose one:
• Monitor as a percent of the whole (Disk.C.Size). Then click the
Threshold tab and enter the percentage of the total (Disk.C.Size)
that is the threshold value.
• Monitor as a number (bytes). Then click the Threshold tab, and
enter a threshold value in bytes.

5. For the “Generate the event when” field, choose one:
• The statistic is less than the threshold value
• The statistic is greater than the threshold value
• The statistic is a multiple of the threshold value
Close.
Field Action
Generate a statistic Select a severity level.
event of severity
Creating a task status event generator

Create a task status event generator to monitor when a task starts, stops,
or stalls.
2. Open the Event Generators - Task Status view, and click New Task
Monitor.
3. On the Basics tab under Tasks to monitor, complete these fields:
Field Action
Task name Select the name of the task.
Servers Choose one:
• Only the following. Then select the name of one
or more servers
What to monitor • Monitor task down
• Monitor task up
• Monitor task not responding
• Monitor task resumed responding
4. Click the Other tab, complete these fields, and then save and close.
Field Action
Generate a monitor Select a severity level.
event of severity

Creating a TCP server event generator
Create a TCP server event generator to verify the availability of the
services on Internet ports on one or more servers. A TCP server event
generator uses the Ispy task to send a probe to test whether the server is
responding on a port. The probe generates a statistic that indicates the
amount of time, in milliseconds, it takes to verify that the server is
responding on the specified port. If the probe fails, the statistic has the
value -1. The format of a server probe statistic is:
QOS.TCPservice.ServerName.MonitorId.ResponseTime
If the Collector task is running, the Monitoring Results database

(STATREP.NSF) stores the Internet port statistics.
By default, the ISpy task monitors all enabled Internet ports (TCP services)
on the server on which it is running. When you create a TCP server event
generator, you can have each server probe its own configured ports and all
services that are running on those ports, or you can select which servers
and services to probe. To verify the statistic name and the type of event
Monitoring
generated upon failure, click the tab for each service.
To create a TCP server event generator

1. Make sure that the ISpy task is running on the server.
For more information on the ISpy task, see the topic “Starting and
stopping the ISpy task” later in this chapter.
3. Open the Event Generators - TCP Server view, and click New TCP
Server Event Generator.
4. On the Basics tab for the field “All Domino servers in the domain
will probe themselves,” do one:
• Check the option to have each server probe all services on its own
configured ports. Then continue with Step 6.
• Uncheck the option to specify the server ports and services to
probe.
5. Under Target Servers, choose one:
• All in the domain (default) — To probe the ports of all servers in
the domain.
• Only the following — To probe the ports of selected servers in the
domain. Then select one or more servers.
6. Under Probing servers (source), select the server from which the
probes will be sent.

7. Click the Probe tab, and complete these fields:
Field Action
Probe interval Enter the number of minutes between probes.
Default is 15.
Service time-out Enter the number of seconds the probing server
threshold (source) waits for a response before logging a
failure. Default is 30.
8. If all servers are probing themselves, continue with Step 8. If you

chose to specify services, choose one.
• Probe all configured TCP services
• Probe these services. Then check the services to probe.
9. If all servers are probing themselves or if you selected the HTTP
service to probe, click the HTTP tab and choose one
• Probe just the port — To probe the availability of the HTTP service
on the port.
• Fetch this URL — To probe for the availability of a Web server.
Then enter a URL specifying the file path. Do not include the
server in the URL address.
10. If all servers are probing themselves or if you selected the NNTP
service to probe, click the NNTP tab and choose one:
• Probe just the port — To probe the availability of the NNTP
service on the port.
• Send this command — Then enter the command and the news
group name.
Close:
Field Action
On time-out, generate Select the severity level.
an event severity
Create a new Click this button to launch the Event Notification
notification profile for Wizard and create an event handler.
this event
Disabling an event generator

You may want to use some event generators only temporarily. For
example, if you suspect that server performance is slow, you can set up a
statistic event generator document to report if more than five server
sessions are dropped (Server.Sessions.Dropped), and then disable this
event generator after you monitor dropped server sessions for a week.

To disable an event generator
2. Open the Event Generators view, and select the event generator to
disable.
3. Click the Other tab.
4. Check the field “Disable this event generator.”
5. Save and close.
Starting and stopping the ISpy task

You must start the ISpy task before you can create server and mail
routing event generators. The ISpy task does not start automatically. Use
any of these methods to start and stop the ISpy task. Because the ISpy
task is case-sensitive, you must enter it exactly as shown in this table.
To do this Perform this task
Monitoring
Start the ISpy task automatically Edit the ServerTasks setting in the
when the server starts NOTES.INI file to include RunJava ISpy.
Start the ISpy task manually Enter the command load runjava ISpy at the
console.
Stop the ISpy task Enter either the command tell runjava ISpy
quit or tell runjava quit at the console.
For more information about NOTES.INI settings and server commands,

see the appendices.
Using event generator and event handler wizards

If you know the type of event generator you want to create and are
familiar with the options available in that event generator document, use
the following wizards in the Monitoring Configuration database
(EVENTS4.NSF) to create event generators and event handlers:
• Event handler wizard — Creates an event handler.
• Database and statistic wizard — Creates database and statistic event
generators.
• Mail-routing and server response wizard — Creates mail-routing,
Domino server, and TCP event generators.
To start a wizard
2. Open the Monitoring Configuration database, and then choose the
Setup Wizards view.
3. Click the wizard you want to use.

Viewing event generators
Event Generator documents are stored in the Monitoring Configuration
database (EVENTS4.NSF). Each type of event generator has a view that
provides a list of all event generators, plus additional configuration
information.
To view event generator documents

open the Monitoring Configuration database (EVENTS4.NSF).
2. Open the Event Generators view, and select the type of event
generator documents to view.
3. Double click an event generator document to display additional
information.
Event handlers
An event handler defines the action that Domino takes when a specific
event occurs. You can define an event handler to do one or more of the
following:
• Log the event to a configured destination
• Notify you that the event occurred and specify the method of
notification
• Forward the event to another program for additional processing
• Prevent the event from being logged to the server console or to a
specified destination
The Monitoring Configuration database (EVENTS4.NSF) includes
default event handlers for server tasks. However, to customize how
events are handled, you may want to create a custom event handlers.
You can enable or disable an event handler, so you can easily disable a
default event handler and replace it with a custom one.
When you create an event handler, you specify the condition — for
example, when an event meets or exceeds a threshold or meets a
specified severity level — that triggers it. To specify event handler
conditions, you define a set of criteria, specify a task, or select a custom
event generator that triggers the event handler.
For example, suppose you create an event handler that defines the
criteria as a replication event with a severity level of Fatal. Then any
replication event that matches that criteria is handled based on the event
handler you created. Or, you can create an event handler for all events of
any type that have a severity level of Fatal. An event handler is
generated only if the specified task creates an event. And event handlers

based on custom event generators are triggered only if the associated
event generator creates the event.
You can also create different handlers for different severities. For
example, you may want to be notified immediately if an event has a
severity level of Fatal or Failure and choose to write the information to
the log file or to the Monitoring Results database (STATREP.NSF).
Normal levels of events may not interest you, so you may want to create
a log filter to prevent normal events and severity levels from being
logged to the log file or the server console.
Event handler notification methods

Depending on the type or severity of an event, you may want to be
notified immediately by an alarm, e-mail message, or server-console
message. When you specify a handler notification method, you also
specify where events are reported. Domino provides the notification
methods listed in the table below.
Monitoring
Notification method Result
Broadcast Reports the event to all users logged onto the server or to a
specified group of users.
Log to database Logs the event to a database, typically STATREP.NSF, on a
local server. Select this method only if the specified server
is reporting events to its own collection database.
Mail Mails the event to a person or to a mail-in database
(typically STATMAIL.NSF) on a server in a different
domain or one that uses an incompatible mail protocol.
NTLog Reports the event to the Windows NT Event Viewer.
Pager Uses the mail address of an alphanumeric pager to report a
modified version of an event to a pager.
Prog Runs an add-in program or specified command to correct
problems automatically.
Relay Relays the event to another server that is in the same
Domino domain and that runs a common protocol. These
events are collected in a database, typically STATREP.NSF.
Sound Sounds an alarm on the designated server when the event
occurs.
SNMP Trap Sends the event as an SNMP trap. Select this method only if
the specified server is running the Event Interceptor task
and the Domino SNMP Agent.
UNIXLog Reports the event to the UNIX system log.
For more information on SNMP agents, see the chapter “Using the
Domino SNMP Agent.”

Using an API to create an event notification method
If you use an API, there may be additional types of notification methods.
To use one of these methods, create a notification based on the name and
description provided by the API.
open the Monitoring Configuration view.
2. Open the Names & Messages (Advanced) - Notification Methods
view, and click New Notification Method.
3. Enter a description of the notification method.
4. Enter the name of the notification method.
Event types used to specify event criteria

When you create an event handler based on matching the event criteria,
you must specify the type of event.
Event type Generates

Add-in Messages related to the Add-in task.
Adminp Messages related to the Adminp task.
Agent Messages related to agents.
Client Messages related to the client.
Comm/Net Messages related X.PC.
Compiler Messages related to compute and compile functions.
Database Messages related to databases.
Directory Messages related to directory services.
(LDAP)
Mail Messages related to mail routing.
Misc Miscellaneous messages not in another event category.
Monitor Messages related to events generated on the Domino
Administrator by Server Monitoring.
Network Messages related to the LAN.
Replica Messages related to replication, including event handler
notifications generated by a database event generator.
Resource Messages related to system resources.
Router Messages related to mail events.
Security Messages related to ID files and server and database access,
including event handler notifications generated by a database
event generators.
continued

Event type Generates
Server Messages related to conditions on a particular server or server
connectivity. These messages can include event handler
notifications generated by Domino server event generators.
Statistic Messages related to statistic alarms.
Unknown Messages that have an unknown prefix and are not listed in
another event category.
Update Messages related to indexing.
Web Messages related to the HTTP task.
(HTTP/HTTPS)
Creating an event handler

When you create an event generator, you can launch the event handler
wizard to create an event handler at the same time. You can also
manually create an Event Handler document in the Monitoring
Configuration database (EVENTS4.NSF).
Monitoring
For more information on the wizard, see the topic “Using event generator
and event handler wizards,” earlier in this chapter.
To create an Event Handler document

2. Open the Event Handlers - All view, and click “New Event Handler.”
3. On the Basics tab in the “Server(s) to monitor” field, choose one:
• Notify of the event on any server in the domain
• Notify of the event only on the following servers. Then select the
server from a list.
4. Under Notification trigger, choose one:
• Any event that matches a criteria. Then complete these fields on
the Event tab:
Field Action
Event type Choose one:
• Events can be any type
• Events must be this type. Then select the type from the list.
Event Choose one:
severity • Events can be any severity
• Events must be one of these severities. Then select a
severity level from the list.
continued

Field Action
Message Choose one:
text • Events can have any message
• Events must have this text in the event message. Then
type the message text.
For more information about event types and event severity levels,
see the topics “Event types used to specify event criteria,” and
“Event generators,” earlier in this chapter.
• A built-in or add-in task event. Then click Select Event, select the
event from the list, and choose one:
• Events can have any message
• Events must have this text in the event message. Then type the
message text.
• A custom event generator. Then select it from the list or click New
to create a new custom event generator.
(Optional) Click “Details” to view a custom Event Generator
document.
5. Click the Action tab and choose the notification method.
For more information on event notification methods, see the topic
“Event handler notification methods,” earlier in this chapter.
Note If you purchased an add-in product designed to work with
server-management programs, you may see additional notification
methods.
6. Choose one enablement option:
• Enable this notification — To enable the notification during all hours.
• Enabled only during these times — Then click the clock and move
the slider to select the start and end time during which this event
handler is enabled.
Disabling an event handler

You may want to disable an event handler that you created. For example,
if you create an event handler to help you troubleshoot replication
problems, after you resolve the problems, you can disable the event
handler. Then, when you need to do replication troubleshooting again,
just enable the event handler.

To disable an event handler
2. Open the Event Handlers - All view.
3. Open the event handler you want to disable in edit mode.
4. Click the Action tab, and choose the field “Disable this notification.”
5. Save and close.
Creating log filters

By default, Domino logs all events to the log file (LOG.NSF), which can
become quite large, depending on the log level set for each event. To
prevent events from being logged either to the log file or to the server
console, create a log filter that specifies both the type and severity of the
event to filter. Then only events that meet the specified criteria appear in
the log file.
Monitoring
To create a log filter
1. From the Domino Administrator, click the Configuration tab and
then open the Monitoring Configuration - Log Filters view.
2. Click “New Event Filter.”
3. On the Basics tab, select the name of the server on which you want to
set log filters.
4. Click the Database tab. For the field “Log unknown
types/severities?” select Yes or No to filter events from the log file.
5. Choose one:
• Log All Types — Then specify a severity level.
• Select types — Then check each type of event to log.
6. Click the Console tab. For the field “Log unknown types/severities?”
select Yes or No to filter events from the console.
7. Choose one, and then Save & Close:
• Log All Types — Then specify a severity level.
• Select types — Then check each type of event to log.
Tip You can also create a log filter from the server console.
For more information about setting log levels, see the chapter “Using Log
Files.”

Viewing event handlers and log filters
You can view default and custom event handlers and log filters.
To view an event handler

2. Open the Monitoring Configuration - Event Handlers view.
3. Open one of these views:
• All
• By Action
• By Author
• By Severity
• By Type
4. Double-click the Event Handler document to open it.
To view an event filter

2. Open the Monitoring Configuration - Log Filters view.
3. Double-click the Log Filter document to open it.
Viewing an event report

The Monitoring Results database (STATREP.NSF) stores statistic and
event information, depending on how you configured the Statistic
Collector server task and event handler documents. For each event, a
report records the server that originated the event; the time, severity,
type and error code of the event; and a brief description of the event.
To view a report
1. From the Domino Administrator, click the Server - Analysis tab.
2. Click the Monitoring Results - Events view.
3. Double-click a report to view the information.
Viewing event messages, causes, and solutions

Each event that occurs on the Domino system has an associated event
message that is stored in the Monitoring Configuration database
(EVENTS4.NSF). The message text often provides information about
possible causes and solutions. You can view event messages by text or by
type.

To view an event message
2. Open the Names and Messages view, and choose one of these views:
• Event Messages — To view all messages, sorted by type and then
by severity level.
• Event Messages by Text — To view all messages, sorted
alphabetically by message text.
Customizing the appearance of the Domino server console and

Domino Administrator console
By creating a Server Console configuration document for the server you
are monitoring, you can specify the text, background, and color attributes
that the Domino server console uses to display monitoring information.
By default, the Domino Administrator server console uses the same
attributes, but you can override the defaults and customize the
Monitoring
appearance of the Domino Administrator server console.
To customize the appearance of the Domino server console

1. From the Domino Administrator, click the Server - Status tab.
2. Open the Server Console view.
3. From the menu, select Live Console - Server - Set Server Console
Attributes.
4. Select the server whose attributes you are configuring.
5. Click the color palette to select a color attribute for the background
and event text. Look at the console display beneath the palette to
view your choices in real time.
Console display Default color
Console Background Black
Normal Events Light grey
Fatal Events Red
Failure Events Magenta
Warning (High) Events Yellow
Warning (Low) Events White
6. (Optional) To reset the colors to the defaults, click Reset to Defaults.


To customize the appearance of the Domino Administrator server
console
3. From the menu, select Live Console - Local - Set Console Properties.
4. Click the Color tab. For the field “Use server default,” do one:
• Check the field to use the defaults set in the Server Console
Configuration document for the server. This is the default.
• Clear the check box, and then select a color for background, text,
and severity levels.
5. Click the Filters tab, and clear the check box for any status level you
do not want to log to the Domino Administrator server console. The
default is all levels are checked.
6. Click the Attributes tab, and then select the font, size, and
appearance for the local console text.
To view a Server Console Configuration document

2. Open the Monitoring Configuration - Console Attributes view.
Using the Domino Administrator server console to monitor events

When you use the Domino Administrator server console to monitor
events, you can set a stop trigger for an event. The stop trigger causes the
console to pause and display only the event and the next 10 lines of
console text when the event occurs. In addition, you can retrieve
additional information about error messages, including possible causes
and solutions, and create event handlers.
To set or remove a stop trigger

After you troubleshoot the problem for which you set the stop trigger, be
sure to remove it.
3. Click Pause or Stop to stop the logging of information to the console.
4. Do one:
• To remove a stop trigger, select Live Console - Local - Remove
Stop Trigger.
• To set a stop trigger, select the event for which to set a stop
trigger. Then from the menu, select Live Console - Set Watch.

5. Do one to restart the Domino Administrator server console:
• If you clicked Pause, click Resume.
• If you clicked Stop, click Live.
To get error information
4. Select the event error message for which you want more information.
5. Select Live Console - Lookup Error.
To create an event handler
Monitoring
4. Select the event for which you want to create an event handler.
5. Select Live Console - Create Local Event Handler.
6. If an event handler for the specified event already exists, you are
prompted to edit the Event Handler document or create a new one.
For more information on event handlers, see the topic “Creating an event
handler,” earlier in this chapter.
To start or stop the Domino Administrator server console

3. Click Live to start the console, or click Stop to stop it.

Statistics and the Domino system
Domino continuously generates and updates server statistics, which you
can collect and monitor in a number of ways. From the server, you can
use the Show Statistic or Show Platform Statistic commands. From the
Domino Administrator, you can create statistics profiles and charts.
Monitoring from the server

To collect server statistics and store them in the server’s Monitoring
Results database (STATREP.NSF), the Statistic collector task (also called
the Collector task) must be running on the server or on a server
designated to collect statistics from one or more other servers.
Monitoring from the Domino Administrator

To use the Domino Administrator to monitor statistics, you must set up
statistic Administration Preferences to generate statistics reports, which
are stored in the local Monitoring Results database (STATREP.NSF).
Then you can use the Domino Administrator to monitor and chart the
statistics. In the Domino Administrator, the Collector task collects
statistics locally from specified servers and saves them to memory. For
example, when you create real-time charts, it collects statistics from the
servers listed in the statistics profiles or those selected for charting.
For more information on setting Administration Preferences, see the
chapter “Setting Up and Using Domino Administration Tools.”
Statistic Collector task

The Statistic Collector task, formerly known as the Collector task, gathers
statistics for one or more servers in a domain and, by default, creates
statistic reports in the Monitoring Results database (STATREP.NSF).
There are two ways to set up statistic collection. You can start the Statistic
Collector task on each server, which then collects its own statistics and
creates reports in the local Monitoring Results database. Or you can start
the Statistic Collector on one server that you set up to collect statistics
from one or more servers and create reports in a specified Monitoring
Results database.
For example, if you use one designated server to collect statistics from
other servers, you start the Statistic Collector task only on that server and
create a Server Statistic Collection document to identify the servers from
which to collect statistics. Reports are created in the Monitoring Results
database (STATREP.NSF) on the designated server.
The Statistic Collector task loads automatically on a server if it is in the
task line of the NOTES.INI file.

In the Domino Administrator, the Statistic Collector starts when you start
the Domino server monitor, when you chart real-time statistics, or when
you access the Server - Statistic tab. You can also set a Monitoring
Administration Preference so that the Statistic Collector task starts
automatically when you start the Domino Administrator. The Statistic
Collector task continually adds new servers from which it gathers
statistics as you monitor or chart statistics from additional servers.
For example, in the Domino server monitor, if you begin monitoring the
servers in the Acme1monitoring profile, the Collector task begins
collecting statistics from the servers listed in the Acme1 profile. Then if
you switch to charting and chart the statistics in the AcmeEast statistics
profile, the Statistic Collector task simply adds the servers in the
AcmeEast statistics profile to the list of servers from which it is gathering
statistics. It does not stop gathering statistics from the servers in the first
group you monitored in the Acme1 profile.
Setting Administration Preferences for monitoring and statistics
Monitoring
You must set monitoring Administration Preferences to generate
statistics and reports and to specify the location from which you are
monitoring statistics. You set statistics Administration Preferences to
enable the reporting of statistics to the local Monitoring Results database
(STATREP.NSF), which is used when creating statistics charts. To
generate statistic event generators, you must enable statistics alarms.
For information on setting preferences, see the chapter “Setting Up and
Using Domino Administration Tools.”
Creating a Server Statistic Collection document

You use a Server Statistic Collection document to designate one collector
server and one or more other servers from which the collector server
collects statistics. By default, the collector server reports the statistics to
the local Monitoring Results database (STATREP.NSF), unless you
specify a different database.
To create a Server Statistic Collection document

open the Monitoring Configuration - Server Statistic Collection view.
2. Click “New Statistics Collection.”
3. On the Basics tab, select the collecting server.

4. Choose one of the following:
• All servers in this domain — To collect statistics from all servers
connected to the collector server.
• All servers that are not explicitly listed to be collected — To collect
statistics from all servers in the domain from which statistics are
not currently being collected.
• From the following servers — Then choose the servers from which
to collect statistics.
5. To log statistics to a database click the Options tab. Check the field
“Log statistics to a database” and then complete these fields:
Field Action
Database to receive Enter the name of the database to store the
reports reports. The default is STATREP.NSF.
Collection report interval Enter the number of minutes between reports.
The minimum is 15; the default is 60.
Collection alarm interval Enter the number of minutes between alarms.
The minimum is 15; the default is 60.
Statistic filters Select the types of statistics to omit from the
report.
Platform statistics
In addition to tracking server statistics, Domino tracks operating-system
performance statistics. You can view these statistics from the Domino
Administrator, along with your Domino statistics, which helps you with
Domino server monitoring and tuning. You can include platform
statistics in any statistic monitoring task you perform with the Domino
statistics, including using them in monitoring and statistic profiles, and
charting them.
There may be slight overhead incurred while running platform statistics,
however the overhead is insignificant. No disk space is consumed by
enabling platform statistics, since no log files are created. As with
Domino statistics, disk space is used only if you log platform statistics to
the log file or to the Monitoring Results database (STATREP.NSF). The
amount of disk space used depends on the frequency of capture.

By default, the Statistic Collector task continuously gathers these statistics:
• Logical disk — Statistics for individual disks and total percent use of
all disks
• Paging file — Statistics that show use of paging files
• Memory — Statistics showing memory allocation and use, including
available memory
• Network — Statistics for individual network adapters and
cumulatively for all the network adapters on the system
• Process — Statistics that show the percent of CPU use, along with
process ID of Domino tasks, if the task is present. (Information for
idle tasks is reported as zero.)
• System — Statistics on the information captured — for example, a
summary of system CPU use and queue length.
Platform statistics on partitioned servers

When collecting statistics from a partitioned server, Domino collects
Monitoring
platform statistics that pertain to the system as a whole, not to an
individual partition. For example, memory use or CPU use statistics are
the same value on a partitioned and non-partitioned server. The only
statistics that are specific to a partition are those that reflect tasks, such
process statistics, where one partition might run 10 tasks, while another
partition runs 15 tasks.
Confirming platform statistics metrics using other performance monitoring

tools
Because of the differences in sampling intervals, you cannot use native
monitoring tools to confirm platform statistics. There will be
discrepancies between platform statistics and those obtained using
Perfmon (for Windows NT or Windows 2000) or a system command,
such as this UNIX command:
iostat /vmstat/ netstat
Viewing platform statistics

From the console, you can use the Show Stat Platform command to view
all platform statistics or just a subset of them. When you show all the
platform statistics, they display alphabetically in these categories:
• Logical disk
• Memory
• Network
• Paging file

• Process
• System
To view a list of all statistics
To view a list of all statistics, use the Show Stat command.
For more information on server commands, see the appendix “Server
commands.”
Controlling platform statistics reporting

From the console, you can use the Platform command to set a sampling
period that determines how often statistics are gathered, and you can pause
and resume the collection of platform statistics. In addition, you can control
how often statistics are reset to zero and samplings are gathered.
Three types of statistic values are reported:
• Fixed — Statistic values that do not change. They include
information such as number of disks, or an assigned name. For
example, in the statistic Platform.LogicalDisk.<identifying
number>.PctUtil, the identifying number is a variable that identifies
the disk. This information does not change when you issue a
Platform Reset command.
• Primary — Statistic metrics from which secondary statistics are
derived. For example, the total paging file utilization statistic
(Platform.PagingFile.TotalPctUtil) is the basis for secondary statistics
that calculate the average and the peak values
(Platform.PagingFile.TotalPctUtil.Avg and
Platform.PagingFile.TotalPctUtil.Peak).
• Secondary — Statistic values that are a combination of or are derived
from primary statistics. For example, these are often average,
minimum, or peak statistics.
For information on using the Platform command, see the appendix
Evaluating platform statistics

Use this information to help you evaluate platform statistics.
Using Perfmon on Windows 2000 and Windows NT systems

If you use Perfmon on Windows NT or Windows 2000, some counters
may report inaccurate information because of the way that Perfmon
collects statistics. Logical disks that are actually very busy may report
average queue lengths of zero. Unplugged network adapters may show
traffic.

Network statistics
On Solaris, AIX, and OS/400®, Domino provides statistics for a
maximum of ten network adapters. On Windows 2000 and Windows NT,
there is no limit on the number of network adapters. The loopback
interface is not included in the list of adapters. On AIX, only Ethernet
and token ring network adapters are supported.
Process statistics
On Windows 2000 and Windows NT, when you view process statistics,
the Percentage Total Domino CPU Utilization value may be greater than
the Total System CPU Utilization. This is because the CPU utilization
value for each individual process is calculated based on the total number
of processes used in a sampling interval.
On Windows 2000 and Windows NT, Domino process names include the
letter “n” as a prefix. For example, in Perfmon, Adminp — the process
name for the Administration Process — is nadminp. To maintain
Monitoring
platform-independence in naming, Domino does not include the prefix
on any platform statistics.
On Solaris, AIX, and OS/400 platforms, process statistics indicate how
busy the processes are, but these are not absolute values. On these
platforms, the utilization is based on how busy the processes are in the
current sampling period as compared to how busy they were in the
previous sampling period. For example, if a process reports 30%
utilization in the first sampling and 60% in the second, the process is
twice as busy.
On all platforms, by default, the performance statistics for processes that
are idle have the value zero.
Logical disk statistics

On Windows NT, Windows 2000, and Solaris, the values for disk
utilization counters may exceed 100%, indicating that the disks are being
heavily utilized. Similarly, on multiprocessor systems, the individual
CPU utilization for a process may exceed 100%, depending on the
number of processors in the system.
On OS/400, there are statistics for a maximum of ten logical disks
(auxiliary storage pools).

System statistics
On Windows 2000 and Windows NT, the value of the combined CPU
utilization statistic (Platform.System.PctCombinedCpuUtil) is not defined
as sum of the user and privileged CPU utilization values
(Platform.PctUserCpuUtil and Platform.PctPrivilegedCpuUtil). However,
on Solaris and AIX, the value of the combined CPU utilization statistic is
defined as sum of the user and privileged CPU utilization values.
Viewing information about platform statistics

To view information about platform statistics, open the Monitoring
Configuration database (EVENTS4.NSF), which includes a complete list
of platform statistics and average and peak values, where applicable. In
addition, the Monitoring Configuration database also lists equivalent
metrics from other performance-monitoring tools, as well as displays
statistic descriptions and reports.
To view a list of platform statistics and definitions

2. Open the Monitoring Configuration database (EVENTS4.NSF).
3. Open the view Names & Messages (Advanced) - Platform Statistic
Names.
4. Select one:
• Domino 6 — To view platform statistics available for both Domino
5 and Domino 6 servers.
• R5 — To view platform statistics available only for Domino 5
servers.
5. Select a statistic, and click the triangle to expand the view for average
and peak values, if available.
6. Double-click the name of the statistic to open the Statistic Description
document.
To view statistics reports

You can view a predefined set of platform statistics reports for each
server. For more information on viewing platform statistics reports, see
“Viewing statistics reports” later in this chapter.
Disabling platform statistics

By default, platform statistics are enabled. To disable platform statistics,
enter this setting in the NOTES.INI file, and then restart the Domino
server:
Platform_Stastics_Disabled=1

Using the Domino Administrator to monitor statistics
Using the Domino Administrator, you can create a statistic profile that
you use to monitor the same set of statistics periodically or to compare
performance on different servers. You can view statistic reports or view
real-time statistics. You can also chart statistics in real time or historically.
You can monitor statistics in the following ways:
• View statistic reports of the most commonly used statistics.
• View default statistic thresholds
• Define new statistics
• View a list and description of all statistics
• Export statistics to a spreadsheet
• Mail statistics to a mail-in database
• Create a statistic profile
Monitoring
Viewing statistics reports
Domino includes these default statistics reports:
• Calendaring and Scheduling
• Clusters
• Communications
• Mail and Database
• Network
• Platform
• System
• Web Server & Retriever
The information in these reports provides a subset of statistics in each
category. To view all statistics, use the Show Statistic command at the
console or from the Domino Administrator, click the Server - Statistics
tab.
To view statistics reports

2. Click the Monitoring Results view, and select Statistics Reports.
3. Select a report.

Viewing default statistic thresholds
Each Domino statistic has an associated default threshold that you use
when you create an event generator. Statistic thresholds are stored in the
Monitoring Configuration database (EVENTS4.NSF).
To view a default statistic threshold

2. Open the Names and Messages view, and then open the Default
Statistic Threshold view
Viewing descriptions of statistics

The Monitoring Configuration database (EVENTS4.NSF) includes a
complete list of statistics. For more information on a statistic, select the
statistic and view the Statistic Description document.
To view a statistic description

3. Open the view Names & Messages (Advanced) - Statistic Names.
4. Double-click the name of a statistic to open the corresponding
Statistic Description document.
Creating a new statistic

You can create a new statistic and then use it in statistic profiles and
statistic charts. To use a new statistic to create a statistic event generator,
you must specify a threshold.
You can create an operating system statistic for use as a template. You
can create a new statistic template that includes a variable. For example,
you can create a statistic that includes the variable <portname>. Then to
collect statistics on more than one port, copy the statistic and replace the
variable with the actual port name.
When you create a statistic, you define the type of data the statistic will
collect and the measurement unit. You also specify whether it is an
operating system statistic or a trended statistic.
Trended statistics are gathered by the Activity Trends Collector task, and
used to provide activity trends statistics information. The Activity Trends
Collector task is used by the IBM Tivoli Analyzer for Lotus Domino.
For more information on the IBM Tivoli Analyzer for Lotus Domino and
resource balancing, see the topic Activity Trends for IBM Tivoli Analyzer
for Lotus Domino.

For more information on the IBM Tivoli Analyzer for Lotus Domino and
resource balancing, see the chapter “Using IBM Tivoli Analyzer for Lotus
Domino.”
To create a new statistic

open the Monitoring Configuration - Names & Messages (Advanced)
- Statistic Names view.
2. Click “New Statistic.”
Field Action
Statistic name Enter the name of the new statistic.
Data type Choose one:
• Text
• Number
• Time
Monitoring
Statistic unit Enter one:
• The unit in which the statistic is measured — for
example, bytes or minutes
• The word “none,” if this is a text statistic
Statistic description Enter a description of the statistic
4. Click the Advanced tab, and do one of the following:

• If you selected Text or Time as the data type, go on to Step 5.
• If you selected Number as the data type, in the Normal values
field, enter a normal value for this statistic — for example, 350KB
— or the word “varies,” if the normal value of the statistic varies.
5. For the field “Is an OS statistic?” the default is No. Check Yes if the
statistic is an operating system or platform statistic.
6. For the field “Is an Activity statistic?” the default is No. Check Yes if
the if the statistic is generated using the Activity Trends Collector
task, and then check one or more of the following:
• Has trended values — If the statistic has both trended and
last-occurrence values.
• Has prime/24-hour values — If the statistic includes values for the
prime shift and for a 24-hour period.
• Is user selectable — If the statistic will be used as a selection — for
example, in a dialog box.
• Used in resource balancing — If the statistic will be used when
balancing resources using the IBM Tivoli Analyzer for Lotus
Domino.

7. For the field “Is a statistic template?” the default is No. Check Yes if
the statistic will be used to create other statistics using a variable —
for example, <portname>.
8. For the field “Useful for thresholds?” the default is No. Check Yes if
this statistic will be used to generate statistic alarms. To use this
statistic in a statistic event generator, you must define a threshold.
Complete these fields:
Field Action
Threshold operator Select the condition against which to evaluate the
threshold:
• Less than
• Greater than
• Multiple of
• Percentage of
Threshold value Enter a number.
Event severity Select the severity that will cause an alarm.
Suggested response (Optional) Enter an explanation of a how to resolve
the event that caused the alarm.
Useful in setup Click Yes to use the statistic during setup and
include this statistic when a new Monitoring
Configuration database (EVENTS4.NSF) is created.
Exporting statistics to a spreadsheet

To perform further analysis, you can export a statistics report to a
spreadsheet.
2. Open the Monitoring Results - Statistics Reports view.
3. Select the report you want to export, and click File - Export.
4. In the Export dialog box, enter a name for the file, and select a file
type.
5. Click Export.
6. For “How much to export,” choose one:
• All documents
• Selected documents
7. For “Detail to incorporate,” check “Include view titles” to include
titles.

Using mail-in statistics
If you can access Notes mail on a server, you can collect statistics from
the server and mail them to yourself. Use mail-in statistics when the
Domino Administrator is not available or you do not have administrator
access to a server.
When you start the Stats task, Domino creates a mail-in database
(STATMAIL.NSF) for the server. The title of the mail-in database is server
Stats/org. For example, for the Everest server in the Acme organization,
the mail-in database is titled Everest Stats/Acme. By default, during
server registration, a Mail-in Database document is created. This
document, which is stored in the Domino Directory, defines the
properties and location of a database that can receive mail. To open the
document from the Domino Administrator, click the People & Groups
tab, and then open the Mail-in Databases & Resources view.
You can mail all or a subset of statistics to yourself. The names of all
statistics are listed on the Configuration tab in the Monitoring
Monitoring
Configuration - Names & Messages (Advanced) view. The category for a
statistic is the first part of the statistic name. For example, the category
for the statistic Disk.C.Free is Disk.
To mail statistics to yourself

2. Choose Create - Mail - Message.
3. Complete these fields, and then send the message:
Field Action
To Enter the title of one or more mail-in databases for one or more
servers.
Subject Do one:
• Enter a statistic category — for example, disk or platform —
to get a subset of statistics.
• Enter the name of one statistic — for example, Disk.C.Free.
• Use an asterisk to indicate a group of specific statistics. For
example, enter Disk.C.* to report all disk statistics for drive C.
• Leave the field blank to mail all server statistics.

Charting statistics
You can graphically display the statistics generated by Domino, by
creating statistics charts. To chart sets of statistics on a regular basis, you
can define statistics profiles. Using statistics charts you can track and
visualize statistics in real time or historically. Real-time charts reflect the
current server activity. Historical charts pull information from the local
Monitoring Results database (STATREP.NSF). You can also create
statistic profiles so that you can chart a specified set of statistics
routinely.
To create statistics charts you must enable the field “Generate statistic
reports while monitoring or charting statistics” in Administration
Preferences, and the Domino server monitor must be running.
For more information on setting Administration Preferences for statistic
monitoring, see the chapter “Setting Up and Using Domino
Administration Tools.”
When you chart statistics, you choose the servers and the statistics to
chart. Using the charting feature you can:
• Create and edit statistic profiles
• Remove existing statistic profiles or combine them into a new one
• Gather historical statistics over a specified period of time
• View the details of each statistic
• View an isolated statistic
• Start and stop real-time charting dynamically
• Use right-click functionality to add a statistic event generator
Note Charting is not available in the Web Administrator.
Creating statistic profiles

You can create a statistic profile to capture information about specific
performance patterns or problems. For example, if your system has a
slow response time, create a profile to gather statistics on memory, buffer
pool size, database cache, and number of users. Then save the statistic
profile so that you can later run the same analysis.
Note Statistic profiles are not available in the Web Administrator.

To create a statistic profile
1. From the Domino Administrator, click the Server - Performance tab.
2. Do one:
• If there are no statistics profiles displayed in the statistic profiles
list, click Add.
• If there is a statistic profile currently displayed, choose
Performance Monitor - Saved Statistics Profiles - New to clear the
list, and then click Add.
3. Select the domain and server for which you are creating the statistic
profile.
4. Choose one:
• Bundled statistics — To create a group made up of predefined sets
of statistics.
• Individual statistics — To create a new group made up of selected
individual statistics.
Monitoring
5. Click the arrow to open a statistic category. Select the specific
statistic, and then click Add.
6. Click Done, choose Performance Monitor - Saved Statistics Profiles -
Save As, and then type a name for the statistic profile.
Displaying and manipulating statistic charts

You can view a chart of historical or real-time performance statistics. Use
a real-time chart to view a current performance problem or assess current
peak usage. Use a historical chart to monitor statistics over period of time.
Note The charting feature is not available in the Web Administrator.
To scale the data
Before you chart statistics that are in vastly different number ranges —
for example, dead mail, which has a usual range of 0 to 10, and disk
space, which might be in gigabytes — enable Autoscale. Disable
Autoscale when you chart statistics that all have a low number range —
for example, from 0 to 500
To change the color of a statistic

2. Click the color bar on the statistic list.
3. In the Line Color dialog box, click the arrow, and do one of the following:
• Click the Notes tab, and select a predefined color.
• Click RGB and then use the sliders or dropper to create a custom
color. When you have the color you want, click the color that
displays in the box.

To change the layout of the panes
You can change the layout of the chart display using the Performance
Monitor menu or the layout button:
1. From the Domino Administrator, click Server - Performance.

2. From one of the Statistics charting views, choose Performance
Monitor - Layout, and then choose one:
• Maximized — To display only the statistic chart.
• Maximum Width — To display the list of statistics and the statistic
chart.
• Maximum Height — To display the statistic chart and the server
pane.
• Restore — To restore the original layout.
To manipulate statistic performance charts
The following table describes ways to view the information on statistics
performance charts.
Task Action
Stop or start the charting Click the Stop/Start button.
Get a numerical representation of Click the statistic in the profile list. Then
a graphical statistic look at the bar area between the profile list
and the chart.
Get a textual representation of Double-click the chart to display a document
the statistic chart that you can edit and print.
Chart an isolated statistic Double-click a graph line.

To add or remove a statistic
You can add or remove a statistic or a server from a statistic chart
without affecting the statistic profile.
1. Select the statistic profile.
2. Do any of the following:
Task Action
Dynamically remove a statistic In the profile list, clear the check box
from the chart displayed next to the statistic.
Dynamically add a statistic Click Add, and then select a statistic.
Dynamically add a server Click the down arrow, and then select a
server.
Dynamically remove a statistic Select a statistic in the profile list, and
then click Remove.
Note Save the profile to keep any changes.
Monitoring
Modifying statistic profiles
To modify a statistic profile, you can add or delete statistics, add servers,
or save or delete the entire profile. To add or remove statistics and
servers from a profile for the current session only, make the changes, but
don’t save the profile.
To modify a statistic profile

2. Select a statistic profile from the list, and do any of the following:
Task Action
Add a statistic 1. Click Add.
2. Select the Domain and server, and then select
the statistic.
3. Click Add Statistic.
Add a server 1. Click the down arrow next to the Add button,
and then click Add Server.
2. Specify the Domain and server, and then click
Add.
Delete (remove) a Select the statistic, and click Remove.
statistic from a profile
Delete the entire profile 1. Select the name of the profile in the Statistics
profile field.
2. Click Performance Monitor - Saved Statistics
Profiles - Delete.

3. To save the profile, do one:
• Click Performance Monitor - Saved Statistics Profiles - Save — To
overwrite the original statistic profile with the changes.
• Click Performance Monitor - Saved Statistics Profiles - Save As —
To save the modified statistic profile under a new name, leaving
the original statistic profile intact.
Domino server monitor

The Domino server monitor displays real-time statistics and provides a
visual representation of the status of servers and server tasks. You can
view all servers or a subset of servers, and you can view the status by
state or by timeline.
The Domino server monitor creates a set of default system profiles that
include all servers, servers in each domain, servers in clusters in each
domain, and servers in the Favorites bookmark file. In addition, you can
create custom profiles that specify the servers, server tasks, and statistics
to monitor. For example, you can create a mail-server profile and select
only server tasks and statistics related to mail delivery.
You can use the server monitor to perform these tasks:
• View server monitor statistics by timeline or by state
• Display past error states only
• Add or remove a server to monitor
• Add or remove server tasks or statistics from a selected server or
from all servers
• Create and edit server monitor profiles
• Move to the Status or Messaging tab to troubleshoot an error report
• Sort statistics columns that have numerical values
• Use right mouse functionality to retrieve additional information
about a statistic
• For numerical statistics, display the difference between the current
statistic and the statistic generated one hour earlier
Note The Domino server monitor is not available in the Web
Administrator.

Starting the Domino server monitor
The Domino server monitor does not start by default; however, you can
change the monitoring defaults in the Administration Preferences so that
it does.
To start or stop the server monitor manually

1. From the Domino Administrator, click the Server - Monitoring tab.
2. Do one:
• To start the server monitor, click the Green arrow. When the
server monitor is running, the arrow changes to a Red stop button.
• To stop the server monitor, click the Red stop button.
To start the server monitor automatically
2. Click File - Preferences - Administration Preferences.
3. Click Monitoring.
Monitoring
4. Enable “Automatically monitor servers at startup.”
For more information on setting Administration Preferences, see the
Viewing the Domino server monitor

The Domino server monitor has two views: By Timeline and By State.
The By Timeline view displays historic information about server status.
The By State view displays real-time statistics and status of server tasks.
By Timeline view
Use the By Timeline view to track the status of server tasks. In this view,
you can see which tasks are having problems and approximately when
the problems occurred. Using the Column scale selector, you can choose
a data display time interval of 1 to 60 minutes. As you increase the time
interval, you increase the summation of the data. You can change the sort
order of both the Server Name and Server Status columns in this view.
By State view
The By State view displays a detailed status of Domino servers and their
associated tasks and statistics. Each server and server task displays a
status indicator that identifies its current state. Using the option “Display
past states reporting errors exclusively,” you can view only error states.
If a statistic is numeric, you can display the difference between the
current statistic value and its value from one hour earlier. A differences
icon appears in the statistic column and points to the previous value. In
this

view, you can change the sort order of the Server Name and Server
Status columns and of any Statistic Value columns that contain numeric
values.
To view the Domino server monitor

2. Choose one view:
• By Timeline — Then set the Column scale selector to a value from
1 to 60 minutes.
• By State — Then to view past errors only, select the check box
“Display past states reporting errors exclusively.”
3. Click Start to start the server monitor.
Note If you enable “Automatically monitor servers at startup” in
the Administration Preferences, the server monitor starts
automatically and monitors the most recently viewed profile.
Setting task status indicators for the Domino server monitor

In the By State view, each task that you monitor has an associated status
level. You determine which status levels to monitor, then each task that
you monitor displays a current status indicator or task error.
For example, you may want to turn off the status indicators for tasks that
are not running or those that are running without a problem. You may,
however, want to see tasks that are generating failure or fatal errors. The
status level indicators display which tasks are generating errors that may
need your attention.
To enable task status indicators

1. From the Domino Administrator, click Server - Monitoring.
2. Check the box to enable the following task indicators:
Indicator Meaning
Fatal The task is running, but fatal errors are being
generated.
Failure The task is running, but failure errors are being
generated.
Warning The task is running, but warning errors are being
generated.
Not responding The task is running slowly.
Not running The task has not been running since the server monitor
started.
Running The task is running without a problem.

Profiles and the Domino server monitor
To facilitate monitoring servers, tasks, and statistics, the Domino server
monitor creates a set of default profiles:
• All servers — Includes all servers in all domains you are monitoring,
as listed in Administration Preferences
• Domain name Domain — Includes all servers in the named domain
• Favorites — Includes all servers in the Favorites bookmark file
• Clusters — Includes clusters within the domains being monitored
By default, the Domino server monitor contacts servers in the currently
displayed profile and any profiles that have been displayed since the
monitor started.
To customize the profiles that the Domino server monitor uses, you can
do any of the following:
• Modify a default profile
Monitoring
• Create a new profile
• Specify the profiles to monitor on startup
Note The Domino server monitor and profiles are not available in the
Web Administrator.
Modifying a default profile in the Domino server monitor

You can add tasks or statistics to a default profile. If you add or remove a
server from a default profile, Domino prompts you to save the profile
with another name.
2. Select a default profile.
3. From the Monitoring menu, select one of the following:
• Monitor New Task
• Monitor New Statistic
• Remove Task
• Remove Statistic
4. Choose one or more tasks or statistics from the task list, and then
click OK.
Note You do not need to save the profile. The change remains in effect
when you end the Domino session

Creating a custom profile in the Domino server monitor
To create a custom profile, you modify a default profile and then save it
with a new name.
2. Select a system profile to modify.
3. To add or remove tasks or statistics, do the following:
a. Select the server whose tasks or statistics you want to modify.
b. From the Monitoring menu, select one of the following:
• Monitor New Task
• Monitor New Statistic
• Remove Task
• Remove Statistic
• Select the task or statistic to add or remove.
4. To add a server, select Monitoring - Monitor New Server, and then
select the server from the list.
5. To remove a server, select the server to remove, and then select
Monitoring - Remove Server.
6. Choose Monitoring - Save as, and enter a new profile name.
Specifying profiles to use when you start the Domino server monitor
By default, the profile that was being monitored when you stop the
server monitor is the profile that will be monitored when you start the
server monitor. To override this default behavior, you can specify which
profiles to monitor when you start the Domino server monitor.
2. Select a server profile.
3. From the Monitoring menu, select Profile Properties.
4. Make sure the name of the profile you want to monitor at startup is
displayed.
5. Check “Contact servers in this profile at startup.”
Tip You can also rename a nonsystem profile in Profile Properties.
Using shortcuts in the Domino server monitor

The Domino server monitor includes shortcuts that provide additional
information on the server and server task status without having to move
from the Server - Monitoring tab.

You can perform the following tasks to troubleshoot server performance
using the Domino server monitor:
• Open a different Domino Administrator tab from the Domino server
monitor
• Display the differences in current and previous statistic values
• View additional information about a server or server task
• Create an event handler for a server that is down
Note The Domino server monitor is not available in the Web
Administrator.
Example using the Domino server monitor

Suppose you are monitoring eight servers and are troubleshooting errors.
Server Hub-E/East/Acme appears at the top of the server list and
displays a failure indicator. In the By State view, you notice that one of
the status indicators is reporting a Failure error. You can tell from the
column which server task is reporting the error, but you still don’t know
what the error is. Hover over a task status indicator or to see a brief
Monitoring
explanation of the problem. To take immediate constructive action on the
server, you select the server, right click and select Display Status Tab.
You are now ready to diagnose and take corrective action from the
Server - Status tab.
Or perhaps you are monitoring 14 servers, and troubleshooting dead
mail statistics (dead.mail). To see which servers have the highest amount
of dead mail, sort the statistic column so that the servers with the most
dead mail messages appear at the top. To get an idea of when the dead
mail really started piling up, locate the cursor in the Dead statistic
column and right click. Select Show Statistic’s Difference to see if the
error occurred within the last hour. To release the dead mail, right click
and select Display Messaging tab to switch to the Messaging - Mail tab.
To open a different Domino Administrator tab from the Domino

server monitor
2. Select a server.
3. From the Monitoring menu, select one:
• Display Status Tab — To view the status and access the Server
Console to issue commands for the selected server
• Display Messaging Tab — To monitor mail tracking for the
selected server

To display differences for statistic values
For numerical statistics, you can display the difference between the
current statistic value and its value from one hour earlier. A delta icon
appears in the statistic column when the earlier, or “differences” value is
displayed. If the server monitor has been running less than one hour, it
displays the difference between the current statistic value and the oldest
value available.
2. Click in the statistic column to select the statistic.
3. From the Monitoring menu, select “Show Statistic’s Difference.”
4. To remove the difference value and icon, click the statistic column,
and chose Monitoring - Show Statistic’s Difference again.
To view additional information about a server or task

2. Do one:
• Server tasks — In either view, locate the cursor in the tasks frame
and hover over the error indicator to see what event cause the
error.
• Servers — In either view, locate the cursor in the server pane and
hover over the error indicator to see what event cause the error.
To create event handlers and event generators

You can generate statistic events and invoke event handlers when a
server goes down or comes back up, when a task reports an error, or
when a statistic has reported a particular threshold.
2. Do one:
• Locate the cursor in the server pane and right click.
• Locate the cursor in the tasks pane and right click. Select “Create
event handler” and then select one of the following to create an
event handler when a task reports an error.
Any Error (Local)
Current Error (Local)
Current Status (Local)
Current Error (On Server)
• Locate the cursor in the statistics pane and right click. Select
“Create event generator” and then select either local or server to
create a new statistics event generator.

Chapter 53
Using the Domino SNMP Agent
This chapter provides information about the Domino Simple Network

Management Protocol (SNMP) Agent and the Domino Management
Information Base (MIB), which allow aspects of Domino to be monitored
and managed by third-party management stations.
The Domino SNMP Agent

The Domino SNMP Agent enhances the monitoring and control features
of Domino by enabling third-party management stations, which use
Monitoring
industry standard SNMP, to manage aspects of the Domino server. It
consists of:
• LNSNMP — An independent application that receives trap
notifications from the Event Interceptor and then sends them to the
management station using the platform-specific, master SNMP
Agent. LNSNMP also handles requests for Domino-related
information from the management station by passing the request to
the QuerySet Handler and responding back to the management
station. LNSNMP includes the:
• Recent Trap Table — A dynamic table stored in LNSNMP
containing the last ten trap notifications sent from the Event
Interceptor.
• Trap Generator — Part of the Domino SNMP Agent that receives
Domino events from the Event Interceptor and sends them to the
management station using the master SNMP Agent.
• QuerySet Handler — An add-in task that queries server statistics
information and sets the value of configurable Domino-based
parameters. The QuerySet Handler returns Domino statistics
information to LNSNMP, which then forwards the information to the
management station using the platform-specific, master SNMP
Agent.
• Event Interceptor — An add-in task that responds to the SNMP Trap
notification for Domino Event Handlers by instructing the Trap
Generator to issue a trap.
53-1
The Domino SNMP Agent’s main functions
The agent provides:
• Out-of-band server status through the MIB
• Control of a Domino server through SNMP
• Real-time alerts on server status
• Forwarding of Domino events as SNMP traps
• Domino statistics through the MIB
The Domino SNMP Agent supports SNMP version 1.
Out-of-band server status through the MIB

The Domino SNMP Agent constantly monitors the status of the server
indirectly through a Domino SNMP Agent server add-in task using IPC
to determine whether the server is up or down. The Domino SNMP
Agent is not a Lotus Notes API application; all of its status information is
gathered out of band.
Control of a Domino server through SNMP

The following three control functions are available through SNMP:
• Stop the Domino server
• Start the Domino server
• Reboot the operating system
Note Rebooting is not supported on the zSeries® (S/390) platform.
As a security feature, these functions are not available by default. Each
function must be configured on a per-server basis.
Real-time alerts on server status

The Domino SNMP Agent constantly monitors the status of the server.
Changes in status are sent as SNMP traps. Real-time alerts on server
status significantly enhance monitoring whether a server is up or down
in three ways:
• The information is provided in real-time.
• The information is available out-of-band. Determining whether the
server is up or down does not require the Notes client or Domino
server.

• The information is qualitatively better. Instead of two states, up or
down, SNMP can determine seven states or events as follows:
Message Status Specific trap Clearing
number trap
number
Domino server is up: [server name] Normal 11 12
(This server has been started by a
console command or using
SNMP.)
Domino server is shut down: Disabled 12 11
[server name] (This server has been
shut down by a console command
or using SNMP.)
Domino server pulse has failed: Warning 13 14
[server name] (This server is
excessively busy or unresponsive
to the SNMP pulse.)
Monitoring
Domino server pulse is restored: Normal 14 13
[server name] (This server is no
longer busy and now responding
to the SNMP pulse.)
System is rebooting (The Domino Informational 15 N/A
SNMP Agent is rebooting the
entire system.)
Domino server is not responding: Critical 16 17
[server name] (This server may
have crashed or hung.)
Domino server is now Normal 17 16
responding: [server name] (This
server is now responding again.)
Note The above traps are all Generic number 6.

The most important additional state is whether the server has been
disabled intentionally. This avoids situations such as paging support staff
during periods of routine maintenance.
The method for determining the server state is a pulse between LNSNMP
and its Domino server add-in tasks (first the QuerySet Handler or else
the Event Interceptor). Traps 13 and 16 get raised only if LNSNMP first
determines that the server is working by communicating with the SNMP
add-in tasks. Traps are not raised if the server starts up with a problem.
Trap 16 will occur if the trap 13 condition persists (server not responding);
in other words, you will see a trap 13 before you see a trap 16.
Using the Domino SNMP Agent 53-3

Forwarding of Domino events as SNMP traps
Forwarding of Domino events is similar to real-time alerts. SNMP traps
are forwarded in real-time as soon as Domino generates them using the
Event server task. Statistics monitors are not strictly real-time because
Domino generates them only periodically using the Collector server task.
One advantage of the Domino SNMP Agent is that it allows these events
to be consolidated across Domino domains.
The text message of the Domino event contains several items of
information that are labeled as follows:
Server — Full name of the originating Domino server.
Type — Event Type (see below).
Severity — Event Severity (see below).
TimeStamp — Time stamp is converted to UNIX Epoch format. Note
that this is the server’s time stamp, not the console’s.
Text — The Event Message (in the local language of the server).
Seq — Assigned by LNSNMP.
Note All of these fields come directly from the Domino server
except for the Seq field.
Type codes are numeric and correspond to the respective Event Types
seen in Domino Event Monitors:
0 Unknown
1 Comm
2 Security
3 Mail
4 Replica
5 Resource
6 Misc
7 Server
8 Statistic
9 Update

Severity codes are numeric and correspond to the respective Event
Severities seen in Domino Event Monitors:
0 Unknown
1 Fatal
2 Failure
3 Warning (high)
4 Warning (low)
5 Normal
Domino statistics through the MIB

Many Domino statistics are available using SNMP. It’s possible to see
which MIB objects are derived directly from Domino statistics by
examining comments in the Domino MIB that begin with the string
“--<<”.
SNMP security
Monitoring
SNMP version 1 is not a secure protocol. SNMP’s native security uses
only community names and IP addresses. All sites should review
deployment of the Domino SNMP Agent with their security staff.
However, the control functions provided by the Domino SNMP Agent do
not present significant security risks (for example, access to the console
or databases is not affected).
Domino SNMP Agent architecture

Domino SNMP Agent services are provided by two types of programs:
• LNSNMP — The Lotus Notes SNMP agent. As an independent
application, LNSNMP is insulated from most Domino server
malfunctions and, by itself, adds negligible overhead to the server.
• Two Domino server add-ins — the QuerySet Handler and the Event
Interceptor.
The QuerySet Handler and the Event Interceptor depend on the
Domino server; if the server fails for any reason, these programs fail
as well.
The following components comprise the Domino SNMP Agent
architecture:
• A platform-specific master SNMP Agent — An independent,
non-Lotus, agent usually supplied with the operating system
platform that provides SNMP services for the machine. This SNMP
Agent transports the SNMP traps and Get/Set responses across the
network to the management station.

• The Domino SNMP Agent consisting of:
• LNSNMP — Which receives trap notifications from the Event
Interceptor and then forwards them to the management station
using the platform-specific SNMP Agent. LNSNMP also handles
requests for Domino-related information from the management
station by passing the request to the QuerySet Handler and
responding back to the management station.
• QuerySet Handler — Which queries server statistics information,
sets the value of configurable Domino-based parameters, and
returns Domino statistics information to LNSNMP, which then
forwards the information to the management station using the
platform-specific master SNMP Agent.
• Event Interceptor — Which responds to the SNMP Trap
notification for Domino Event Handlers by instructing LNSNMP
to issue a trap.
• The Domino MIB — A standard Management Information Base (MIB)
file for Lotus Domino servers that can be compiled and used by a
network management program such as NetView® or OpenView.
The architecture looks like this:
For additional information, refer to your operating system’s or network

management tool’s documentation (such as NetView or OpenView).

About the Domino MIB
The Domino Management Information Base (MIB) covers only the
Domino server and not any other IBM or third-party server add-ins. The
branch (object ID) is named:
iso.org.dod.internet.private.enterprises.lotus.notes
and is numbered 1.3.6.1.4.1.334.72.

The main branches in numeric order are as follows:
• lnInfo — Information about the server provided by the QuerySet
server add-in task. This includes values and sub-branches. The main
sub-branch is lnStats, which contains the Domino statistics organized
into sub-branches that mirror the Domino statistics branches. For
example, the Server.* Domino statistics are in the lnServer
sub-branch. Comments with these objects, beginning with the string
“--<<”, indicate which Domino statistic an object is derived from.
• lnControl — Values provided by LNSNMP including those
Monitoring
monitoring and controlling the server.
• lnInterceptor — An internal branch relating to the Event Interceptor
add-in task.
• lnUnix — An internal branch that supports for NetView for AIX.
• lnMPAInfo — A branch with one value provided by LNSNMP that
gives the version of the Domino SNMP Agent.
Note Some Domino statistics are in floating-point format. SNMP
version 1 does not support floating-point numbers, truncating these
statistics to integers.
System requirements
The following are system requirements for the Domino SNMP Agent:
Windows requirements:
• Windows native TCP/IP.
• Windows SNMP Agent service.
AIX requirements:
• AIX native TCP/IP.
• AIX Master SNMP Agent (snmpd).

Linux requirements:
• Linux native TCP/IP.
• An extensible Master SNMP Agent that supports the SMUX protocol
(RFC 1227), such as UCD-SNMP 4.1 or later (4.2.3 or later is strongly
recommended), or NET-SNMP 5.0 or later. UCD-SNMP and
NET-SNMP are distributed by http://www.net-snmp.org and must
be built to include SMUX support by first running their source
configure script with “--with-mib-modules=smux” as an argument.
Solaris requirements:
• Solaris® native TCP/IP.
• An extensible Master SNMP Agent that supports the SMUX protocol
(RFC 1227), such as PEER Networks OptiMaster Release 1.8a
(included).
zOS (OS/390) requirements:

• OS/390® Version 1 Release 3 TCP/IP for OpenEdition MVS
Applications or OS/390 Version 2 Release 4 TCP/IP.
• The most current PTFs for the zSeries (S/390) platform, which you
can access on www.ibm.com.
Configuring the Domino SNMP Agent

To configure the Domino SNMP Agent, you need to perform a procedure
specific to each platform and then complete the configuration by
performing another procedure that applies to all platforms.
Note Before configuring the Domino SNMP Agent on a partitioned
server, see the topic Special considerations for partitioned servers.
1. Perform the platform-specific procedure:
• Windows
• AIX
• Linux
• Solaris
• OS/390
2. Complete the configuration.

Special considerations for partitioned servers
If you plan to use SNMP on a partitioned server, you should read this
section prior to using SNMP with Domino 6.
There are several different ways to use the Domino SNMP Agent on a
partitioned server.
If you want to use the Domino SNMP Agent on only one of your
partitions, then configure it on that partition just as you would on any
server. Do not configure it on any other partitions. With this option, you
will get full functionality and control for one server partition. It is not
necessary to configure the LNSNMP.INI as described below.
If you want to use the Domino SNMP Agent for out-of-band control on
multiple partitions, configure it on each partition. With this option, you
can control servers individually and receive SNMP traps for each
partition, but you lose the ability to query certain branches of the lnInfo
branch of the MIB, including all Domino server statistics. It’s also not
possible to use SNMP to start a server that hasn’t otherwise been started
Monitoring
since SNMP was itself started. If you don’t need to use SNMP to start
partitions, it is not necessary to configure the LNSNMP.INI as described
below.
If you want to manage multiple partitions and always be able to start their
servers using SNMP, then it’s necessary to configure those partitions into
LNSNMP.INI as described below. Configuring LNSNMP.INI also causes
the virtual rows in the MIB’s lnServerTable to be allocated in the order
specified in LNSNMP.INI instead of in the order that the partitions are
started. The MIB’s lnServerTable contains a virtual row for each partition,
so having prior knowledge about which row will represent a particular
partition could simplify certain management functions.
The Windows operating system limits all SNMP traps to using one IP
address. On UNIX, each partition needs a separate DNS entry in order to
distinguish each trap origin. On the client side, while traps from
partitions will be received, not all SNMP consoles can associate traps
from partitions to map objects. In particular, due to a limitation of
WINSNMP, which is used with OpenView Professional Suite, it cannot
assign traps to Domino icons.
Configuring the LNSNMP.INI file

If you need to always be able to start partitions using SNMP, or if you
need to know which virtual row in the MIB’s lnServerTable a partition
will occupy, then you should perform the following steps.
Note By adding a server to LNSNMP.INI you’re implicitly allowing
SNMP to start that server if asked to do so. The server may then disallow

further SNMP initiated starts once its own configuration options become
known. This situation becomes possible each time the Domino SNMP
Agent is started because the Domino SNMP Agent does not retain server
configuration information when it is stopped.
1. Create a file called LNSNMP.INI in the appropriate directory
depending on platform:
• Windows: Windows System directory
• AIX, Linux or Solaris: /opt/lotus
• zOS (OS/390): /opt/lotus
Note These are the recommended directories. However,
LNSNMP.INI can be in any path in the PATH environment variable
that you like.
2. Edit the file and include one line for each server partition with the
following format:
Server=<Data_Directory>;<Server_Name>;<Domino_Partition_
Number>
Data_Directory: The directory that is the server’s Domino data

directory for a given partition
Server_Name: The name of your Server
Domino_Partition_Number: This value is arbitrary because Domino
no longer uses numbers to uniquely identify partitions. However, for
historical reasons, a value must still be present.
For example, if you have a UNIX server with two partitions and data
directories of /home/domino/venus and /home/domino/saturn,
your LNSNMP.INI file should look like this:
Server=/home/domino/venus;Venus Server;1
Server=/home/domino/saturn;Saturn Server;2
Note The case of the text to the right of the equals sign is significant
in UNIX environments.
Troubleshooting
If LNSNMP does not start properly, then check that the LNSNMP.INI file
is correct. LNSNMP will always attempt to reference the LNSNMP.INI
file.

Configuring the Domino SNMP Agent for Windows
Follow the steps below, once per platform, to configure the Domino
SNMP Agent for Windows.
Note Before using the Domino SNMP Agent, make sure TCP/IP and
SNMP are properly installed and configured on the server. Also, make
sure that the Domino executable and the Domino data directories are in
your search path.
Tip If you need to add the Windows SNMP Service to your system, be
prepared to reinstall any Windows service packs immediately after
adding the Windows SNMP Service.
Tip The Windows SNMP Service is configured by double-clicking the
Network icon in the Control Panel, then selecting the Services tab, then
selecting SNMP Service, and then clicking the Properties button. You will
want to configure appropriate trap destinations and community names
for your remote management infrastructure.
Note The Domino SNMP Agent is configured as a Windows Service
Monitoring
and is set up to run automatically. This means that once the Domino
SNMP Agent is configured, it is virtually always running, even when
Domino is not. If you later upgrade Domino you should stop the
LNSNMP and Windows SNMP Services before beginning the upgrade
process.
1. Stop the LNSNMP and SNMP services. Enter these commands:
net stop lnsnmp
net stop snmp
2. Configure the Lotus Domino SNMP Agent as a service. Enter this

command:
lnsnmp -Sc
3. Start the SNMP and LNSNMP services. Enter these commands:

net start snmp
net start lnsnmp
You have completed the Windows-specific portion of the Domino SNMP

Agent configuration. You should now follow the instructions found in
Completing the Configuration of the Domino SNMP Agent.
Removing the LNSNMP service

If you ever need to undo the configuration of the Lotus Domino SNMP
Agent as a service, enter this command:
lnsnmp -Sd

Configuring the Domino SNMP Agent for AIX
SNMP Agent for AIX.
your search path.
Tip The trap destinations and community names for AIX are configured
in the /etc/snmpd.conf file. You will want to configure appropriate trap
destinations and community names for your remote management
infrastructure. Remember to keep the view identifiers unique for each
trap destination.
Note The Domino SNMP Agent is set up to run automatically. This
means that once the Domino SNMP Agent is configured, it is virtually
always running, even when Domino is not. If you later upgrade Domino
you should stop the LNSNMP process before beginning the upgrade
process.
Note All the following commands should be executed as the root user.
1. Stop the LNSNMP process. Enter this command:
lnsnmp.sh stop
2. Stop the SNMPD subsystem. Enter this command:

stopsrc -s snmpd
3. Configure SNMPD to accept LNSNMP as an SMUX peer. Add the

following line to /etc/snmpd.peers:
"Lotus Notes Agent" 1.3.6.1.4.1.334.72 "NotesPasswd"
4. Configure SNMPD to accept an SMUX association from LNSNMP.

Add the following line to /etc/snmpd.conf:
smux 1.3.6.1.4.1.334.72 NotesPasswd
5. Start the SNMPD subsystem. Enter this command:

startsrc -s snmpd
6. Start the LNSNMP process. Enter this command:

lnsnmp.sh start
7. Create a link to the LNSNMP script. Enter this command, changing

the Domino executable path if necessary:
ln -f -s /opt/lotus/notes/latest/ibmpow/lnsnmp.sh
/etc/lnsnmp.rc

8. Arrange for LNSNMP to be restarted after a reboot. Add the
following line to the end of /etc/rc.tcpip:
/etc/lnsnmp.rc start
You have completed the AIX-specific portion of the Domino SNMP

Configuring the Domino SNMP Agent for Linux

SNMP Agent for Linux.
SNMP are properly installed and configured on the server. If you are
using UCD-SNMP or NET-SNMP its source should have been configured
and built with “--with-mib-modules=smux” set. If you are not using
UCD-SNMP or NET-SNMP verify your Master SNMP Agent supports
the SMUX protocol, per RFC 1227. Also, make sure that the Domino
Monitoring
executable and the Domino data directories are in your search path.
Tip If you are using UCD-SNMP or NET-SNMP the trap destinations
and community names are configured in the
/usr/share/snmp/snmpd.conf file. Otherwise, refer to the
documentation for the master agent technology you are using. You will
want to configure appropriate trap destinations and community names
for your remote management infrastructure.
you should stop the LNSNMP process before beginning the upgrade
process.
lnsnmp.sh stop
2. Stop the Master SNMP Agent. If you’re using UCD-SNMP or

NET-SNMP enter this command:
/etc/rc.d/init.d/snmpd stop
If you’re not using UCD-SNMP or NET-SNMP refer to your Master

SNMP Agent’s documentation.

3. Configure the Master SNMP Agent to accept LNSNMP as an SMUX
peer. If you’re using UCD-SNMP or NET-SNMP add the following
line to /usr/share/snmp/snmpd.conf:
smuxpeer 1.3.6.1.4.1.334.72 NotesPasswd

4. Start the Master SNMP Agent. If you’re using UCD-SNMP or
NET-SNMP enter this command:
/etc/rc.d/init.d/snmpd start

lnsnmp.sh start
6. Arrange for LNSNMP to be restarted after a reboot. Enter these

commands, changing the Domino executable path and default run
levels if necessary:
ln -f -s /opt/lotus/notes/latest/linux/lnsnmp.sh
/etc/rc.d/init.d/lnsnmp
chkconfig --add lnsnmp
chkconfig lnsnmp on
You have completed the Linux-specific portion of the Domino SNMP

Configuring the Domino SNMP Agent for Solaris

SNMP Agent for Solaris.
Note Before using the Domino SNMP Agent, make sure TCP/IP is
properly installed and configured on the server. The steps below will
install a suitable Master SNMP Agent, but if you already use a Master
SNMP Agent that supports the SMUX protocol, per RFC 1227, you may
use that instead. Also, make sure that the Domino executable and the
Domino data directories are in your search path.
Tip If you will be installing the PEER Master agent, then the trap
destinations and community names are configured in the
/etc/peer.snmpd.conf file. Otherwise, refer to the documentation for the
master agent technology you are using. You will want to configure
appropriate trap destinations and community names for your remote
management infrastructure.

you should stop the LNSNMP process, and the PEER Agent(s) if
applicable, before beginning the upgrade process.
lnsnmp.sh stop
2. Stop the Master SNMP Agent. If you’re using the PEER Agent(s)
enter this command:
peerinit.sh stop
If you’re not using the PEER Agent(s) refer to your Master SNMP
Agent’s documentation.
3. Install or configure the Master SNMP Agent. If you’re going to be
using the PEER Master Agent, it’s already configured for LNSNMP;
Monitoring
enter the following commands to install it, changing the Domino
executable path if necessary:
ln -f -s /opt/lotus/notes/latest/sunspa/peer.snmpd /etc
cp /opt/lotus/notes/latest/sunspa/peer.snmpd.conf /etc
If you’re using another Master SNMP Agent refer to its

documentation for how to configure LNSNMP as an SMUX Peer.
The three parameters associated with SMUX authentication for
LNSNMP are:
Description: Lotus Notes Agent
Identity: 1.3.6.1.4.1.334.72
Password: NotesPasswd
4. Start the Master SNMP Agent. If you’re using the PEER Agent(s)
enter this command:
peerinit.sh start
lnsnmp.sh start
6. Create a link to the LNSNMP script. Enter this command, changing

the Domino executable path if necessary:
ln -f -s /opt/lotus/notes/latest/sunspa/lnsnmp.sh
/etc/init.d/lnsnmp

7. Arrange for LNSNMP to be restarted after a reboot. Enter these
commands:
ln -f -s /etc/init.d/lnsnmp /etc/rc2.d/S77lnsnmp
ln -f -s /etc/init.d/lnsnmp /etc/rc1.d/K77lnsnmp
8. Create a link to the PEER script, if you’re using the PEER Agent(s).
Enter this command, changing the Domino executable path if
necessary:
ln -f -s /opt/lotus/notes/latest/sunspa/peerinit.sh
/etc/init.d/peerinit
9. Arrange for the PEER Agent(s) to be restarted after a reboot, if you’re

using them. Enter these commands:
ln -f -s /etc/init.d/peerinit /etc/rc2.d/S76peer.snmpd
ln -f -s /etc/init.d/peerinit /etc/rc1.d/K76peer.snmpd
You have completed the Solaris-specific portion of the Domino SNMP
Configuring the PEER Encapsulator Agent with other master agents

If you installed the PEER Master Agent above, but were using another
Master SNMP Agent and need to continue using it, you should read the
remainder of this section.
Most Network Management Stations (NMS) view managed objects on a
host through a single SNMP Agent. The NMS will usually direct its
SNMP requests to an agent listening on port 161. Because only a single
SNMP Agent can be listening at port 161, this limits the NMS to
managing only the variables accessible to the one agent listening at that
port. If you install the PEER Master agent, it will listen on port 161, so
that all queries directed to that host will go to the PEER Master agent.
If you already have non-PEER master agents installed on that host, they
too will want to listen on port 161, so you need to reconfigure these
non-PEER agents to listen on other ports. Then, configure the PEER
Encapsulator agent to emulate an NMS and pass on the appropriate
SNMP requests from the PEER Master agent to the encapsulated agents
at their respective ports. The PEER Encapsulator agent works by hiding
the non-PEER agents, so they are visible to the NMS only through the
PEER Master agent.
Configure the PEER Encapsulator agent to recognize non-PEER agents,
respective sub-trees, SNMP ports, and traps. Then when a non-PEER

agent sends a trap, the PEER Encapsulator agent listening for the trap
forwards it up to the PEER Master agent or discards it, as configured.
When the PEER Master agent receives an NMS SNMP request about an
encapsulated agent’s managed sub-tree, it passes it on to the
Encapsulator agent which, in turn, forwards the request to that
encapsulated agent at its listening port.
To install the PEER Encapsulator Agent enter these commands:
ln -f -s /opt/lotus/notes/latest/sunspa/peer.encaps /etc
cp /opt/lotus/notes/latest/sunspa/peer.encaps.conf /etc
To configure the PEER Encapsulator Agent edit the

/etc/peer.encaps.conf file, using the comments as a guide. Refer to your
other Master SNMP Agent’s documentation for information about
configuring it.
To start the PEER Encapsulator Agent enter this command:
peerinit.sh start
Monitoring
This is the same command script used to start the PEER Master Agent
and is responsible for both Agents if they’re both installed. Therefore, if
you already configured the PEER Master Agent to restart automatically
after a reboot, the PEER Encapsulator Agent will also restart
automatically.
Configuring the Domino SNMP Agent for zOS (OS/390)

SNMP Agent for zOS (OS/390).
your search path.
Tip Trap destinations are defined in the SNMPTRAP.DEST dataset.
You will want to configure appropriate trap destinations and community
names for your remote management infrastructure.
lnsnmp
Note Automatic start of the Domino SNMP Agent is not supported on

zOS (OS/390).
You have completed the OS/390-specific portion of the Domino SNMP

Completing the Configuration of the Domino SNMP Agent
Once you’ve performed the platform-specific configuration steps, follow
these steps, which apply to all platforms, to complete the configuration of
the Domino SNMP Agent. Repeat these steps as necessary for each
Domino partition.
Starting the Domino server add-in tasks

1. To support SNMP queries, start the QuerySet add-in task. Enter this
command on the Domino Server console:
load quryset
2. To support SNMP traps for Domino events, start the Event Interceptor
add-in task. Enter this command on the Domino Server console:
load intrcpt
3. To support Domino statistic threshold traps, start the Statistic

Collector add-in task. Enter this command on the Domino Server
console:
load collect
4. Arrange for the add-in tasks to be restarted automatically when

Domino is next restarted. Add quryset and/or intrcpt and
collect to the ServerTasks variable in Domino’s NOTES.INI file.
Configuring traps for Domino events

Once the Domino SNMP Agent is configured, your SNMP management
console is able to receive traps for basic SNMP events for that server (for
example, server down). Additional configuration is required to receive
traps for Domino events. You must create appropriate Event Handlers in
the Domino Monitoring Configuration database. The Event Handler’s
Notification Method must be set to SNMP Trap, and the Notification
Server must be set to an asterisk.
For more information about Event Handlers, see the chapter “Monitoring
Configuring statistic threshold traps

You can receive SNMP traps for Domino statistics that exceed a specified
value when you have configured appropriate Statistic Event Generators
and appropriate Event Handlers in the Domino Monitoring Configuration
database. Domino must also be running the Statistic Collector and Event
Interceptor add-in tasks. The Notification Method of the Event Handler must
be set to SNMP Trap, and the Notification Server must be set to an asterisk.
For more information about creating Statistic Event Generators and
Event Handlers, see the chapter “Monitoring the Domino Server.”

Enabling the SNMP Agent to start or stop a Domino server
You can start or stop Domino servers from a remote management console
using the Domino SNMP Agent. To do so, you must enable the Domino
SNMP Agent to start or stop a specific server. By default, the Domino
SNMP Agent does not allow the remote server to start or stop. You do
not need to modify a server’s Configuration Settings unless you want to
enable the Domino SNMP Agent to start or stop that server.
Note If the server ID is password protected, then the Domino SNMP
Agent cannot be used to remotely restart a Domino server because
SNMP cannot pass a password parameter to the server.
Note It may not be possible for SNMP to start a server until that server
has first identified itself to the Domino SNMP Agent. This situation can
be overcome by putting information about the server into the lnsnmp.ini
file. For additional information see Special Considerations for a
Partitioned Server.
The Allow Server Start and Allow Server Stop configuration options can
Monitoring
be found in the SNMP tab of a server Configuration Settings document.
For more information about server Configuration Settings documents,
see the chapter “Setting Up Mail Routing.”
Enabling the SNMP Agent to reboot the system

You can reboot the system from a remote management console using the
Domino SNMP Agent. To do so, you must enable the Domino SNMP
Agent to reboot the system. By default, the Domino SNMP Agent does
not allow remote system reboot. You do not need to modify a server’s
Configuration Settings unless you want to enable the Domino SNMP
Agent to reboot the system.
Note Rebooting is not supported on the zSeries (S/390) platform.
Note In the case of a partitioned server, all running partitions must
agree that it’s permissible to reboot the system. If one running partition is
configured to not allow a system reboot then the reboot will not be
performed.
The Allow System Reboot configuration option can be found in the
SNMP tab of a server Configuration Settings document.
For more information about server Configuration Settings documents,
see the chapter “Setting Up Mail Routing.”
To initiate a system reboot the remote management console must set the
lnRemoteReboot MIB object.

Manually starting and stopping the Domino SNMP Agent
Normally, after you’ve completed the configuration of the Domino
SNMP Agent, it starts automatically when you restart the system. If you
need to, you can stop the agent, then restart it manually.
Windows
To stop the Lotus Domino SNMP Agent service, enter this command:
net stop lnsnmp
To start the Lotus Domino SNMP Agent service, enter this command:
net start lnsnmp
AIX
To stop the lnsnmp process, enter this command as root:
/etc/lnsnmp.rc stop
To start the lnsnmp process, enter this command as root:

/etc/lnsnmp.rc start
Linux
/etc/rc.d/init.d/lnsnmp stop

/etc/rc.d/init.d/lnsnmp start
Solaris
/etc/init.d/lnsnmp stop

/etc/init.d/lnsnmp start
To stop the PEER Agent process(es), enter this command as root:

/etc/init.d/peerinit stop
To start the PEER Agent process(es), enter this command as root:

/etc/init.d/peerinit start

zOS (OS/390)
To start the lnsnmp process, type the lnsnmp command from an
OpenEdition command line. The command and its parameters are shown
below:
lnsnmp [-I ipaddress] [-C community] [-P dpiport]
All parameters are optional. The defaults are as follows:

• ipaddress: the value returned from GETHOSTBYNAME.
• community: public
• dpiport: 161. The value must match the value in the SNMP
configuration file (SNMP.PORT).
Using the Domino MIB with your SNMP management station

To access any Domino server’s objects in the Domino MIB, you must load
the Domino MIB on your SNMP management station. Refer to your
Monitoring
management station documentation for details on adding MIBs. The
name of the Domino MIB file is domino.mib. This file can be found in the
Domino executable directory of any Domino 6 server.
Note Unlike previous releases of the Domino SNMP Agent, the Domino
MIB is actually used by the Domino 6 server, specifically the QuerySet
add-in task, so a copy of the Domino MIB must remain in the Domino
executable directory.
If you are running multiple versions of the Domino SNMP Agent in your
network, for instance, because of migration, your management stations
should use the MIB corresponding to the latest installed version of the
Domino SNMP Agent.
Configuring traps for HP OpenView

In order to translate Domino SNMP traps into readable messages in the
alarm log of HP OpenView, you must use the Domino SNMP Trap
Definition File.
To configure the Trap Definition File, follow these steps:
1. Copy the Trap Definition File, DOMINO.TDF, to your management
workstation. This file can be found in the Domino executable
directory of any Domino 6 server.
2. Choose Monitor - Customize Traps.
The Customize Trap Alarms dialog appears.

3. Click Load Traps.
The Load Traps Definition File dialog appears.
4. Select the Trap Definition File, domino.tdf, that you copied in step 1.
5. Click OK.
The Load Device Traps dialog box appears.
6. Select 1.3.6.1.4.1.334.72 in the Device Class field.
7. Click OK.
The Customize Trap Alarms dialog reappears.
8. Click OK.
Configuring traps for Domino events

The default states for Domino event traps can be configured in
OpenView for Windows with the DOMINO.TDF file. The entries are:
0=1,FirstEntry,2,LOG,MAP,BELL,NONE,NONE,NONE,X0,$5
1=2,0,0,LOG,MAP,BELL,NONE,NONE,NONE,X1,$5
2=3,1,7,LOG,MAP,NOBELL,NONE,NONE,NONE,X2,$5
The third field after the equals sign controls the OpenView severity (see
section “Trap Definition Entry” in the OpenView Programmer’s Guide):
4 - Unknown
11 - Unmanaged
2 - Informational
9 - Disabled
3 - Normal
10 - Marginal
1 - Warning
8 - Minor
7 - Major
0 - Critical
You could also customize the BELL | NOBELL option.

Configuring traps for NetView for AIX
Adding traps
If you are using NetView for AIX as your management platform and
using the Domino SNMP Agent to forward Domino events, you can
make these events more readable by performing the following
configuration:
1. Copy the trap configuration script, addtraps.sh, to your management
workstation. This file can be found in the Domino executable
directory of any Domino 6 server.
2. Stop the NetView demons. Enter this command:
ovstop
3. Start the NetView demon trapd. Enter this command:

ovstart trapd
Having traps running causes traps to be updated as the script runs.

See the NetView trapd man pages for more details.
Monitoring
4. As root, run the trap configuration script, addtraps.sh, that you
copied in step 1. Enter this command:
sh addtraps.sh
You receive a message for each trap added.

5. Restart NetView. Enter this command:
ovstart
Removing traps
To remove these traps, log in as root, and run:
removetrap -n "Notes"
Upon completion, you receive the message “Enterprise has been

removed.”

Troubleshooting the Domino SNMP Agent
Check Server Tasks
If an Agent function is not working, first check that the QuerySet
Handler and Event Interceptor server add-in tasks are running by using
the Show Tasks command on the Domino console. You can do this
remotely if you are authorized. If neither task is running, then the SNMP
Agent will report that the server is down.
Check MIB Values using the SNMP Management Station

Query the MIB remotely to determine which components are up and
running. There are three components in the SNMP architecture for MIB
variables:
• The platform-specific Master SNMP Agent
• The Domino SNMP Agent
• The QuerySet Handler
Each can respond to MIB requests. You can test them together or
sequentially to determine which pieces are responding. You should use
the community name configured into your Master SNMP Agent.
Test the:
• Base system MIB variable, for example,
iso.org.dod.internet.mgmt.mib-2.system.sysDescr (.1.3.6.1.2.1.1.1.0),
to determine if the platform’s SNMP Agent is working and to find
out which version of the platform-specific Master SNMP Agent is
running.
If this fails, you can (ICMP) ping the server to determine if TCP/IP is
responding. If TCP/IP is running, check the community name used
by the server’s Master SNMP Agent. If you cannot verify the
community name, try the “public” community name.
Refer to your SNMP management software documentation for
specific instructions.
• MIB variable to determine if the Domino SNMP Agent is working,
for example, iso.org.dod.internet.private.enterprises.lotus.notes.mp
aInfo.lnMainProxyAgentVersion (.1.3.6.1.4.1.334.72.100.1.0), which
indicates the version of the Domino SNMP Agent.
QuerySet sends a “heartbeat” to the Domino SNMP Agent every few
seconds. If the Domino SNMP Agent is not running, you will receive
the following message for each failed heartbeat at the Domino server
console:
Lotus Domino SNMP Agent is not available.

The message stops if you start the agent or tell the QuerySet Handler
to quit running.
• MIB variable to determine if the QuerySet Handler is working, for
example,
iso.org.dod.internet.private.enterprises.lotus.notes.lnInfo.lnQSBuild
Number (.1.3.6.1.4.1.334.72.1.5.0), which indicates the version of the
QuerySet Handler.
If the other variables are successful, but the QuerySet Handler is not
responding, verify that the task is running using the Show Tasks
command on the Domino console. You can perform this test remotely if
you are authorized, or you can open a database, such as the Domino
Directory, with the Notes client to verify the server is running.
Caution Every 30 seconds, the Domino SNMP Agent tests whether the
QuerySet Handler is responding. If this test fails you will receive a
Warning trap “Domino Server pulse has failed.” This is usually a
temporary problem because the server is overloaded. If the condition
Monitoring
lasts 5 cycles, however, you will get a Critical trap “Domino Server is not
responding.” This means that the server may have crashed or hung. In
either case, while it is occurring you will not be able to query the Domino
MIB. When the pulse returns, you will receive a canceling trap message
that the server pulse is restored.

Chapter 54
Using IBM Tivoli Analyzer for Lotus Domino
This chapter describes the IBM Tivoli® Analyzer for Lotus Domino and
explains how you use it to monitor system health, analyze resource
distribution, and balance resources. The IBM Tivoli Analyzer for Lotus
Domino includes the Server Health Monitor and Activity Trends.
IBM Tivoli Analyzer for Lotus Domino

The IBM Tivoli Analyzer for Lotus Domino includes two integrated
system-management tools: the Server Health Monitor, which offers
Monitoring
real-time assessment and recommendations for server performance, and
Activity Trends, which provides data collection, data exploration, and
resource balancing. Using these tools, you can manage servers and
databases, ensure better server performance, and plan for current and
future needs.
The IBM Tivoli Analyzer for Lotus Domino is a separate product offering
from Tivoli Systems.
The Server Health Monitor determines server health by calculating
health statistics and comparing them against preset thresholds. The
Server Health Monitor reports the information, pinpoints problematic
server components, and provides short-term and long-term
recommendations for restoring server health.
Activity Trends collects and stores activity statistics as current
observations and historical trends. The activity statistics relate to the
server, databases, users, and connections of users to databases. You can
explore the collected data to see how database workload is distributed
across servers. Using the data, Activity Trends recommends a
resource-balancing plan. Then, working with the Domino Change
Manager, which is a part of the Domino server, Activity Trends provides
a workflow that facilitates implementing the recommended changes.
54-1
Server Health Monitor
In Domino, performing traditional performance troubleshooting
involves:
• Using event generators and notifications and Domino server
monitoring to perform real-time data-analysis
• Using information from the server log (LOG.NSF), the Monitoring
Results database (STATREP.NSF), and the Administration Requests
database (ADMIN4.NSF) to perform historical data-analysis
• Using Domino Directory documents and NOTES.INI settings to
customize the server configuration
The Server Health Monitor extends the usefulness of traditional
performance troubleshooting by automatically calculating health
statistics, comparing those statistics to predefined thresholds, and
reporting on overall server health. If the server health rating is Warning
or Critical, a health report, which is stored in the Health Monitoring
database (DOMMON.NSF), suggests short-term and long-term
recommendations for tuning the server and returning its performance
status to Healthy.
The Server Health Monitor is incorporated into the Domino server
monitor, which is part of the Domino Administration client. All health
statistics generated by the Server Health Monitor are local to the Domino
Administration client.
For each server being monitored, the Server Health Monitor reports a
health rating for the server and for all enabled individual server
components — namely, CPU, disk, memory, and network utilization;
NRPC name lookup; mail delivery latency; and server, HTTP, LDAP,
and IMAP response.
The health rating of each server and server component is based on a
collection of indices. Health ratings, such as healthy, warning, or critical,
are assigned, based on these index values. Each index has a calculated
value between 0 and 100. These values are based on server health
monitoring assessment algorithms and rules. Each index has two related
thresholds: a warning threshold and a critical threshold. When the index
value is less than both thresholds, the server or server component is rated
Healthy. When the index value is greater than the warning threshold, the
server or server component is rated Warning. When the index value is
higher than the critical threshold, the server performance is judged to be
Critical and requires immediate attention.

The Server Health Monitor includes threshold values for each index on
these platforms: AIX, IBM eServer iSeries (OS400), IBM eServer zSeries
(Z/OS), Linux/Intel, Solaris/Sparc, Windows NT and Windows 2000.
You can modify the thresholds to customize server assessment for each
platform. You reduce or increase the thresholds to make the algorithms
more or less sensitive.
Health Monitoring reports on each server area for which data can be
retrieved. If no data is available, nothing is reported for that component.
You can customize this behavior by specifying which servers you want to
monitor. You can exclude any component from the health report, which
is useful for filtering out known situations about which you don’t want to
be constantly reminded.
If you use the Server Health Monitor, the Current Reports view of the
Health Monitoring database (DOMMON.NSF) displays a health rating
for each monitored server and server component.
Monitoring
Table of Server Health Monitor statistics
The Server Health Monitor reports a statistic for the overall server and
for individual components. Each statistic corresponds to a rating.
Occasionally, the Server Health Monitor assigns the rating of Unknown.
This happens when the Domino Administration client workstation
performs at 100 percent of its CPU capacity for an extended period of
time. If this happens you may need to make some adjustments to
improve the performance of the Server Health Monitor.
Server Health reports are stored in the Health Monitoring database
(DOMMON.NSF).
For information on how to improve the performance of the Server Health
Monitor, see the topic “Improving the performance of the Server Health
Monitor,” later in this chapter.
Using IBM Tivoli Analyzer for Lotus Domino 54-3

Overall server health statistics
Statistic Rating Explanation
0 = Health.Overall.Value Never Seen The server has never been
seen running during the
current server monitor
session.
0 < Health.Overall.Value Healthy The server is performing
and within acceptable levels
Health.Overall.Value < of tolerance.
Health.Overall.Threshold.Warning
Health.Overall.Threshold.Warning < = Warning One or more server
Health.Overall.Value components are
and approaching
Health.Overall.Value < unacceptable levels of
Health.Overall.Threshold.Critical poor performance.
Health.Overall.Threshold.Critical <= Critical One or more server

Health.Overall.Value components are failing to
and perform acceptably.
Health.Overall.Value <= 97
98 = Health.Overall.Value Critical One or more server tasks
issued a fatal error
message.
99 = Health.Overall.Value Critical One or more tasks are not
responding.
100 = Health.Overall.Value Server The server is not
Down responding.

Component health statistics
Overall health ratings are based, in part, on component health statistics
values.
Statistic Rating Explanation

0 = Health.*.Value Never Seen The component is not being
monitored.
0< Health.*.Value Healthy The component is performing
and within acceptable levels of
Health.*.Value < tolerance.
Health.*.Threshold.Warning
Health.*.Threshold.Warning <= Warning The component is approaching
Health.*.Value unacceptable levels of poor
and performance.
Health.*.Value<
Health.*.Threshold.Critical
Monitoring
Health.*.Threshold.Critical <= Critical The component is failing to
Health.*.Value and perform acceptably.
Health.*.Value <= 97
98 = Health.*.Value Fatal The task associated with the
component issued a fatal error
message.
99 = Health.*.Value Not The task associated with the
Responding component is not responding.
Table of Server Health Monitor ratings

The Current Reports view of the Health Monitoring database
(DOMMON.NSF) displays the assigned rating for each enabled server
and server component. When a server rating is Warning or Critical, the
Overall Health Report provides recommendations for correcting the
problems.
Server ratings
Rating Description
Never Seen The server has never been seen running during the current
server monitor session.
Healthy The server is performing within acceptable tolerances.
continued

Rating Description
Warning One or more server components are approaching
unacceptable levels of poor performance.
Critical The server is experiencing one or more of these critical
problems:
• One or more server components are failing to perform
acceptably
• One or more tasks on the server have issued a fatal error
• One or more tasks on the server are not responding
Server Down The server is not responding; therefore, it isn’t responding to
requests for statistics.
Component ratings
Rating Description
Healthy The server component appears to be running correctly.
Warning The server component is approaching unacceptable levels of
poor performance.
Critical The server component is failing to perform acceptably.
Fatal The task related to this component has issued a fatal error.
Not Responding The task related to this component is not responding.
Server Health Monitor configuration

The Server Health Monitor is part of the IBM Tivoli Analyzer for Lotus
Domino.
For information on the license required to use the Server Health Monitor,
see the topic “Installing the IBM Tivoli Analyzer for Lotus Domino,” later
in this chapter.
To set up the Server Health Monitor, complete these procedures:
1. Install the IBM Tivoli Analyzer for Lotus Domino.
2. Start the Domino server monitor.
Installing the IBM Tivoli Analyzer for Lotus Domino

To install the IBM Tivoli Analyzer for Lotus Domino:
1. Make sure you have installed the Domino Administrator.
2. Run the install program (SETUP.EXE) from the Tivoli Analyzer
directory.

For more information about installing the Domino Administrator, see the
chapter “Setting Up and Managing Notes Users.”
The IBM Tivoli Analyzer for Lotus Domino is a separate product offering
from Tivoli Systems. To learn more about how this integrated system
management tool can help manage your servers and databases, ensure
better performance, and help you plan for current and future needs, visit
http://www.ibm.com/software/tivoli/r/analyzerfordomino or contact
your Tivoli sales representative or Business Partner.
Setting up the Server Health Monitor

To create Server Health Monitor reports and historical charts, you must
enable both the Server Health Monitor and statistic reporting.
1. From the Domino Administrator, choose File - Preferences -
Administration Preferences.
2. Click Monitoring, and then check “Generate server health statistics
and reports.”
Monitoring
3. For “Poll servers every n minutes,” enter a value from 1 to 60
minutes.
Tip The higher the number of servers to monitor, the larger the
polling interval to enter. For timely monitoring, enter a value
between 1 and 10.
4. (Optional) To start the server monitor automatically, check
“Automatically monitor servers at startup.”
5. Click Statistics, and then check “Generate statistic reports while
monitoring or charting statistics.”
6. For “Generate reports every n minutes,” enter a value greater than or
equal to the server polling interval specified in Step 3.
7. Wait a few minutes longer than the polling interval, and then open
the Health Monitoring Database (DOMMON.NSF) to see the Health
report.
Before you start the Server Health Monitor

The Server Health Monitor does not require any specific Domino server
configuration, but you can generate more accurate reports by following
these guidelines:
• Enable platform statistics on the server. Platform statistics are
enabled, by default, in Domino 6. Follow the specific instructions for
your platform. You may need to perform additional steps to ensure
that platform statistics are working and are fully enabled on your
platform.

• Make sure you have at least View-only Administrator rights for
every server you want to monitor.
• Use a TCP server event generator as a self probe to create Quality of
Service (QOS) statistics.
For information on setting up platform statistics and using TCP Server
Event Generators, see the chapter “Monitoring the Domino Server.”
Starting the Server Health Monitor

To start the Server Health Monitor, you start the Domino server monitor,
which automatically monitors the most recently viewed server profile or
profiles that you configured to run in the background. The Domino
server monitor does not begin on startup by default.
To start and stop the Domino server monitor manually

2. Click the Green arrow in the upper-right of the task screen. When the
server monitor is running, this arrow toggles to a red Stop button.
3. To stop the server monitor, click Stop.
To start the Domino server monitor automatically

2. Click File - Preferences - Administration Preferences.
3. Click Monitoring.
4. Enable “Automatically monitor servers at startup.”
For more information on the Domino server monitor and server profiles,
see the chapter, “Monitoring the Domino Server.”
Using the Server Health Monitor

Using the Server Health Monitor, you can perform these tasks to monitor
the health of servers and server components:
• Specify which server components to monitor
• Enable statistic alarms
• Modify threshold values for server components
• Create health reports
• Excluding a server from monitoring by the Server Health Monitor
• Change the purge interval for historical health reports
• Improve the performance of the Server Health Monitor

Selecting server components to include in health reports
Each server you monitor has a Health Monitoring Configuration
document in the Health Monitoring database (DOMMON.NSF). This
document specifies the server components you want to include in health
reports. Based on statistics and task information obtained from the
server, the Server Health Monitor automatically determines which
components to include in health reports. For example, if the HTTP task is
not running on a particular server, then the Server Health Monitor
automatically excludes the HTTP component from any analysis.
Occasionally, you may want to exclude a component manually. For
example, if you know that a particular server has a disk I/O bottleneck,
exclude the Disk Utilization component so that it doesn’t adversely affect
the server’s overall health rating.
Server components that are selecting components manually display a
pencil icon next to the server name. If there is no pencil icon, the
components are being selected automatically.
Monitoring
To select server components to include
2. From the menu, choose Monitoring - Display Health Reports, and
then open the Configuration view.
3. Choose Server Components.
4. Choose the server you want to modify, and click Edit Server
Document.
5. Under “How should component indices be enabled?” choose one:
• Automatic — to allow the Server Health Monitor to select the
components to include in health reports, based on which server
tasks are running.
• Custom — to manually select the components to include in health
reports. Statistics for selected components are included in health
reports, whether the server task is running or not.
To reset server component select to automatic.

2. From the menu, choose Monitoring - Display Health Reports, and
then open the Configuration view.
3. Choose Server Components.
4. Choose the server you want to modify, and click Edit Server
Document.
5. Click “Restore Automatic Selections” and click OK.

Setting up statistic alarms for the Server Health Monitor
Just as you create an event generator for a Domino system statistic, you
create an event generator for a health statistic. Then when the statistic
does not meet the defined threshold, an event is generated. For an event
to be created, however, you must enable statistic alarms. Then, the first
time a statistic alarm is reported, an event is generated and reported to
the Monitoring Results database (STATREP.NSF). In addition to an
alarm, you can create an event handler to notify you of the event. Event
generators and event handlers are stored in the Monitoring
Configuration database (EVENTS4.NSF).
For more information on creating event generators and event handlers,
see the chapter “Monitoring the Domino Server.”
To enable statistic alarms

1. From the Domino Administrator, choose File - Preferences -
2. Click Statistics, and then check “Check statistic alarms while
monitoring or charting statistics.”
3. For “Check alarms every <n> minutes (greater than monitoring poll
interval)” enter a value that is greater than the server polling value.
The default is 15.
Tip If you are not sure what the polling value is, click Monitoring
and locate the value for “Poll servers every <n> minutes (1-60 mins).”
For more information on setting Administration Preferences for server
monitoring, see the chapter “Setting Up and Using Domino
Administration Tools.”
Modifying threshold values for the Server Health Monitor

The Index Thresholds view in the Health Monitoring database
(DOMMON.NSF) displays the threshold values for each platform. To
modify the sensitivity to a particular component, change the threshold
value. For example, if you want to run your networks with higher
utilization for servers running on a specific platform, increase the
threshold for the Network Utilization component for the platform.
Keep these considerations in mind if you decide to modify threshold
values. First, have a strategy in mind before you change the them. Your
strategy should address your system performance needs and reflect your
philosophy toward managing servers. Second, if you change threshold
values remember that you have done so. Changing any system
configuration parameters or adjusting user workload behavior might also
have a future impact on these settings. And finally, remember that

changing threshold values inappropriately may result in health values
that do not accurately reflect server capacity and availability. If you get
results that seem inaccurate, restore the default threshold values.
To modify a threshold value

2. From the menu, choose Monitoring - Display Health Reports.
3. Under Configuration, choose Index Thresholds.
4. Choose the operating system whose threshold you want to change,
and choose “Edit Threshold Document.”
5. Change the value for the Warning Threshold and/or Critical
Threshold.
6. Click OK.
If you later decide to restore the default threshold values, perform Steps
1 through 5 above and then click Restore Defaults.
Monitoring
Server Health reports
Based on information gathered by the Domino Server Monitor, the Serve
Health Monitor issues Health reports. Health reports are stored in the
Health Monitoring database (DOMMON.NSF). There are two views of
Health reports, current and historical. Current reports are based on
information reported by the Domino server monitor. Historical reports
are an accumulation of past reports.
Each report includes the following information:
• Server Health information — Information about the server, including
the version of Domino and operating system. Displays the rating and
rating value, and lists the first time this rating appeared. Also shows
the last time the server was evaluated.
• Configuration Issues — Identifies any configuration issues that may be
preventing the Server Health Monitor from generating the most accurate
diagnoses possible. Failing to correct these configuration issues will
result in health reports that are less accurate and less detailed.
• Details Regarding Rating — This information backs up the
recommendations. Information can include details about the server’s
configuration or performance.
• Short Term Recommendations — These are things you can do
immediately to improve the server’s performance.
• Long Term Recommendations — These are suggestions for making
lasting improvements that will prevent a poor health rating in the
future.

Displaying Server Health reports
If a server is repeatedly rated Warning or Critical, look at historical
health reports to get a better picture of server health.
To display a current health report

3. Select the view Health Reports - Current Reports.
4. Double-click a server to display the Overall Health Report for that
server.
To display a historical health reports

3. Select the view Health Reports - Historical Reports.
4. Find the target server in the list and expand its report documents.
Changing the purge interval for historical health reports

By default, the historical reports are purged from the Health Monitoring
database (DOMMON.NSF) after 7 days. To change this default, edit the
NOTES.INI file on the Domino Administration client to include this
setting:
HEALTH_REPORT_PURGE_AFTER_N_DAYS=n
Improving the performance of the Server Health Monitor

If the Domino Administration client workstation performs at 100 percent
CPU utilization for a long period of time, the Server Health Monitor
discards server statistic data to keep up with the workload. If statistic
data is discarded over an extended period of time, the Server Health
Monitor assigns the rating Unknown to every server. When that
happens, each health report includes the statement “The Domino
Administrator workstation CPU is constantly saturated. Too much server
statistic data is being retrieved. This condition causes inaccurate server
monitoring reports.”

To reduce the amount of statistic data:
• Increase the server polling interval in Administration Preferences.
• Reduce the number of servers being actively monitored during a
Domino server monitor session. The servers for each monitoring
profile you use are added to the total number of servers being
monitored. To clear this list to the servers a specific profile only, stop
the Domino server monitor, and then restart it.
• Dedicate one workstation to the Server Health Monitor
Working with Server Health Monitor statistics

Health statistics are recorded in the Monitoring Results database
(STATREP.NSF). Health statistics are local to the Domino Administration
client; therefore, they do not reside on the servers being monitored. Just
as you use a Domino server statistic, you use a health statistic to monitor
the system.
Monitoring
You can do any of these:
• Use monitoring profiles to monitor server health
• View server health
• Define event generators and event handlers for health statistics
(Jump to topics)
• Excluding a server from monitoring by the Server Health Monitor
from being monitored or from generating health reports
• Create statistics profiles and chart health statistics
Monitoring server health in the Domino server monitor

You monitor server health in the Domino server monitor, using
monitoring profiles. You must be actively monitoring each server from
which you want to collect health statistics. This means that the Domino
server monitor must be running for you to collect Server Health statistics.
By default, the Domino server monitor includes a set of default server
profiles that are created in the Domino Directory. However, you can
create custom profiles that monitor the servers, server tasks and health
statistics that you choose.
By default, when you start the Domino server monitor, it begins
monitoring servers in the last profile that was selected when you shut
down the Domino server monitor. The servers in each subsequent profile
that you monitor, are added to those servers previously monitored. If
you monitor several different profiles in a single session, the number of

servers monitored may be quite lengthy, which may impact the
performance of the Server Health Monitor. To clear the list of servers
monitored, stop and then start the Domino server monitor.
You can also customize which profiles to monitor upon startup, by
specifying profiles you want to monitor in the background, no matter
which profile was monitored when you shut down the Domino server
monitor.
You can perform the following tasks when you work with monitoring
profiles:
• Creating monitoring profiles in the Domino server monitor
• Modify a system profile
• Specify monitoring profiles to monitor when you start the Domino
server monitor
For more information on creating and modifying server profiles, and
specifying which profiles to monitor when you start the Domino server
monitor, see the chapter “Monitoring the Domino Server.”
Viewing server health with the Server Health Monitor

After the first polling interval passes, the Server Health Monitor posts a
report of server health, which you can view in the Domino server
monitor for a quick visual representation of your server’s health. When a
server rating is Warning or Critical, or when there is a configuration
issue, check the Overall Health Report in the Health Monitoring database
(DOMMON.NSF). Each server health report provides short-term and
long-term recommendations for restoring the server’s rating to healthy.
For example, if the Memory Utilization component receives a Warning
rating, the short-term solution may be to check the server for
unnecessary processes that have been loaded. The long-term
recommendation may be to add memory or to check the server’s
page-file allocation.
Note A red exclamation mark next to a server indicates a configuration
issue. Read the server health report for information on configuration
issues.
To view server health

1. Make sure you enabled the Server Health Monitor in Administration
Preferences, started the Domino Server Monitor, and allowed the
monitor to run for a few minutes longer that the specified polling
interval.

3. In the Health column (Hea), the Server Health Monitor uses these
icons to indicate the server’s overall health:
• Green thermometer — the server’s overall health rating is
Healthy. All server components are within the appropriate range.
• Yellow thermometer — the server’s overall health rating is
Warning. One or more server components being monitored are
approaching unacceptably poor levels of performance.
• Red thermometer — the server’s overall health rating is Critical.
One or more server components being monitored are failing to
perform within acceptable tolerance levels.
Excluding a server from the Server Health Monitor report

documents
The Server Health Monitor creates health reports for each server you are
actively monitoring and stores them in the Health Monitoring database
(DOMMON.NSF). You can exclude a server from a monitoring profile, so
Monitoring
that the server is removed from the current monitoring view in the
Domino server monitor. However, the Server Health Monitor continues
to include that server in the health reports until you remove the server
permanently from DOMMON.NSF. You permanently exclude a server
from being included in health reports by removing its current report
documents and its configuration server component document. After you
exclude a server permanently, the Server Health Monitor no longer
generates reports.
To exclude a server from a monitoring profile

Use this procedure when you do not want to see the continued output of
the server health rating for the server, but you want to continue listing
the health report for the server in the Health Monitoring database.
2. Select the server you want to remove and right-click. From the menu,
choose “Remove Server.”
3. Click the Stop button.
The next time you press the Start button, the server will no longer be
monitored. However, it will continue to be listed in the current health
report view.
To exclude a server from generating Health Reports

Use this procedure when you do not want to monitor the server and do
not want to continue receiving health reports on it in the Health
Monitoring database.

1. Perform the steps listed above to exclude temporarily the server from
the server monitor view.
3. Open the Health Monitoring database (DOMMON.NSF), and open
the Configuration - Server Components view.
4. Delete the Health Monitoring Server Configuration document for the
server being excluded.
5. Open the Health Reports - Current Reports view and delete the
current health report and all the response documents for the server.
6. (Optional) Open the Health Reports - Historical Reports view and
delete the historical health reports and the associated response
documents for the server.
Charting Server Health Monitor statistics

To chart the performance of Server Health statistics, you must be actively
monitoring all servers whose performance you want to chart in the
Domino server monitor. In addition, if you want to chart health statistics
historically, you must enable the generation of statistic reports while
monitoring or charting statistics in the statistic Administration
Preferences.
For more information on enabling statistic reports, see the topic “Setting
up the Server Health Monitor,” earlier in this chapter.
You can chart real-time and historical performance of Server Health
statistics. Real-time health statistics are gathered by the Statistic Collector
server task in the Domino Administrator and are stored in memory, for
use when charting real-time statistics. Historical health statistics are
created from the historical statistics information stored in the local
Monitoring Results database (STATREP.NSF).
You can also create statistic profiles to monitor groups of servers and
associated statistics routinely. There is a limit of 25 statistics in each
statistic profile.
You can perform the following tasks when charting server health
statistics:
• Create statistics profiles
• Modify statistic profiles
• Display statistic charts
For information on creating statistic profiles and charting statistics, see
the chapter “Monitoring the Domino Server.”

Activity Trends
Domino server resource utilization can be separated into two types,
system activity and user activity. System activity, which includes the
level of processor, disk, memory, and network consumption that Domino
generates to keep the server running, is a fixed amount of activity, as
long as systems are healthy and performing smoothly. Domino servers
typically use a modest percentage of their resources to run. The
remaining server capacity is used to support user activity, which varies
with the usefulness of the data on the server.
Using Activity Logging servers account for their time precisely,
recording user activity by person, database, and access protocol. When
summarized and averaged, or trended over time, activity logging of
trended statistics provides a way to measure and compare workloads
across servers. You can use this information to identify the most active
users and databases on each server. Using the Domino Change Manager,
you can automate the creation and execution of workload redistribution
Monitoring
plans to load a new server, decommission an old one, or balance
workloads across unevenly burdened servers
Activity Trends is part of the IBM Tivoli Analyzer for Lotus Domino, a
separate product offering from Tivoli Systems. The Activity Trends
Collector is a Domino server add-in task that records and reports
statistics about database activity on a server. Information is stored in the
Activity Trends database (ACTIVITY.NSF).
The IBM Tivoli Analyzer for Lotus Domino uses the collected data to
determine the load on the server. Then, using resource-balancing
functionality, the Analyzer applies trends analysis and statistics to
intelligent algorithms that can provide computer-aided load balancing on
a set of servers or simplify the server decommissioning process.
Integrated with the IBM Tivoli Analyzer for Lotus Domino, the Domino
Change Manager provides workflow capability that creates
resource-balancing plans and implements database moves, using the
Tivoli Analyzer tools and analysis. The Domino Change Control
database (DOMCHANGE.NSF) and Domino Change Manager are part
of the Domino server core functionality.
Activity Trends includes:
• Server profile definition — For easy access to a named group of
servers.
• Statistics profile creation — For easy access to a named group of
statistics.

• Activity trends charting — You can chart a selected group of
statistics for a single server or a group of servers.
• Resource balancing — Analyzes server resource use and creates
recommendations for balancing the servers based on specified
resource goals.
Activity Trends uses these Domino server features:
• Activity logging — To collect information that will be used for
resource-balancing.
• Activity Trends — To set up times for data collection and retention.
• Domino Change Manager — To implement a workflow process in
which changes made to the system are controlled and approved.
Setting up Activity Trends

The basic setup for Activity Trends includes these tasks:
1. Make sure the IBM Tivoli Analyzer for Lotus Domino is installed.
2. For each server for which you want to collect activity logging
information and analyze activity trends, enable activity logging and
activity trends in the Configuration Settings document.
3. To set up resource balancing, do the following:
a. Load the Domino Change Manager administration task on one
server in the domain.
b. Define a set of server profile options that specify the locations,
goals, and behavior of resource balancing.
Enabling activity logging and setting up Activity Trends

You enable activity logging and set up Activity Trends in the
Configuration Settings document. First, you enable activity logging to
gather data for the selected server tasks. The first time you start Activity
Trends, the system must run and collect data for 24 hours before you can
work with the data.
Then you specify how you to collect the Activity Trends and create the
Activity Trends database (ACTIVITY.NSF), which is stored, by default,
in the Domino data directory.
To enable activity logging and set up Activity Trends

1. From the Domino Administrator, click the Configuration tab, expand
the Server section, and click Configurations.
2. Select the server, and click Edit Configuration or Add Configuration.

3. Click the Activity Logging tab, and check “Activity logging is
enabled.”
4. Under Server Activity Logging Configuration, complete these fields:
Field Action
Enabled logging Select the server tasks to use to produce activity
types logging data.
For Activity Trends, enable all tasks except
Domino.MAIL. At a minimum, you must enable
Domino.Notes.Session and Domino.Notes.Database.
Checkpoint interval Enter the number of minutes to wait between the
creation of checkpoint records. The default is 15
minutes.
Log Checkpoint at Check Yes to log ongoing session activity at
Midnight midnight. This is required for Activity Trends.
You must enable this field to enable Activity
Logging.
Monitoring
Log Checkpoints for Check Yes and then specify the prime shift interval to
Prime Shift log checkpoints for the prime shift.
You must enable this field to enable Activity
Logging.
Prime Shift Interval Specify the start and end time of prime shift. Set the
interval on the hour.
5. Click the Activity Trends tab, and complete the following fields on
the Basics tab:
Field Action
Enable activity Click yes to run the Activity Trends Collector.
trends collector Activity Trends Collector uses the raw data from
activity logging and prepares it for use with Activity
Trends.
Activity trends Enter the name and path of the database where
collector database Activity Trends data is stored if you want to change
path this. The default is ACTIVITY.NSF.
Time of day to run Enter a time. The default is 3:23 AM. Schedule the
activity trends Activity Trends Collector to run after the Catalog
collector task runs. By default, the Catalog task runs at 1 AM.
Days of the week to Select the days for which you want to collect
collect observations observations. The default is Monday through Friday.

6. Under Activity Trends Data Profile Options, keep the “Use defaults”
field enabled. If you choose not to use the defaults, complete these
fields.
Field Action
Trends cardinal Enter the number of recent observations you want to
interval use. The default is 10.
When computing trended values, recent observations
are weighted the most. For example, if you select
Monday through Friday in the “Day of the week to
collect observations” field and use the default 10 in the
“Trends cardinal interval” field, the trended values
will include two weeks of observations (five days each
week).
Note If you know there has been a recent change in
user activity, you may choose not to use trended
values.
Observation time Specify the time in seconds for one bucket. The default
bucket (seconds) is 300.
The observation time controls how many buckets you
will have for one 24-hour observation period.
Maximum Specify the maximum length of time data is kept in the
observation list Trends database before it is overwritten with new data.
time The default is 366, the number of days in a leap year.
Trends history Choose one:
interval • Daily
• Weekly (default)
• Monthly
• Trend Interval
7. Click the Retention tab. Keep the “Use defaults” field enabled.
Documents are overwritten after the retention period expires. The
defaults are:
• Server history — 366 days
• Server observations —15 days
• Database observations — 10 days
• User observations — 10 days
• Connection observations — 10 days
• Inactive database trends — 10 days
• Inactive user trends — 28 days
• Inactive connection trends — 28 days
• Run log — 20 days

8. Click the Proxy Data tab, and enter the names of the databases
containing activity data to search.
For detailed information on checkpoint records, see the chapter, “Setting
Up Activity Logging.”
Understanding how Activity Trends collects data

Activity Logging collects data from the log file (LOG.NSF) and the
Catalog task and stores it in the Activity Trends database
(ACTIVITY.NSF). The Activity Trends Collector task processes this data
and produces the trended data that is used in charting and resource
balancing.
The “Trends cardinal interval,” “Observation time bucket,” and “Proxy
data” settings affect Activity Trends.
Trends Cardinal Interval
Monitoring
Trend statistics are based on data gathered during an observation period,
which is a 24-hour period from midnight to midnight. Each trend statistic
is a weighted running average, which is computed by adding data from a
new observation to the existing “trend,” or running average, with an
exponential weighting.
Consequently, the newest observations are weighted most heavily, and
older observations are weighted exponentially less and less in the new
computed trend. Keep in mind that increasing the cardinal interval
increases the number of recent observations that are heavily weighted,
and decreasing the cardinal interval decreases the number.
Observation Time Bucket

Activity Trends stores data in a “time bucket,” or array, that represents a
distribution of activity across one observation period. When you set up
Activity Trends, you specify the size of each bucket, by specifying the
number of seconds that make up one bucket. The specified number must
divide evenly into one hour. For example, the default is 300 seconds, or 5
minutes; therefore, there are 288 5-minute buckets in one observation
period.
Proxy data
By default, the server from which you are running Activity Trends will
find the local Activity Trends database (ACTIVITY.NSF). However, you
may replicate Activity Trends databases that contain data you want to
access. You use proxy data to include the names of other Activity Trends
databases that contain trends data from other servers.

Activity Trends server and statistics profiles
Using profiles simplifies the work of managing groups of servers and
groups of statistics. In Activity Trends, you can collect servers into a server
profile, and you can specify the statistics to be included in a server profile.
In a server profile, you collect servers from the same domain into a
named group. Then when you perform resource balancing or use
charting to review performance, you have easy access to those servers.
After you create a server profile, you can select a statistics profile to view
the statistics for the selected server profile.
When you perform resource balancing, the server profile can include one
or more phantom servers. Phantom servers do not physically exist, but
you can use them in “what if” scenarios to evaluate how adding servers
might alleviate load problems. Phantom servers are not visible when
viewing activity trends, in either the Latest or Historical views, because
there is no activity trends data for phantom servers.
Activity Trends analysis includes default statistics that differ depending
on the view you are in. The Users view, for example, has only one default
statistic, while the Server view has two. You can create statistics profiles
that contain an unlimited number of Domino system statistics. Then you
can use any statistic profile with any server profile.
For more information on profiles, see:
• Creating an Activity Trends statistics profile
• Creating an Activity Trends server profile
Creating an Activity Trends server profile

You can create one or more Activity Trends server profiles.
To create a server profile

1. From the Domino Administrator, click the Server - Performance tab,
expand the Activity Trends section, and do one:
• Select a view in the Latest folder or Historical folder
• Select Resource Balancing
2. In the “Server profiles” area, click the green plus sign.
3. In the Add Server dialog box, select the domain to use.
4. Under Server, do one or both of these:
• Click Existing Server, and select from the list of available servers.
• Click Phantom (Resource Balancing only), and enter a name for
the phantom server.

5. Click Add to add each server, and then click Done when you have
completed your selections. This group is only temporary. To save
this server profile, proceed to the next step.
6. Click the document icon and choose “Save As.”
7. In the “Save Server Profile” dialog box, enter a group name and
click OK.
To create an additional server profile

Use this procedure to clear the current server profile and create a new
one.
1. In the “Server profile” area, click the document icon, and choose
New.
2. Click the green plus sign, and complete Steps 4 through 7 in the
above procedure.
Modifying an Activity Trends server profile
Monitoring
You can add or delete servers to an existing server profile. In Resource
Balancing, you can also add phantom servers. A phantom server does
not physically exist, but is factored in to the resource-balancing plan to
evaluate how adding servers might alleviate current load problems.
To add a server to a profile

and expand the Activity Trends section.
2. Select an Activity Trends view.
3. Under “Saved server group configurations,” choose a server profile.
4. Click the green plus sign to display the “Add Server” dialog box.
5. Under Server, do one or both of these:
• Click Existing Server, and then select from the list of available
servers.
• Click Phantom (Resource Balancing view only), and then enter a
name for the phantom server.
6. Click Add to add each server, and then click Done when you
complete the selections. This group is only temporary. To save this
server profile, proceed to the next step.
7. Click the document icon, and do one:
• Click Save As, and enter a new profile name.
• Click Save to update the existing profile.

To delete a server from a profile
3. Under “Server profiles,” choose a profile.
4. Select the name of one or more servers to delete.
5. Click the red minus sign.
Deleting an Activity Trends server profile

You can delete a server profile that was previously saved.
3. Select a server profile from the list.
4. Click the document icon, and choose Delete.
Creating an Activity Trends statistics profile

To create a statistics profile
expand the Activity Trends section, and select a view in the Latest
folder or Historical folder.
2. In the “Statistics profiles” area, click the green plus sign.
3. In the Add Activity Statistic dialog box, expand the statistic
categories. The list of activity statistics varies depending on the view.
4. Choose one or more statistics to add, and click OK.
Tip To select more than one statistic, locate your cursor in the
column to the left of the list and click next to each statistic you want
to add. Drag the mouse to select large group of statistics.
5. Click the document icon, and choose “Save As.”
6. In the Save Statistics Profile dialog box, enter a name for the group.
To create another statistics profile

1. In the “Statistics Profiles” area, click the document icon, and choose
New.
2. Click the green plus sign, then complete Steps 4 through 6 in the
above procedure.

Modifying an Activity Trends statistics profile
You can add or delete statistics from a saved statistics profile.
To add a statistic to a saved profile

expand the Activity Trends section, and select a view in either the
Latest folder or Historical folder.
2. Under “Statistics profiles,” choose a group.
3. Click the green plus sign to display the “Add Activity Statistic”
dialog box.
4. For each statistic you want to add, select the statistic, and click OK.
When you finish adding statistics, click Done.
Tip To select more than one statistic, position the cursor in the
column to the left of the list and click next to each statistic to add, or
drag the mouse to select a large group of statistics.
Monitoring
To delete a statistic from a saved profile
expand the Activity Trends section, and select a view in the Latest
folder or Historical folder.
2. Under “Statistics profiles,” choose a profile.
3. Select the statistic you want to remove, and click the red minus sign.
Viewing Activity Trends charts

You can view the latest available data and historical data charts of
Activity Trends statistics. You can also set display options that customize
the appearance of the charts. You can select servers and statistics to view,
or you can select predefined server and statistic profiles.
You can also “drill down” for more information on any user or database
statistic in the Latest Folder view. For example, to see which databases a
user is accessing, select a user from the Latest Folder - User view and
double-click the user’s name; the Connection view displays a chart of
that user’s database use.

For information about setting charting display options, see the topic
“Setting charting options for resource balancing” later in this chapter.
To view Activity Trends charts

2. Select the Activity Trends view.
3. Select one of these views:
• Latest folder - Server — To view the set of data available for
selected statistics on each selected server.
• Latest folder - Database — To view the databases on each selected
server.
• Latest folder - User — To view the users statistics for all databases
on the selected servers.
• Latest folder - Connection — To view information for a selected
statistic from either the User or Database charts.
• Historical folder — Weekly
• Historical folder — Daily
Resource balancing in Activity Trends

Using resource balancing, you can balance selected resources, such as
database transaction load and disk space, among a selected group of
servers. You decide which databases are available to be relocated as part
of the resource balancing. All system databases are automatically
“pinned” and cannot be moved. You can pin other databases to prevent
them from being moved.
In addition to balancing the resources of existing servers, you can create
phantom servers to use for future planning. Each phantom server
represents a new server that can be loaded with databases. Then you can
evaluate the effect of adding a new server before you incur the expense
of additional hardware.
Server roles
The role you assign to a server affects the resource-balancing results.
• Source Only — These servers cannot have any databases moved to
them.
• Destination Only — These servers cannot have any databases
removed from them. A phantom server is a Destination Only server
and cannot be changed.
• Any — These servers can have databases moved to or from them.

Setting up resource balancing in Activity Trends
Within an Activity Trends server profile, you define criteria that
determines which databases and servers to evaluate and how to balance
resources.
1. Specify locations of the databases and servers to search for activity
data.
2. (Optional) Set display options for Activity Trends charts.
3. Set the primary and secondary goals for analyzing the database
activity that you want to balance.
4. Specify which databases can move during resource balancing.
5. Specify the location of the Change Manager database and set
resource-balancing behavior.
Specifying database and server locations for resource balancing
Monitoring
Use the Server Profile Options dialog box to specify which databases and
servers will be searched for activity data, and whether to use cached
data. Because Activity Trends data changes only on a daily basis, caching
data is highly recommended to increase system performance by avoiding
a read across a potentially slow network. The first time a server’s data is
read, the data is cached and remains available. For example, if you read
and then delete a server’s activity data and later add the same server, the
in-memory data is used.
You can open the Server Profile Options dialog box from the Activity
Trends menu or by clicking the Server Profile Options button:
To specify locations
2. Select the Activity Trends - Resource Balancing view.
3. Choose Resource Balancing - Options to open the Server Profile
Options dialog box.
4. Click General.
5. Under Activity Data Search Order, choose one or both:
• Search Local Activity Databases — To search the Activity
databases (ACTIVITY.NSF) on each server on which Activity
Trends is enabled.

• Search Activity Data Proxy Servers — To use servers that contain
activity data copied or replicated from another server. Enter the
name of the servers that have the proxy data. Activity Trends
Collector proxy data options are configured in the Configuration
Settings document in the Domino Directory.
6. Under Activity Trends Data Cache for the field “Enable caching of
activity data,” do one:
• Check Yes (default) — To cache Activity Trends data. When data
is cached, if the data for a server has already been retrieved (even
though the server may not appear in any of the server lists), the
cached data is used.
• Uncheck Yes — To gather Activity Trends data every time a new
server is added. Data from servers that are removed is discarded
immediately, and new data is retrieved.
7. For the field “Cache expiration time out,” enter the number of
minutes that data remains cached after the server’s data is first
retrieved. The default is 360 minutes.
8. Choose one of the following to set location defaults. These defaults
apply only to items on the current tab.
• Use Defaults — To revert to previously stored custom defaults.
• Save as Defaults — To save a custom set of defaults and override
the system defaults.
• Reset Defaults — To revert to the system defaults.
Setting charting options for resource balancing

You can set options for how Activity Trends charts display on the
Domino Administrator Server - Performance tab. For all Activity Trends
views, you can specify font appearance and show database names
instead of file names. You can specify additional charting options that
apply individually to the Latest folder, Historical folder, and the
Resource Balancing views.
You can open the Server Profile Options dialog box from the Activity
Trends or Resource Balancing menus, or by clicking the Server Profile
Options button:

To set chart options
expand the Activity Trends section, and click Resource Balancing.
Options dialog box.
3. Click Charting.
4. Under Font Preferences, select the way that type will appear on all
charts in all Activity Trends views. The defaults are:
Chart Element Font Size Appearance
Chart Heading Font Default Sans Serif 12 Bold
Chart Axis Label Font Default Sans Serif 8 Plain
ChartLegend Font (when visible) Default Sans serif 8 Plain
5. Under Resource Balancing Display Options, check Yes to enable

these options for Resource Balancing view. The default is unchecked.
Monitoring
• Show actual values on Y-axis when displaying non-normalized data
• Show chart using 3D effect
6. Under Latest Activity Display Options, do the following to set the
appearance of for the Activity Trends - Latest folder views:
a. For the field “Maximum X-axis items that can be displayed”
enter the number of items that can be shown in the horizontal
position on the chart. The default is 1000.
b. Check Yes to enable these display options. The default is
unchecked:
Show database titles on X-axis
Show actual values on Y-axis when displaying single data type
(such as bytes, transactions, milliseconds)
Show chart using 3D effect
7. Under Historical Activity Display Options, check Yes to enable these
options for the Activity Trends - Historical folder views. The default
is unchecked.
• Show actual values on Y-axis
• Show chart using 3D effect
8. Choose one of the following to set Charting defaults:
• Use Defaults — To revert to previously saved custom defaults.

Primary and secondary goals for resource balancing
To balance resources, first determine your primary and secondary goals,
and specify how much weight to give each of these goals. The default
goals are Notes Transactions and Disk Space, which are the defaults for
Primary and Secondary goals respectively. Because transactions factors
in almost all user and server activity, and disk space is typically a
constrained resource, these are a good measurement on which to balance.
The second factor in resource balancing is tolerance. When you specify
tolerance, you indicate the level of accuracy you want for the resource. A
low value typically generates more moves (it is less tolerant when the
values are lower), but produces a better distribution of the resources that
are closer to the targeted accuracy. A higher tolerance value creates
fewer moves, but does not distribute the activity as evenly. You set
tolerance values for both the Primary and Secondary Goals, however the
primary tolerance is much more important than the secondary tolerance
in determining the number of moves.
Finally, you specify whether to use trended data or data collected from
one observation period. You also choose when to gather the data.
For more information about trended data see the topic “Understanding
how Activity Trends collects data,” earlier in this chapter.
The resulting resource chart may show heavy activity on some servers
and light activity on others. You can choose to balance the activity across
the servers so that no single server shows a high incidence of activity.
You can balance resources based on a primary and a secondary goal.
Unless you have specific requirements in mind, the recommended
primary and secondary goals are Notes Transactions and Disk Space,
respectively.
Because the primary goal is given more weight than the secondary goal,
set the resolution of the most troublesome resource area as the primary
goal. For example, if you suspect that some servers have available disk
space, while others have almost none, choose the statistic Disk Space as
the primary goal.
Statistic Name Description

AvgSpaceUsed Percentage of the disk space actually in use, as
recorded by the database activity data.
DiskSpace The number of bytes of disk space occupied by the
database, as recorded by the database activity data.
FullTextIndexSize Size of the full-text index for this database.
continued

Statistic Name Description
HTTP BytesFromServer The number of bytes sent from the database, as
recorded by the user session data.
HTTP BytesToServer The number of bytes sent to the database, as recorded
by the user session data.
HTTP RequestMsecs Request time, in milliseconds.
HTTP Requests The number of HTTP requests.
Notes BytesFromServer The number of bytes sent from the server, as recorded
by the user session data.
Notes BytesToServer The number of bytes sent to the server, as recorded by
the user session data.
Notes Connects The number of database connections, as recorded by
the user session data.
Notes DocumentsRead The database read count, as recorded by the database
activity data.
Monitoring
Notes The database write count, as recorded by the database
DocumentsWritten activity data.
Notes Transactions The number of transactions, as recorded by the user
session data.
Replica BytesRead The number of bytes read, as recorded by the
Replicator task.
Replica BytesWritten The number of bytes written, as recorded by the
Replicator task.
Users The count of unique users, as recorded by the user
session data.
Setting primary and secondary resource-balancing goals

To balance resources, you establish two goals based on two selected
statistics. Each goal is based on a statistic that is associated with the
activity you want to balance.
You can open the Server Profile Options dialog box from the Resource
Balancing menu, or by clicking the Server Profile Options button:

Options dialog box.

4. Expand the Balancing section, and then click Goals.
5. Complete these fields to specify the primary goal:
Field Action
Statistic Name Select a statistic from the list. The default is Notes
Transactions.
Tolerance Enter a percentage. The default is 10%.
Analyze Choose one:
• Trended Data (default) — To analyze the resource
balance based on trended data.
• Last Observation Data — To analyze the resource
balance based on the data that was gathered during
the most recent observation time.
Over period Choose one:
• Complete Day (24 hours) — To analyze data gathered
during a 24-hour period.
• Prime Shift Only (default) — To analyze data gathered
during the prime shift hours.
Note The prime shift hours are defined on the Activity
Logging tab of the Configuration Settings document.
For more information on defining prime shift hours, see the topic
“Setting up Activity Trends” earlier in this chapter.
6. Click Secondary Goal, and repeat Step 5 to specify the values for the
secondary goal. Goals that were selected as Primary goals will not
appear in the list of available statistics for secondary goals.
7. (Optional for secondary goal only) Enable “Other options” if any
tolerance value is acceptable as a solution for resource balancing.
8. Choose one of the following to set defaults for goals. You can set
these defaults on either the Primary or Secondary Goal tab.
Specifying which databases can move during resource balancing

To specify which databases can move during resource balancing, you
create a master pin list. Because system databases, such as the Domino
Directory, are never moved, do not include them in the pin list.

You pin databases in one of two ways. You can list databases you do not
want to move, or you can list only the databases that you do want to
move. After you define a pin list, you can save it as a pin list profile.
Tip You can also pin individual databases from the Available Databases
list in the Server - Performance tab, in the Resource Balancing view of the
Domino Administrator.
By default, all databases are associated with all servers. The server name
can be specified as part of the entry. Use a colon to specify the server
part. For example, Acme/East:mail/*.nsf applies to all mail/*.nsf
databases on the server Acme.
When you select servers to balance resources, you should be aware that
Activity Trends does not recognize that servers are in a cluster. If you
include servers from different clusters or some servers that are in a
cluster and some servers that are not in a cluster, Activity Trends may
suggest moving a database out of a cluster in order to balance the
resources. To prevent this, you can create a separate server profile for
Monitoring
each cluster and one for nonclustered servers, or you can pin databases
that you want to exclude from resource balancing.
You can open the Server Profile Options dialog box from the Resource
Balancing menu, or by clicking the Server Profile Options button:
To create a master pin list

Options dialog box.
4. Expand the Balancing section, and then click Pin List.
5. Click the Database Pin List tab.
6. Under Pin Method, choose one:
• Pin listed databases — To pin the listed databases so that they will
not be moved.
• Pin all but listed — To make the listed databases available to be
moved, and pin all other databases.
7. Under “Database List,” add or delete databases. To add a database,
enter the name directly on the list.

8. Next to the list of database names, do one:
• Choose Reset to return the list to its original set of databases.
• Choose Save as, and enter a name to save a new pin list.
9. Choose one:
To edit or delete a saved pin list profile
1. Under “Saved Pin List Profiles,” select a profile.
2. Do one:
• Edit the list of databases, and then click Save.
• Click Delete.
Understanding resource-balancing behavior

When you set the resource-balancing behavior, you balance the amount
of moves made during resource balancing with the amount of accuracy
achieved. Accuracy is how successfully the moves were made, based on
the number of moves allowed. The higher the accuracy, the more evenly
resources are balanced.
You also specify the location of the Domino Change Control database
(DOMCHANGE.NSF). By default, Activity Trends automatically selects
a server. However, you must specify the Domino Change manager server
in the Configuration Settings document. Use the default unless you want
to use a local replica or are working remotely and want to use a server
that has a replica of the Domino Change Control database.
Resource balancing distributes database activity across three bins:
• Light — The top bin when graphed, has the lightest amount of
activity.
• Medium — The middle bin when graphed, has a medium amount of
activity. This percentage is calculated based on the percentage in the
other two bins.
• Heavy — The bottom bin when graphed, has the heaviest amount of
activity.

Resource balancing attempts to balance the bins among the servers as
well as the total for the servers. This is important because heavily utilized
databases (databases with a high number of transactions) also have the
greatest variance. That is, their usage is more likely to vary from the
mean more frequently. This means that when there is a spike in activity,
the spike will be a big spike, and the dip will be a big dip. Dividing the
databases into bins separates the few databases that account for a large
amount of activity, from the large amount of databases that account for
little activity. For example, out of 100 databases on a server, 10 databases
may account for 30% of activity, while 65 databases account for another
30%. The remaining 40% of activity is accounted for by the medium
usage 250 databases.
Balancing according to the bins, ensures that the spread of heavily used
and lightly used databases are evenly distributed across the servers. This
results in more predictable usage patterns, increased availability, and
more efficient use of resources.
Deciding the exact percentages for each of the bins depends on how your
Monitoring
organization uses their databases and the type of server being balanced
(mail server versus application server). For mail servers in most
organizations you may want to increase the size of the light bin and
decrease the size of your heavy bin, while for application servers the mix
may be different.
For more information about charting bin activity and how the values are
calculated, see the topic “Understanding current and projected profile
charts,” later in this chapter.
You also specify how Activity Trends analyzes the server resource
capacities. By default, server capacities are determined relative to other
servers in the list. For example a server that has a capacity of x1
transactions has half the transactional capability (CPU) of a server at x2.
You could, however balance resources based on actual values (such as
the number of transactions per day, or the total amount of disk space
available). Using the example above, you would specify the servers as
having a capacity of 10,000 and 20,000 transactions. However, if you
choose to balance resources based on actual values, you have to know
that the servers involved can actually handle the capacities specified.
Another way in which you indicate server resource capabilities, is to
specify how the server volume is determined. You can either use server
volume and file system information when resource balancing, or ignore
volume information and treat all space as flat. The default is to use the
volume information, which uses the different physical volumes and their
sizes that comprise the space available to Domino, rather than just the
total amount of space on the server. Volume balancing is recommended.

This may produce plans in which a database moves to a different server
and has a different destination path because of space requirements on a
particular volume on the destination server.
Customizing resource-balancing behavior

Customizing resource-balancing behavior is an advanced feature.
Therefore, unless you know how changes will affect the outcome of
resource balancing, use the default settings
To customize resource-balancing behavior

expand the Activity Trends section, and click Resource Balancing.
Options dialog box.
3. Expand the Balancing section, and then click Advanced.
4. Under Resource Balancing Behavior, choose one:
• Minimize Moves — To minimize the number of moves made,
even though the balance may not be as accurate when completed.
• Balance Moves and Accuracy — To allow more moves, in an effort
to reach a higher level of accuracy.
• Maximize Accuracy — To allow as many moves as it takes to get
the most accurate resource balance.
5. Under “When submitting a resource balancing plan” choose one of
these:
• Automatically Select Server — to automatically locate the server in
the domain that has the Domino Change Control database
(DOMCHANGE.NSF). This is the default.
• Use Local Database Replica — and then enter the path to use a
replica of the Domino Change Control database
(DOMCHANGE.NSF) located on the local drive.
• Use Remote Server — and then enter the name of the server that
has the Domino Change Control database (DOMCHANGE.NSF).
6. Under Bin Sizes, choose the percentage for each bin:
• Light Bin — Default is 30%
• Middle Bin — Default is 40%
• Heavy Bin — Default is 30%

7. For the field “Enter server resource capacities as relative values
when editing server properties,” do one:
• Check Yes (default) to specify server resource capabilities relative
to other servers in the list.
• Uncheck Yes to specify actual values, such as the number of
transactions per day or the total amount of available disk space.
8. For the field “Use server volume and file system information when
resource balancing,” do one:
• Check Yes (default) to use the volume information, such as
physical volumes and their sizes that comprise the space available
to Domino.
• Uncheck Yes to ignore volume information and use the total
amount of space on the server, treating all space as flat.
9. For the field “Warning when data is older than n days,” enter the
number of days before a warning is generated. The default is 7 days.
Then if you create a resource-balancing plan and the data is older
Monitoring
than 7 days, you receive a warning that the resulting plan will be
based on old data.
10. Choose one of the following options to set Resource Balancing
behavior defaults:
Analyzing resource-balancing distributions

Use any of these procedures to analyze the current and proposed
distribution of user activity on specified databases. The statistics and
charts displayed during this process reflect the choices you made in the
Server Profile Options dialog boxes.
1. Create a proposal for a new, balanced distribution.
2. Compare the current and projected distribution of databases on
servers.
3. Review the distribution of user activity represented in the light,
medium, and heavy bins. Review the effect of changes on other
resource statistics in these charts as well. The accuracy is only a
guide as to how well it achieved the balance within the tolerance
specified. Sometimes the required accuracy may not be achieved for

a particular server. There are many reasons why this could happen.
Sometimes, there is no solution within the parameters specified and
resources are balanced as well as they can be.
4. Review the server capacity and accuracy information before and
after proposed targets.
5. Change the mix of servers and server properties and run the analysis
again, if necessary.
6. Submit a plan to the Domino Change Manager to implement the new
balance of resources.
Creating a proposal for balanced resources

Based on the selections made in the Server Profile Options dialog box,
you can balance resources for a server profile that you created. During
the resource-balancing process, it may take several attempts before
databases are distributed in a way that you find acceptable. You may
need to change source server or database selections. You can make these
adjustments during this process to help make the analysis process run
smoothly.
• Pin and unpin databases
• Change server properties or add a phantom server
• Filter out servers and their databases that you do not want displayed
on the Available Databases tab
• Change the layout of the Activity Trends view on the Server -
Performance tab of the Domino Administrator
To create a proposal
2. Under Activity Trends, click Resource Balancing.
3. Choose a server profile.
4. Click the “Available Databases” tab to display the list of databases
that can be moved.
5. (Optional) To change the databases that are available for moving,
select a database and click Pin or Unpin.
6. Make sure that each server in the top frame has an arrow next to its
name. If there is a red (x) instead of an arrow, the server is not
reporting its trended data. You must remove the server or make it a
phantom server; otherwise, the Analyze button will be disabled and
you will not be able to create a proposal.
7. Check the server properties to make sure that the capacity of each
server is weighted correctly.

For information on editing server properties, see the topic “Editing
server properties for resource balancing” later in this chapter.
8. Click Analyze.
9. When the analysis is complete, view the Recommended Plan and
Project Profile.
Comparing current and projected resource balances

After creating a proposal for balanced resources, compare the proposal
against the current resource profile by reviewing the information on the
Resource Balancing tabs. The Available Databases and Current Profile
tabs display information about the current state of the servers. You can
also look at the information in the upper frame, which shows you the
current and projected activity, and the targeted and achieved accuracy.
The Recommended Plan and Projected Profile tabs, which are populated
after you analyze current resources, display the distribution of resources
after the plan is completed. The Resource Balancing view is on the Server
- Performance tab of the Domino Administrator. The four tabs provide
Monitoring
the following information about the servers for which you want to
balance resources:
• Available Databases — Lists the databases that are not pinned in the
Master Pin List and are, therefore, available to be moved
• Recommended Plan — Shows the new source and proposed
destination for the databases
• Current Profile — Shows how the servers are currently balanced
• Projected Profile — Shows how the servers will be balanced after the
plan is carried out
Evaluate the changes that are proposed during resource balancing. If you
are not satisfied with the proposed changes, change the mix of servers or
databases or adjust the specified tolerance level in the Server Profile
Options dialog box. If you are happy with the proposal, then you are
ready to submit the plan to the Domino Change Manager.
Evaluating server activity for resource balancing

To balance resources, evaluate the database activity for each server on
which you want to balance resources. Then compare that activity to
redistributed database activity that would result from balancing
resources. The Resource Balancing view on the Server - Performance tab
of the Domino Administrator provides this information in a number of
ways. First, the status of selected servers or of servers in a selected server
profile displays. A red X next to the server indicates that the server is not
available for resource balancing, possibly because the server is down.

Hover over the red X with your mouse to see the status of the server,
including the error message. The Edit Server Properties dialog box also
shows associated error messages in the Status field.
For each goal specified in the Server Profile Options dialog box, Activity
Trends displays the following information that you use to evaluate
whether a server is a candidate for resource balancing:
• Current — The current value of the metric as recorded.
• Capacity — The resource capacities of each server. Resources are
balanced using either capacity or target values. By default, the
capacity is the value used in determining the targets during resource
balancing. You set this value by editing server properties.
• Target — The target value that you want to meet during resource
balancing. This value is based on the statistics specified as primary
and secondary goals. For example, if Notes Transactions is a goal, the
value is the number of transactions. So, if a server has a target of
2000 transactions, the resource-balancing solution attempts to
provide this server with 2000 transactions.
• Projected — The calculated final value of the server’s resource, if the
generated solution (plan) were to be applied.
• Accuracy — A percentage from 0 to 100 that represents how
successfully the moves were made, based on the behavior criteria
you specified. A low percentage is bad and a high percentage is
good. Servers whose values are within the tolerance for the goal (set
in server profile options) display in blue. Values that did not achieve
the tolerance specified for the Goal display in red. This is not
necessarily bad, sometimes it means you need to use other servers or
that there is no good solution for this resource problem. In a good
balance, there should be almost no red values for the primary goal,
and perhaps a few ones for the secondary.
If you do not like the distribution of activity or servers based on this
evaluation, you can edit the server properties to change the server role.
Likewise, you can alter some of the options selected in the Server Profile
Options dialog box. If you have not set server profile options, you can
edit the server properties to change some of the option defaults, and then
analyze again using the new server values.
For more information on editing server properties, see the topic “Editing
server properties for resource balancing” later in this chapter.

Understanding current and projected profile charts
To determine the proposed resource distribution, view the charts of
trended statistics created by Activity Trends. The Resource Balancing
view on the Server - Performance tab of the Domino Administrator
displays database activity for each server. The chart on the Current
Profile tab represents the current server load. The chart on the Projected
Profile tab shows how the servers will be rebalanced if the proposed plan
is implemented.
The charts use light, medium, and heavy bins to show the distribution of
user activity. Each bin represents a group of databases and their metric
values. These bins reflect the “bin sizes” values specified in the Server
Profile Options dialog box. View the distribution of activity before it is
balanced (Current Profile), and then view it again to determine if your
goals have been met. Resources that are not well balanced show a
disproportionate amount of activity in the heavy bin. After resource
balancing has been applied, the recommended distribution in bins
should be relatively even across the servers, if your goals were achieved.
Monitoring
The higher the accuracy of resource balancing, the more evenly activity is
distributed.
Example
The following chart shows database transactions on each server. The
overall height of the bar represents the sum (total) of the database
transactions. The three bins represent the light, medium, and heavy
modal distribution of the database metric — in this case, transaction. In
this example, heavy is the first 30% of databases; middle is the next 40%;
and light is the top 30%, all adding up to 100%.
100
90
Light activity
80
70
60
50 Medium activity
40
30
20
Heavy activity
10
0

• Light — The light bin is the top bin when graphed, using the lightest
color of blue. This indicates the bin with the lightest amount of activity.
• Medium — The medium bin is the middle bin when graphed, using a
medium blue. This indicates the bin with a medium amount of activity.
• Heavy — The heavy bin is the bottom bin when graphed, using the
darkest color of blue. This indicates the bin with the heaviest amount
of activity.
How bin values are calculated

To understand how bin values are calculated, assume there are 20
databases, each with a varying number of transactions. Five is the lowest
number of transactions on any database, and 420 is the highest number
of transactions on the most active database. The total transactions per
database is represented as follows:
5,5,10,10,15,25,25,50,75,100,120,125,140,150,250,300,310,350,400,420 =
2885 transactions
When you group these transactions based on the bin sizes designated in
the Server Profile Options (30% light, 40% medium, and 30% heavy), the
transactions are distributed as follows:
Light = 5,5,10,10,15,25,50,75,100,120,125,140,150 (14 databases
account for 855 transactions; 865 is the target)
Middle = 250,300,310 (3 databases account for 860 transactions; 1154
is the target)
Heavy = 350,400,420 (3 databases account for 1170 transactions; 866
is the target).
1
0.9 Server: Sales1/Acme

Stat: Notes Transactions
0.8 Units: transactions
0.7 Total: 2885 [DBs: 20]
0.6 Light: 855 [DBs: 14]

Medium: 860 [DBs: 3]
0.5 Heavy: 1170 [DBs: 3]
0.4
0.3
0.2
0.1
0
Sales1

When you view these charts, you see that 29% of the chart is light blue;
30% is medium blue; and 40% is dark blue. Hovering over the bar on the
chart, the pop-up shows that most transactions on the server occur on
relatively few (three) databases. In this case, 15% of the databases
account for about 40% of the transactions. If the bars for the other servers
on which you are balancing resources have different proportions for
light, medium and high bins, then resource balancing would better
spread the load across the system and probably result in better server
performance.
Using resource balancing in Activity Trends to decommission a

server
Decommissioning a server is a special case of workload balancing in
which everything outside the default pin list is moved from the server.
The databases that remain, which may still account for significant
activity, are either system databases or databases that are typically
installed on every server, such as templates or help files. In most cases
Monitoring
the latter group will be the same on every server, with the possible
exception of unread marks.
Use these guidelines to decommission a server:
1. Edit the server properties and do the following:
• Set the server as “source only” to prevent Activity Trends from
moving any databases to it.
• Set the server capacity to 0% for the unit you are using as the
primary balancing goal.
2. Use the default pin list so that Activity Trends relocates all databases
other than the system databases and the databases installed on every
server. You can also use an empty pin list since system databases are
always pinned.
Editing server properties for resource balancing

You can balance resources based on capacity or on a specified target. For
example, if you have a new server, you can redistribute server activity to
accommodate the increased resource capacity. However, if you need to
increase the number of transactions per server, you balance resources by
redistributing activity based on achieving a new target value.
In addition, you can assign a weight to each server’s capacity. For
example, assume you have one server with 1.5GB of RAM and a 60GB
hard drive and have a second server with 3GB of RAM and a 120GB hard
drive. You can enter the capacity of the first server as 1 and the second
server as 2, giving it twice the weight.

If you set a capacity (or target) of zero for source-only or any-role
servers, resource balancing tries to move all unpinned databases on the
server. This is useful when decommissioning servers and moving their
contents to new servers.
If a server’s data cannot be obtained, you can treat the server as a
phantom server and then change it back to a real server when data
becomes available. After changing it back, press F9 to refresh and read
the data from the server.
To edit server properties

1. From the Domino Administrator, click the Server - Performance tab
and open the Resource Balancing view.
2. Under Server profiles do one:
• Select a profile
• Select All Servers
3. In the Servers section, double-click the server whose properties you
want to edit. In the Edit Server Properties dialog box, the server name
and domain name appear by default. Complete the following fields:
Field Action
Type Choose one:
• Real — To identify a server that physically exists in the
domain.
• Phantom — To identify a server that does not physically exist
but is factored in to the resource-balancing analysis.
Note The option to toggle between a real server and a
phantom server is available only for real servers whose data
cannot be obtained.
Role Choose one:
• Any — Databases can be moved to or from the server.
• Source Only — This server will not have any databases
moved to it.
• Destination Only — This server will not have any databases
moved from it.
Note Phantom servers are always Destination Only.
Goals Select either the primary or secondary goal from the list. These
are the goals set in the Server Profile Options dialog box.
For more information about goals, see the topic “Primary and
secondary goals for resource balancing.”
continued

Field Action
Capacity Select this option to balance resources for the selected goal,
based on server capacity. Enter the number of resource units.
The default is 1.
Target Select this option to balance resources based on achieving a
target goal. Enter a target value for the goal you selected.
Filtering servers used during resource balancing

You can change the displayed list of available databases by setting filters
that hide databases from display without affecting the master pin list or
affecting how a plan is generated. Using these options provides you with
the information you want quickly and easily. For example, using “hide
databases appearing in plan” shows only the databases that will remain
and filters out all databases that will move. The “hide system databases”
and “hide master pin databases” options show all of the databases on the
servers, even though you don’t want to move them. This option is useful
when you need to see the complete picture of databases on a server and
Monitoring
is useful especially when decommissioning a server.
To filter servers
2. Click the Filter button on the Available Databases tab.
3. In the Servers field choose one:
• All Servers
• Selected Servers
4. Check or uncheck one or more:
• Hide System Databases (default is checked)
• Hide Master Pin Databases (default is checked)
• Hide Databases appearing in Plan (default is unchecked)
Pinning additional databases during resource balancing

When you set the Server Profile Options, you create a pin list of
databases that cannot be moved during resource balancing. However, as
part of the resource-balancing process, you can pin or unpin databases.
For example, you may want to evaluate the effect of pinning an
additional database, or you may want to unpin a database to see if
resources balance with fewer moves.
Pinning or unpinning databases as you balance resources does not
change the saved pin list. You cannot unpin a system database or a

database that is pinned by the master pin list. However, the status of
each database is saved with the server profile information for the
selected server profile.
To pin or unpin databases as you balance resources

expand the Activity Trends section, and choose Resource Balancing.
2. Click the Available Databases tab.
• Select the databases that cannot be moved, and then click Pin.
• Select one or more databases that are currently pinned, and then
click Unpin.
4. Click the Analyze button to see the effect of the new pinning
information.
Displaying additional statistics during resource balancing

You can change the statistic that displays on the current or projected
profile chart so that you can view the balance of other types of database
activity. By default, when you balance resources, the primary goal is the
statistic that displays.
2. Click the Filter button on the Available Databases tab.
3. Select the statistic you want to display.
4. Under Options, select one or more of the following. The defaults
vary depending on the statistic.
• Use Trended values — to use trended statistics, instead of current
statistics.
• Use Prime Shift values — to use statistics collected during the
prime shift hours. Prime shift hours are specified in the
Configuration Settings document when you set up Activity
Trends.
• Size in proportion to capacity — to base statistics on server
capacity. Server capacity is specified in the server properties.
For more information on setting prime shift hours and editing server
properties, see the topics “Enabling activity logging and setting up
Activity Trends” and “Editing server properties for resource balancing,”
earlier in this chapter.

Changing the layout of the Activity Trends view
You can change the layout of the charts in the Activity Trends or
Resource Balancing view. For example, you can maximize the sections
you are working on to reduce the amount of scrolling. You can change
the layout of the chart display using the Resource Balancing or Activity
Trends menus, or the layout button:
1. From the Domino Administrator, click Server - Performance.

2. From the Resource Balancing menu, select layout, and then choose
one:
• Maximize
• Maximum Width
• Maximum Height
Monitoring
• Restore
Submitting a resource-balancing plan to the Domino Change

Manager
When you decide to implement resource balancing, you submit a plan to
the Domino Change Manager.
To submit a resource-balancing plan

2. Select the Resource Balancing view, and then select the
Recommended Plan tab.
3. Click Submit to submit the current data to the Domino Change
Manager.
4. Enter a plan name and a description of the plan.
5. The field “Submit to” displays the option selected in the Advanced
section of the Server Profile Options. Click the button at the right of
this field to open the Server Profile Options dialog box and change
this selection.

Domino Change Manager
To implement a resource-balancing plan, you use the Domino Change
Manager task, which you load on only one server, usually the
Administration server, in a domain. The Domino Change Manager uses
the Domino Change Control database (DOMCHANGE.NSF) to manage
and implement a plan.
After you submit a plan, you track the status of the plan in the Domino
Change Control database (DOMCHANGE.NSF). To access the Domino
Change Manager from the Domino Administrator, choose Server -
Analysis, then expand the Domino Change Control view and choose
“Plans - by Status.”
The Domino Change Manager and the Administration Process

The Domino Change Manager uses the Administration Process to move
databases from one server to another. Data is collected and stored in the
Activity Trends database (ACTIVITY.NSF). When you use resource
balancing to create a plan for redistributing the database load, it first
initiates a database move command. Then it generates the “Maintain
Trends Database Record” request during the standard execution of the
database move. The “Maintain Trends Database Record” request is
posted in the Administration Requests database (ADMIN4.NSF) after the
database is created on the destination server.
During the execution of the “Maintain Trends Database Record” request,
the administration requests that typically require your approval are
automatically approved because the plan has been approved. You do not
have to manually approve requests in the Administration Requests
database (ADMIN4.NSF).
For more information on the Maintain Trends Database Records
Administration Process request, see the appendix “Administration
Process Requests.”
Setting up Domino Change Manager

To set up the Domino Change Manager, you load the Change Manager
task. Then, the first time you run the task, it creates the Domino Change
Control database (DOMCHANGE.NSF). Load this task on only one
server in the domain — usually the Administration server.
To set up and run the Change Manager task

1. Open the NOTES.INI file for the server on which the Change
Manager will run.

2. Add the following to the ServerTasks setting:
runjava ChangeMan
3. Save and close the NOTES.INI file.

4. At the console, enter this case-sensitive command exactly as shown:
load runjava ChangeMan
Tip To display full help text for this task, append -? or -help to the
command.
Specifying maximum concurrent tasks for Domino Change Manager

There are three thread pools that control the number of concurrent tasks
that the Domino Change Manager can carry out. The combination of the
number of concurrent plans and demands creates a pool from which all
the demands of all the plans are run. How the size of these thread pools
affects performance depends on the size of the server. If necessary, you
can limit the amount of CPU used by the Domino Change Manager. On
very powerful machines, however, you may want to increase these
Monitoring
numbers considerably. You typically want to increase the number of
concurrent demands to change the total number of demands (across all
executing plans) that can run simultaneously. This is the key variable
that will affect performance. As a general guideline:
• Increase the number of concurrent messages when you have many
people drafting, preparing, and submitting many plans. If you have
only a few plans, this is not necessary.
• Increase the number of concurrent plans when you want many plans
to execute at the same time.
You set these options in the Configuration Settings document for the
domain. This Configuration Settings document applies the settings as the
default settings for all servers and uses the * [All Servers] as the group or
server name.
To specify the maximum concurrent tasks

the Server section, and click Configurations.
2. Select the * [All Servers] Configuration Settings document, and click
Add Configuration or Edit Configuration.

3. Click the Change Control tab, and complete these fields:
Field Action
Domain Change Choose the server that stores the Domino Change
Server Control database (DOMCHANGE.NSF).
Database file Enter the name of the Domino Change Manager. The
name default name is DOMCHANGE.NSF in server/data
directory. If the database is not in the default directory,
enter a full path name.
Max. concurrent Enter the maximum number of messages that can be
messages executed at the same time. The default is 5. The
recommended number is between 1 and 10.
Max. concurrent Enter the maximum number of plans that can be
plans executed at the same time. The default is 5. The
recommended number is between 1 and 10.
Max. concurrent Enter the maximum number of demands (for example,
demands database moves) that can be simultaneously processed.
The default is 40. This number should be equal to or
larger than the “Max. concurrent plans” number.
Using the Tell ChangeMan command at the Domino console

You can use the Tell ChangeMan command at the console to control the
Domino Change Manager. The following options are available. The
command Tell ChangeMan is not case sensitive.
Option Action
quit Stops the Change Manager and all plug-ins.
stop Stops the Change Manager and all plug-ins. Same as Quit.
exit Stops the Change Manager and all plug-ins. Same as Quit.
help Refers you to documentation.
? Refers you to documentation. Same as Help.
restart Stops and then restarts the Change Manager and all plug-in
subsystems.
start plug-in Starts the plug-in. Currently, Control, Monitor, and
RoboAdmin are the defined plug-ins.
stop plug-in Stops the plug-in. Currently, Control, Monitor, and
RoboAdmin are the defined plug-ins.
Note Alternatively, you can also use the forms plug-in stop,
plug-in quit and plug-in kill.
continued

Option Action
restart plug-in Stops and then starts the plug-in. Currently, Control,
Monitor, and RoboAdmin are the defined plug-ins.
Note Alternatively, you can also use the form plug-in
restart.
plug-in command Attempts to issue the command to the named plug-in, if it
exists and is running.
reset Resets the internal lookup caches.
For more information on using Domino server commands, see the

appendix “Server Commands.”
ACLs for the Domino Change Control database

There are four ACL roles created specifically for those who are working
with the resource-balancing plan. However, users or groups can also
Monitoring
have standard Domino ACL roles, such as Author or Reader. The roles
specific to resource balancing are: Change Admin, System Admin, Plan
Creator, and Plan Reader.
Change Admin
A Change Administrator has the authority to change the settings in any
plan or plan element, such as a constraint or variable. In addition, a
Change Administrator can alter and add some elements used to create a
plan. Specifically, a Change Administrator can edit, create, and delete
constraints and constraint sets, approval profiles, keywords, and resources.
A Change Administrator must commit a plan to be executed. All plans
(including move requests created in the Administration Process
database) execute with the authority of the Change Administrator who
committed the plan. For that reason, the Change Administrator must also
have Create Replica access on each destination server. A Change
Administrator automatically has the Plan Reader role.
System Admin
The System Admin role is distinct from the Change Admin role, which
does not automatically include the role of System Admin. Each of these
roles is independent but not mutually exclusive in terms of the access that
the role grants. As with a Change Administrator, a System Administrator
can edit, create, and delete keywords, resources, interfaces, functions,
domain configurations, and plug-Ins. Because users with the System
Admin role can make powerful and potentially catastrophic changes,
assign the role only to users or groups of users who have an in-depth
understanding the Domino Change Manager. In addition, all control

documents (Interface and Function Definitions, Domain Configurations
and Plug-ins) must be signed by either the Change Manager server or a
user who has the System Admin role. When the database is first created,
all control documents are signed by the server. This is to ensure the
security of the Change Manager system and the Domino Server.
Plan Creator
This role designates users and groups of users who can create plans.
Plan Reader
This role allows users and groups of users to read all plans. By default a
Change Administrator can read all plans and does not explicitly need
this role. Authors and Requesters of plans do not need this role to read
their own plans.
Default ACL settings for the Domino Change Control database

When the Change Control database (DOMCHANGE.NSF) is created,
these default access levels and roles are assigned.
Name Access level Role

Full Access Administrator Manager Change Admin
Administrator System Admin
(Listed in the Server document of the current Plan Creator
server.)
Default No access No roles
LocalDomainServers Manager Plan Reader
OtherDomainServers No access No roles
Anonymous No access No roles
Recommended ACL settings

Assign the roles of Change Administrator and System Administrator
only to administrators who require them. Administrators who have these
roles have the ability to alter the basic system documents of a plan. The
recommended access level is Editor for most Change Administrators and
System Administrators. However, you can assign the Author access
level, but add restrictions on editing existing system documents such as
Interface or Function definitions. The System Admin role should be
especially restricted.
Assign the Plan Creator role only to those people or groups in an
organization that can create plans. Plan Creators only create plans, they
cannot commit them.

Assign the Plan Reader role to people and groups that will be allowed to
read plans only. This role assumes that the people and groups reading
the plans are not Authors or Requesters.
Make sure that the Change Administrators and servers in the
LocalDomainServers group have Create Replica access rights.
Setting ACLs for mail database moves during resource balancing

To move databases within the domain, both the LocalDomainServers
group and the Change Administrator who committed the plan must have
Create Replica and Create Database rights.
open the Server view.
2. Open the Server document for the mail server.
3. Select the Security tab.
4. Under server access, add LocalDomainServers and any users with
Monitoring
the Change Admin role to these fields:
• Create databases & templates
• Create new replicas
Note When load balancing, you don’t have to approve the deletion of
the mail database on the source server. This is handled by the Domino
Change Manager.
Resource-balancing plans
The purpose of a resource-balancing plan is to move databases according
to the set of criteria defined in the Server Profile Options. The plan is
based on the analysis and proposal created during data exploration in
Activity Trends. When a plan is first submitted to the Domino Change
Manager, the plan has draft status. By default, the person who submits
the plan to the Domino Change Manager is the author and has the Plan
Creator role.
After the plan is submitted, it follows a prescribed course of submissions
and approvals until the final plan is activated and then completed. The
flowchart below shows the progression of a resource balancing plan from
its original draft state through its completed, archived state.

Promoting a plan from one state to another, such as from drafted to
prepared, can be made from within the plan document or from the
Change Control database (DOMCHANGE.NSF).
Draft
Legend
Prepare
Author or Administrator activated
Submitted Approver activated
System activated
Redraft Administrator or System activated
Prepared
Redraft Commit
Redraft
Reject
Committed Rejected
Approve
Cancel
Cancelled Approved
Activate Retry
Fail
Activated Failed
Hold Complete
Release
On Hold Completed
Archive Archive
Archive
Archived
(Pseudo-state)
The workflow for processing a plan submitted by Resource Balancing

follows these steps:
1. The author fully defines a plan by editing the draft plan.
2. The author or a Change Administrator “prepares” the plan, thereby
changing the plan’s status to “prepared.” The prepared state signals
that the author is satisfied with the details of the plan and wants to
have it executed.
3. A Change Administrator reviews the details of the plan and makes
any necessary changes, which are typically limited to adding or
removing approvers. At this time a Change Administrator can cancel
the plan or commit the plan to execution, subject to approval by
various groups and roles.
4. A committed plan is either approved or rejected by approvers.
Approval must be unanimous for a plan to be approved. If one of the
approvers is a group, only one member must approve the plan. If
one approver rejects a plan, it passes into the rejected state. If no
approvers are assigned, the plan automatically passes to the
approved state.

5. At any stage, a plan can be canceled. An author can cancel a plan
prior to its prepared state. A Change Administrator can cancel a plan
any time prior to completion. Canceled and rejected plans can be
redrafted. Plans can be changed only in the draft state. If change to a
plan is required, cancel or reject it, and then redraft the plan. A
redrafted plan begins again in draft status.
6. After a plan is approved (and is within the plan’s optional start and
end times for activation), it is moved to activated status. While the
plan is in the activated state, a Change Administrator can put any
part of the plan on hold.
7. The activated plan runs to completion unless an error causes the plan
to fail. If the plan fails, the Change Administrator can change the
environment or the plan, and then retry it.
Database move sequences

Database move sequences are generated by Activity Trends Resource
Balancing in the Domino Administrator. To move large groups of
Monitoring
databases that include more than 25 moves, it groups them into sets of 25
moves or more, called demand sets. A demand set can involve any
grouping of commands to be executed.
In the Domino Change Manager, these demand sets are titled “database
move sequences.” Each database move sequence has a maximum of 25
moves. The contents of each move sequence is generated automatically.
You can see these database move sets when you submit a
resource-balancing plan to the Domino Change Manager. You can
restructure the contents by cutting and pasting the demands from one
demand set into another or by creating additional demand sets and new
demands. (To cut and paste, select a demand and use the Edit menu.)
The Domino Administrator creates as many of these demand sets as
needed to accomplish a move. For example, the Acme Move Plan
includes 55 database moves, so the Domino Change Manager creates
three database move sequences — two that include 25 moves, and one
that includes 5 moves.
You can determine whether the database moves and database move
sequences are executed sequentially or concurrently or any combination
of the two. By default, all are moved concurrently. Using the Acme Move
Plan example, the Domino Change Manager attempts to perform all
three database move sequences at the same time. Within each database
move sequence, the Domino Change Manager attempts to move all
databases at the same time.

What happens if a move fails
A database move can fail for a number of reasons. For example, a
database move fails if a server is down, if the destination server does not
have create replica rights, or if the source database has been manually
moved or deleted. How the Domino Change Manager handles the failure
depends on how the moves are executed:
• Concurrently — If any demand fails, the plan continues with other
demands. When all demands are in a state of completion or failure,
the plan reports a failure to the Domino Change Control database
(DOMCHANGE.NSF). You can then retry the move, and the plan
will attempt to complete only the demands that failed during the
previous attempt.
• Sequentially — If any demand fails, the plan stops.
Choosing how database moves are executed

You can specify whether database moves are sequential or concurrent.
2. Open the Domino Change Control view, and then select the Plan - By
Status.
3. Select one and then click Edit:
• A plan
• A database move sequence
4. Under Execution Options, for the field Execution Method choose one:
• Sequential
• Concurrent
5. Click OK to save and close the document.
Viewing database moves

Anyone with access to the Domino Change Control database
(DOMCHANGE.NSF) can view database moves. Approvers can view
database moves in the plan document when they are notified to approve
the plan.
To view database moves in the Domino Change Control database

1. From the Domino Administrator, click the Server Status tab. view.
2. Open the Domino Change Control - Plans view, and then choose one
of the following views:
• By Status — if you know the status of the plan you want to view
• By Author — if you don’t know the status of the plan but you
know who the author is

3. Find the target plan and expand the plan to view the database move
sequences.
4. Expand any of the database move sequences and view the individual
moves.
To view database moves in the resource-balancing plan

1. From the e-mail notification, click the link to the plan.
2. In the plan document, select the Demand Details tab.
Preparing a plan document for resource balancing

After you submit a plan, the plan document is a draft document that may
require additional input before it is ready to be submitted to the Change
Administrator. In the plan document, you specify how the moves are
carried out, when the plan is submitted to the Administration Process,
and when you want the Administration Process to execute the plan.
When the Domino Change Manager moves databases, it creates groups
of database move sequences, called demand sets. You can choose
Monitoring
whether to move the demand sets one at a time or all at the same time.
Each plan can have an associated approval profile that lists the names of
persons or groups who must approve the plan document. If there is no
approval profile, you can list the names of approvers in the plan
document. If you assign a group as an approver, any one of the group
members can approve the plan.
For more information on creating an approval profile, see the topic
“Creating a resource balancing plan approval profile” later in this
chapter. For more information about demand sets, see the topic
“Understanding demand set moves” later in this chapter.
The Resource Balancing plan document is a dynamic document that
provides the current status of the plan and keeps a history of plan
modifications, including the author and date of each modification.
Whether you make any changes to the plan document, it must be moved
to its next state, which is the prepared state. In its draft state the plan can
be edited by its author.
To prepare a plan document

2. Open the Domino Change Control view, and then select the Plans -
by Status view.
3. Select the draft plan to move to the prepared state and then click Edit.

4. In the Basics section, complete these fields:
Field Action
Name Enter a unique name for the plan.
Categories (Optional) Select a category or enter a new
category name.
Description (Optional) Enter a description of the plan.
5. Under Execution options, choose one:

• Sequential — To execute each demand set (database move
sequence) one at a time.
• Concurrent — To move all demand sets at the same time.
6. In the field Activate Plan, do one:
• Choose “Only between specified start and stop periods” and
specify a time during which the request can be sent to the
Administration Process.
• Choose “Anytime after specified start” and specify a time after
which the request can be sent to the Administration Process.
• Choose“ Anytime before specified end” and specify a time by
which the request must be sent to the Administration Process.
• Choose “At any time (after approval)” to submit the request to the
Administration Process any time after the plan is approved.
7. Under Requesters and Authors, the plan automatically displays the
name of the person who submitted the plan. However, you can edit
either field if, for example, you submitted the plan for someone else
but you do not want to remain as the requester or the only author.
8. Click the Approval tab, and complete one or both of these fields:
Field Action
Approval profile Do one:
• Click “Choose Profile” and select the approval
profile from the list.
• Click “Clear Profile” to remove the assigned
profile.
Require approval from Enter the names of users or groups to add to the
approval list.
9. Click the Notifications tab. This tab lists, by role, those who will be
notified at each stage of the plan. Add or remove the selection of any
role as needed. Check Others, and then select from the list to add
users to the notification list.

10. (Optional) Click the Variables tab. The default variable is Execution
time, and the value is unspecified. To specify an execution time at
which the Administration Process executes the plan, you must edit
the variable.
For information on editing variables see the topic “Editing and
creating resource balancing plan variables” later in this chapter.
11. Click the Constraints tab to view and edit the constraints that will
apply to the moves executed by this plan. By default, no constraints
are assigned automatically.
• Referenced constraints — Lists the constraints that apply to this
plan. Click Edit to add or remove one of the constraints.
• Ad-hoc constraints — Click New to create a new constraint.
For information on creating constraints see the topic “Creating
constraints in the Domino Change Manager” later in this chapter.
12. When you finish changing the draft plan, click Apply.
Monitoring
13. Click Change Control to promote this plan from draft state to
prepared state, and then click OK.
Creating an approval profile for resource balancing

You use an Approval Profile document to create a set of approvers. Then
you can assign the approval profile to one or more resource-balancing
plans. You can include users and groups as members of an approval
profile. However, if you list a group as a profile member, only one group
member must approve the plan. For example, if you move a database
that is used by the marketing group, you may want one user, but not all,
to approve the plan. If you want all members of a group to approve a
plan, enter each user’s name in the approval profile.
Changes to the Approval Profile document are tracked for you and listed
in the Creation and Modifications section.
To create an approval profile

1. Make sure that you have the Change Admin role in the ACL of the
Domino Change Control database.
3. Open the Domino Change Control view, and then select the Setup -
Approval Profiles.
4. Click Create - Approval Profile.

Field Action
Name (unique) Enter a unique name for the profile.
Description (Optional) Enter a description.
Category (Optional) Select a category or enter a new category
name.
Members Select the names of users or groups to include in this
approval profile.
6. Click the Administration tab, and complete these fields:

Field Action
Owner By default, the owner is the person who creates this
document.
Administrators Enter the names of users who can edit this document.
Prevent deletion Choose one:
• No (default) — To allow a Change Administrator to
delete the plan.
• Yes — To prevent anyone except a Change
Administrator from deleting the plan.
Prevent design Choose one:
refresh • No — To allow the upgrade of all template
documents during a version upgrade.
• Yes (default) — To prevent edited template
documents from being overwritten during a version
upgrade. This will not affect any documents that the
user creates — it will only affect documents that
match those from the template’s copy.
7. Click OK.
Viewing the status of resource-balancing plans

You can view the status of resource-balancing plans in the Domino
Change Control database (DOMCHANGE.NSF).
1. From the Domino Administrator, click the Server - Status tab and
open the Plans view.
2. Choose one of the following views:
• Awaiting Approval — To view plans that have been drafted and
submitted, but have not been approved by all approvers.

• Awaiting Commitment — To view plans that have been fully
approved, but have not yet been committed for completion.
• Active Plans — To view plans that have been fully committed and
are being carried out by Change Manager.
• By Status — to view all plans grouped by status.
Setting up plan documents for resource balancing

When you create a resource-balancing plan document, you access
directly or edit information in other documents in the Domino Change
Control database (DOMCHANGE.NSF). These documents support the
plan and play a critical role in providing structure to the plan.
You use the following resource balancing plan documents to provide the
following information:
• Constraints — Specify when moves can be made.
Monitoring
• Variables — Assign a common name that has a referenced value.
• Notification messages — Create custom notification messages that
are sent whenever the plan status changes.
Working with Domino Change Manager constraints

When you create a plan, you can add constraints to specify when the
moves will be made to affected databases. By default, no constraints are
added to a plan automatically. When you edit the plan, you can assign
one or more constraints or constraint sets. You can add a constraint to
plans or to database move sequences in a plan. The Domino Change
Control database (DOMCHANGE.NSF) includes predefined constraints
and constraint sets.
The default constraints are:
• During standard change windows
• Is after hours
• Not during change freeze period
• Not on workdays
The default constraints sets are:
• Major change
• Minor change
• Trivial change

To view constraint definitions
You can view a definition of each constraint and constraint sets.
1. Make sure that you have the Change Admin role so that you can
edit, create, and delete constraints.
3. Click Domino Change Control, and then select the Setup -
Constraints view.
Creating constraints in the Domino Change Manager

Use constraints to specify time limitations for database moves.
1. You must have the Change Admin role to create a new constraint.
Constraints view.
4. Click Create - Constraint.
Field Action
Name Enter a name. This name appears in the Setup view.
Unique name Enter a unique name. This is the name of the document
you are defining.
Description Enter a description of the constraint.
6. Under Behavior, click Choose Function, and then select a function.

7. Click the Variables tab, and then click Edit to add a variable to this
constraint.
Note To edit a constraint, select a constraint and edit the fields listed in
Steps 5 through 7. When you edit a constraint, you can also edit the
arguments for assigned variables.
Creating constraint sets in the Domino Change Manager

You use constraints to specify time limitations for database moves.
1. You must have the Change Admin role to create a new constraint.
Constraints view.
4. Click Create - Constraint Set.

Field Action
Name Enter a name. This name appears in the Setup view.
Unique name Enter a unique name. This is the name of the document
you are defining.
Description Enter a description of the constraint.
6. Click the Constraints tab, and then click Edit.

7. Select the constraints you want to include in this constraint set.
Working with plan variables

A variable is a convenient way to specify context for the execution of the
demand sets and their demands. Values for variables that are defined
within parent objects (such as plans and demand sets) can be used by
lower-level objects, such as demands and constraints.
Monitoring
For example, you can define a plan variable called ExecutionTime. Then
you can specify the value (in time) that you want a plan to be executed.
You define a variable at a higher level (usually within a plan) and then
reference it within a demand. When the value of a variable changes, all
demands and plans that reference that variable automatically use the
new value.
If you have the Change Administrator role, you can add, delete, or
modify local variables that are referenced by function arguments and
other variables.
Editing and creating plan variables

The one default variable for the Domino Change Control database is
called Execution Time. This variable determines when the
Administration Process executes the plan.
To edit a variable
1. You must have the role Change Admin role.
3. Open the Domino Change Control view, and then select the Plans -
by Status view.
4. Open a plan in edit mode, and then select Variables tab.
5. Click Edit.
6. In the Edit Variables dialog box, select a variable from the list, and
then click edit.

7. Select a Type:
• Text
• Number
• Time
• Boolean
8. For the field Special, do one:
• Choose Simple value, and then enter a Text value.
• Choose Formula, and then click Keywords and Variables and copy
a text formula.
• Chose Unspecified to leave the value undefined.
To create a new variable
1. Perform Steps 1 through 5 in the procedure above.
2. In the Edit Variables dialog box, click New
3. In the Name field, enter a name for the variable.
4. Complete the Type and Special fields.
Creating plan notification messages

Resource documents define the standard messages that are sent during
the various phases of plan execution. The plan Resources are referenced
by the Interface message definitions. They correspond to each step of the
workflow, such as Approve, Prepare, or Commit. You can edit the text of
any of the plan messages to customize them.
To edit a resource document

1. Make sure that you have the Change Admin role.
3. Click Domino Change Control, and then select the Setup - Resources
view.
4. Select the Standard Plan Message resource, and then click Edit.
5. Under Content body, make changes to the message text.

Chapter 55
Transaction Logging and Recovery
This chapter explains how to set up and use database transaction logging
and how to take advantage of fault-recovery strategies.
Transaction logging
Domino supports transaction logging for servers that run Domino 5 and
later, and for databases that are in a Domino 5 or later on-disk structure.
Transaction logging captures all the changes made to a database and
Monitoring
writes them to a transaction log. The logged transactions are then written
to disk in a batch, either when resources are available or when
scheduled.
A transaction is a related series of changes made to a database on a
server. For example, opening a new document, adding text, and saving
the document is one transaction. In this case, the transaction consists of
three separate implicit API calls: NotesOpen, NoteUpdate, and
NoteClose.
A transaction log is a record of changes made to Notes databases. The
transaction log consists of log extents and the log control file
(NLOGCTRL.LFH). A log extent is one of the log files into which the
transaction logs are written. It has the form Sxxxxxxx.TXN, where x
character represents a seven-digit number that is unique to that server.
Domino fills each extent sequentially before writing data to a new one.
The records are secured using a proprietary byte-stream format. Each
server has only one transaction log that captures all the changes to
databases that are enabled for transaction logging.
Use transaction logging to:
• Schedule regular backups. Backups based on transaction logs are
faster and easier than full database backups that do not use
transaction logging.
• Recover from a media failure. If you have a media failure, you can
restore the most recent full backup from tape, then use the
transaction logs to add the data that was not written to disk.
55-1
• Recover from a system crash. When the server restarts, it runs
through the end of the transaction logs and recovers any writes that
were not made to disk at the time of the crash. Logged databases do
not require a consistency check.
• Log the database views. You can avoid most view rebuilds.
To use all the features of transaction logging for backups and backup
recovery, you need a third-party backup utility that uses the backup and
recovery methods of the Domino C API Toolkit (Release 5 or later). For
example, in the case of a media recovery, a database backup is taken with
the third-party utility, while logging keeps track of updates to the database.
When the database is then lost, the backup is brought up to current state by
going through the transaction log and applying any updates which have
happened to that databases since the database backup was taken.
Note that restart recovery does not require a third-party utility. In this
case, logging goes on while updates are happening. When the server
crashes then restarts, any updates which would have otherwise been lost
are written to the database. This significantly reduces lost data and
database corruption because of server crashes, and reduces overall
restart time since the consistency check of databases is not required.
Understanding the database instance ID (DBIID)

When you enable transaction logging, Domino assigns a unique database
instance ID (DBIID) to each Domino database. When Domino records a
transaction in the log, it includes this DBIID. During recovery, Domino
uses the DBIID to match transactions to databases.
Some database maintenance activities, such as using the Compact
command with options, cause Domino to reconstruct the database in
such a way that old transaction log records are no longer valid. When
this happens, a new DBIID is assigned to the database. From that point
on, all new transactions recorded in the log for that database use the new
DBIID. After a database is assigned a new DBIID, take a new full backup
of the database. The new full backup captures the database in its current
state with the new DBIID. Then, if you have to restore the database,
Domino needs only the new transactions that contain the new DBIID.
Domino assigns a new DBIID when:
• You enable transaction logging for the first time.
• You run the Compact task with an option — for example, the option
to reduce file size.
• You run the Fixup task on corrupted databases.
• You move a Domino database to a logged server.

How transaction logging works
Following is a general example of transaction logging from both the
administrator’s and the employees’ points of view.
The administrator enables transaction logging for all the databases on the
servers. The administrator chooses the Archived logging style so that
there is plenty of room for the transaction logs; uses a separate, mirrored
device for safe and speedy storage of the transaction logs; and installs a
backup utility to recover from media failures and any resulting
corrupted databases.
The administrator backs up the transaction logs daily. This procedure
doesn’t take long because the administrator is backing up only the
changes, rather than doing a full backup of all the databases on the server.
When the server crashes, it’s down, but not for long. As the administrator
restarts the server, it replays all the changes from the transaction logs to
the databases. The server is soon back in business.
Monitoring
A few days later, there’s a media failure. The administrator restores the
corrupted databases from the most recent weekly backup and replays the
changes.
The employees who use the databases do not notice any difference in
how they do their work. They might notice, however, that servers are up
and running more often and that there is less down time.
How changes are made to the database

Transaction logging posts all the database transactions to the log file,
without waiting for the transaction to commit to disk. After being posted
to the log file, the change is considered successful. The physical write
process can wait until the server is less busy or occur at periodic
intervals. The changes are written to disk in a batch.
What happens between the time when the transaction is posted to the log
file and when the database is updated on the disk? Databases are cached
in memory while they are open. The writes to the database happen to the
in-memory copy of the database. They are then immediately sent to the
transaction logs. Later, the memory-cached version of the database is
posted to disk, updating the databases. Since the transaction log is
sequential, there is no seek time, and only enough information is written
to the logs to redo (or undo if necessary) the operation. In many cases,
this is less information than the database write to disk.
If the database is not yet completely written to disk and you open it, you
are opening the memory-cached version. If the server crashes before the
version on disk has been updated with the changes, restarting the server
applies the logs to the database during restart.
Transaction Logging and Recovery 55-3

Planning for transaction logging
Transaction logging captures all the changes that are made to databases
and writes them to a transaction log. The logged transactions are written
to disk in a batch when resources are available or at specified intervals.
Use this checklist for your transaction logging planning.
• Allocate space for the log files. Use a dedicated, mirrored device,
such as RAID level 1 with a dedicated controller for optimal
performance and data integrity.
• Plan a backup strategy. Plan to archive the transaction logs daily
using incremental backups. Schedule weekly full database backups.
You will then be prepared if you have a media failure.
• Decide which servers and databases will use transaction logging.
Transaction logging is available for servers running Domino 5 and
later. Consider enabling transaction logging for all databases on the
server.
• Select a Domino-compatible backup utility. The utility must be able
to use the backup and recovery methods of the Domino C API
Toolkit (Release 5 or later).
• Choose the logging style that fits your needs. Logging styles include
archived, circular, and linear.
• Set up a Domino server for transaction logging.
Comparing transaction logging styles

There are three logging styles to choose from — circular, linear, and
archived. The logging style you choose is also dependent on your disk
size and backup strategy.
With circular logging, Domino reuses a fixed amount of disk space (up to
4GB) for transaction logs. After the disk space is used up, Domino starts
overwriting old transactions, starting with the oldest. When the space
fills up, perform a backup on the databases. You may need to do daily
backups to capture database changes before they are overwritten,
depending on the server activity level. Use circular logging if the size of
the log needed between full database backup intervals is less than 4GB.
Linear logging is like circular logging, except it allows more than 4GB.
Use linear logging if the size of the log needed between full database
backup intervals is greater than 4GB, and you are not using archive
media.

Archived logging creates log files as needed. It simplifies backup and
restoration, and provides online and partial backups. The log files are not
overwritten until you archive them. With archived logging, you must
have a backup utility to back up the filled log extents so that they are
ready if needed. If you do not have a backup utility, the server continues
to create log extents, fills up the disk space, and then panics.
Setting up a Domino server for transaction logging

You can enable and set up transaction logging on any server.
1. Make sure that all the databases you want to log are in the Domino
data directory, either at the root, or in a subdirectory.
the Server section, and click “All Server Documents.”
3. Select the Server Document for the Domino server you want to edit
Monitoring
and then click Edit Server.
4. Click the Transactional Logging tab, complete these fields, and then
save the document:
Field Action
Transactional Choose one:
Logging* • Enabled — To start transaction logging
• Disabled (default) — To not use transaction
logging
Log path* Enter the path name location of the transaction log.
For best results, use a separate mirrored device, such
as a RAID (Redundant Array of Independent Disks)
level 0 or 1 device with a dedicated controller. This
provides better performance and data integrity than
using the default path (\LOGDIR) in the Domino
data directory.
Note If the device is used solely for storing the
transaction log, set the “Use all available space on
log device” field to Yes.
Use all available For circular and linear logging only. Choose one:
space on log device • Yes — To use all available space on the device for
the transaction log. Choose Yes if you use a
separate device dedicated to storing the log.
• No — To use the default or specified value in the
“Maximum log space” field.
continued

Field Action
Maximum log space For circular and linear logging only. The maximum
size, in MB, for the transaction log. Default is 192MB.
Maximum is 4096MB (4GB).
Allocate a separate disk with at least 1024MB (1GB)
of disk space for the transaction log.
Domino formats at least 3 and up to 64 log files,
depending on the maximum log space you allocate.
Automatic fixup of Choose one:
corrupt databases • Enabled (default) — To run the Fixup task auto-
matically if a database is corrupted and Domino
cannot use the transaction log to recover it. Domino
assigns a new DBIID and notifies the administrator
that a new database backup is required.
• Disabled — To not run the Fixup task
automatically. Domino notifies the administrator
to run the Fixup task with the -J parameter on
corrupted logged databases.
Runtime/Restart This field controls how often Domino records a
performance recovery checkpoint in the transaction log. This
affects server performance as databases may be
flushed from the cache to disk.
To record a recovery checkpoint, Domino evaluates
each active logged database to determine how many
transactions would be necessary to recover each
database after a system failure. When Domino
completes this evaluation, it:
• Creates a recovery checkpoint record in the
transaction log that lists each open database and
the starting point transaction needed for recovery
• Forces database changes to be saved to disk if
they have not been saved already
Choose one:
• Standard (default and recommended) — To
record checkpoints regularly.
• Favor runtime — To record fewer checkpoints.
This option requires fewer system resources and
improves server run-time performance but causes
more of the log to be applied during restart.
• Favor restart recovery time — To record more
checkpoints. This option improves restart
recovery time because fewer transactions are
required for recovery.
continued

Field Action
Logging style** Choose one:
• Circular (default) — To re-use the log files and
overwrite old transactions.
• Archived (recommended) — To re-use the log files
after they are archived. A log file can be reused
when it is inactive, which means that it does not
contain any transactions necessary for a restart
recovery. Use a third-party backup utility to copy
and archive the existing log. When Domino using
the existing file again to Start, Domino increments
the log file name. If all the log files become inactive
and are not archived, Domino creates additional
log files.
• Linear — To re-use the log files and overwrite old
transactions for log size greater than 4GB.
* If you change this field, you must restart the server so that the change
Monitoring
takes effect.
** If you change this field, Domino assigns a new DBIID to each database.
You must restart the server and perform another full backup.
Changing transaction logging settings

You can change the transaction logging settings.
1. Perform a full backup of all databases.
2. Open the Domino Administrator, click the Configuration tab, and
3. Click Edit Server.
4. Click the Transactional Logging tab and change the fields you want,
taking into consideration the issues in the following table:
For more information on the fields, see the topic “Setting up a
Domino server for transaction logging” earlier in this chapter.
Field Issue
Transactional Consider carefully before you disable transaction
Logging logging. If you do not use transaction logging, you
should back up your databases daily. You will also
need Fixup to recover from media failure. When you
restart the server, Domino runs restart recovery a
final time to ensure that all databases are consistent.
Then it disables transaction logging.
continued

Field Issue
Log path If you edit the log path, save this document, then
you must stop the server and use the operating
system to move the existing log files to the new path.
Use all available If you change only this field, you do not need to
space on log device restart the server. As Domino logs the transactions,
the changes take effect.
Logging style If you change the logging style, you must perform a
full backup of all databases because Domino assigns
new DBIIDs to all the databases.

6. Restart the server so that the settings take effect.
Disabling transaction logging for a specific database

After you set up transaction logging on a server, Domino logs all databases
on that server. You can disable transaction logging of specific databases,
but this practice is not recommended because if unlogged databases are
corrupted during a system or media failure, you must run the Fixup task
to recover the database.
To disable transaction logging for a specific database

1. Do one of the following to choose “Disable transaction logging”:
• If you are creating a new database, use the Advanced Database
Options dialog box.
• If you are working in an existing database, use the Advanced tab
of the Database Properties box.
• In the Domino Administrator, select a database on the Files tab,
choose Tools - Database - Advanced Properties.
2. Be sure that all users have closed the database.
3. Use the Dbcache command with the flush parameter to close the
database in the database cache.
4. Open the database.
To reenable transaction logging for a specific database

Follow the steps above, but de-select “Disable transaction logging.”

View logging
View logging provides a way to maintain consistent views in failure
conditions and allows media recovery to update those views. View
logging is transaction logging support for Notes views and folders. All
updates to Notes views or folders are recorded in the transaction log for
recovery purposes.
To enable view logging, you use Domino Designer. In Designer, open a
view or folder, select the Advanced tab, and check “Logging - Include
updates in transaction log.”
Note If you enable view logging in a template, all databases created
from that template and all databases whose designs are replaced from
that template have those views logged.
Using transaction logging for recovery
Monitoring
Transaction logging is an integral part of recovering from system and
media failures. Using transaction logging provides insurance against
system failure, but creating regular backups is essential so that you can
recover data after a failure.
System failure recovery

A system failure causes the server to stop and requires you to restart the
server. During restart, Domino automatically performs database recovery.
The system uses the transaction logs to apply full transactions and undo
partial transactions that were not written to disk for databases that were
open during the system failure. Domino runs the Fixup task for:
• Databases in formats that are earlier than Domino 5
• Databases that are in Domino 5 format but have transaction logging
disabled
• Corrupted databases, if you choose Yes for “Auto fixup of corrupt
databases” in the Server document.
When you restart a server after a system failure, Domino automatically
restores the affected databases.

Media failure recovery
A media failure causes databases to be damaged or lost. To recover, you
use the third-party backup utility to restore database backups and
transactions from the transaction log files. The backup utility you choose
must use the backup and recovery methods of the Domino C API Toolkit
(Release 5 or later).
For information on recovering after a media failure, see the
documentation included with your backup utility.
Fault recovery
You can set up fault recovery to automatically handle server crashes.
When the server crashes, it shuts itself down and then restarts
automatically, without any administrator intervention. A fatal error such
as an operating system exception or an internal panic terminates each
Domino process and releases all associated resources. The startup script
detects the situation and restarts the server. If you are using multiple
server partitions and a failure occurs in a single partition, only that
partition is terminated and restarted.
Domino records crash information in the data directory. When the server
restarts, Domino checks to see if it is restarting after a crash. If it is, an
e-mail is sent automatically to the person or group in the “Mail Crash
Notification to” field. The e-mail contains the time of the crash, the server
name, and, if available, the FAULT_RECOVERY.ATT file, which
includes additional failure information from an optional cleanup script,
will be attached.
The fault-recovery system is initialized before the Domino Directory can
be read. During this initialization, fault-recovery settings are read from
the NOTES.INI file, and then later read from the Domino Directory and
saved back to the NOTES.INI file. Any changes to the Domino Directory
or the NOTES.INI file become effective when the Domino server is
restarted. To disable the reading of the Domino Directory, and
subsequent update to the NOTES.INI file, use the NOTES.INI setting
FaultRecoveryFromIni=1.
Operating systems and fault recovery

Because fault recovery runs after an exception has occurred, it cannot
rely on Domino’s internal facilities. Instead, fault recovery makes heavy
use of operating system features.
UNIX systems primarily use message queues. Therefore, it is important
to configure the operating system so that sufficient message queue

resources are available. If you are using multiple Domino server
partitions, each partition requires a complete set of resources. Consult
your operating system documentation for additional details on
configuring message queue parameters.
Windows NT and Windows 2000 systems do not require any system
resource changes.
Specifying a cleanup script for fault recovery

You can create an optional script that runs before any other cleanup takes
place. Use the file FAULT_RECOVERY.ATT to collect the information
from the script.
2. Open the Server document, click Edit document, and click the Basics
tab.
Monitoring
Field Action
Cleanup Script Enter the entire script name, including any extensions.
Name Note Directory separators (slashes) in the file name
portion are converted for the operating system, but
slashes in optional arguments are not converted.
Cleanup Script Enter the number of seconds for the cleanup script to
Maximum run. Default is 300 seconds (5 minutes). Maximum is
Execution Time 1800 seconds.
Maximum Crash Enter the number of restarts allowed during a specified
Limits time limit — for example, 3 crashes within 5 minutes. If
the number of crashes exceeds the time limit, the server
exits without restarting.
Mail Crash Enter a user or group name. When the server restarts,
Notification to Domino checks if it is restarting after a crash and sends
e-mail to the person or group.
Enabling fault recovery

2. Open the Server document, click Edit document, and click the Basics
tab.
3. Check “Fault Recovery Enabled.”

Chapter 56
Using Log Files
This chapter describes how to use the Domino server log (LOG.NSF) and
the Domino Web server log (DOMLOG.NSF) to collect information about
the Domino system.
The Domino server log (LOG.NSF)

Every Domino server has a log file (LOG.NSF) that reports all server
activity and provides detailed information about databases and users on
the server. The log file is created automatically when you start a server
Monitoring
for the first time. You can do the following:
• Control the size of the log file
• Record additional information in the log file
• View the log file
• Search the log file
Controlling the size of the log file (LOG.NSF)

By default, the log file (LOG.NSF) records information about the Domino
system. Because the log file can become quite large, it is important to
manage its size. You can control the size of the log file automatically,
using NOTES.INI settings, user preferences, and other settings. For
example, the Log setting in the NOTES.INI file determines how long
documents are maintained before being deleted from the log file. By
default, documents are deleted after 7 days.
If you are troubleshooting a system problem, you may want to record
additional information in the log file. The log file becomes large quickly
when you set a higher logging level for purposes of analyzing a system
problem. For example, if you are troubleshooting a mail routing problem,
you can set the logging level to verbose. When you do, the log file will
contain a large amount of information regarding that activity. If you set a
high logging level during troubleshooting, remember to reset the logging
level after you solve the problem.
56-1
“NOTES.INI File.” For more information on setting additional logging
levels, see the topic “Recording additional information in the log file,”
NOTES.INI settings for log files

The following table contains the NOTES.INI settings that determine what
is reported in the log file and set size limitations.
For more information on these settings, see the appendix “NOTES.INI
File.”
Setting Description
Log Specifies the contents of the log file and controls
other logging actions.
Log_AgentManager Specifies whether or not the start of agent execution
is recorded in the log file and shown on the server
console.
Log_Console Enforces logging of server console command
output, which can otherwise be prevented if the
command is prefixed with an exclamation point (!).
Log_DirCat Logs information about the Directory Catalog task
to the Miscellaneous Events view of the log file
(LOG.NSF).
Log_Replication Specifies the level of logging of replication events
performed by the current server.
Log_Sessions Specifies whether individual sessions are recorded
in the log file and displayed on the console.
Log_Tasks Specifies whether the current status of server tasks
is recorded in the log file and displayed on the
console.
Log_Update Specifies the level of detail of Indexer events
displayed at the server console and in the log file.
Log_View_Events Specifies whether messages generated when views
are rebuilt are recorded in the log file.
Mail_Log_To_MiscEvents Determines whether all mail event messages are
displayed in the Miscellaneous Events view of the
log file.

Recording additional information in the log file
In addition to controlling the size of the log file using NOTES.INI
settings, you can use the following settings, fields, and commands to
specify additional information and establish logging levels for the log
file.
To record information about Setting, field, or command

Mail routing “Logging level” field on the Router/SMTP -
Advanced - Controls tab of the Configuration
Settings document.
Modem I/O File - Preferences - User Preferences - Ports -
COMx - Trace
Modem script I/0 File - Tools - Preferences - Notes Preferences -
Ports - COMx - Trace - Options
Traced network Set a com port option in the Port Setup dialog box.
connections
Monitoring
Web Navigator The “Retriever log level” field on the Server Tasks
- Web Retriever tab of the Server document.
Web server Additional information regarding the Web server
is logged in the Domino Web server log
(DOMLOG.NSF).
For more information on the Domino Web server log, see the topic
“Viewing the Domino Web server log (DOMLOG.NSF)” later in this
chapter.
Viewing the log file (LOG.NSF)

You can also use the Web Administrator to open the log (LOG.NSF).
2. Select the server that stores the log file you want to view.
3. Click Notes Log.
4. Click the desired view.
5. Open the desired document.
Tip You can also view the search results from the Server - Analysis tab
using the tool Analyze - View Log Document. This tool gives you more
details about the messages in the current log document and allows you to
sort the messages in several different ways. Doing this makes it easier
find the information you are looking for and to see patterns of server
activity.
Using Log Files 56-3

Views in the log file (LOG.NSF)
View Contains information about
Database - Sizes • Size and activity of all databases on the server
• Percentage of each database’s disk space that is in use
• Total disk space of each database
• Weekly usage of the database
• Populated by the nightly Statistics Log task
Database - • Sessions (including K transferred)
Usage • Documents read and written
• Replications
• Sorted by database
• Populated by the nightly Statistics Log task
Mail Routing • Mail routing details not available in the Miscellaneous
Events Events view
Miscellaneous • Events that do not appear in other views
Events • Modem I/O messages
• Script I/O messages
• Server task messages
• Sorted by date
Object Store • Object store file name
Usage • Mail database file name
• Mail database title
• Number of documents referenced in the object store
• Total size of the documents in the object store
• Details on the shared mail object store usage on your
server
Passthru • Starting and Ending times, destination, and protocol for
Connections each passthru connection
Phone Calls - • Information about calls made and received by a server,
By Date sorted by date or by user
Phone Calls -
By User
Replication • All replication sessions between servers, sorted by server
Events • Information includes the name of the initiating server,
time and duration of replication, port used, and the
number of documents added, deleted, or modified
Sample Billing • Uncategorized billing information provided in the Usage
by Date and Usage by User views, sorted by user and
including totals for each column and session
continued

View Contains information about
Usage by Date • Sessions this server had with users or other servers, sorted
Usage by User by date or by user
• Information includes: sessions opened; session duration;
databases opened; database-access duration; number of
transactions (workstation-to-server database requests);
and network usage (K transferred)
• Transactions for operations, such as opening a document,
updating a document, reading a section of a view, and
going to a specific section of a view
• Includes totals by date, by user/server, and for all usage
Search Results • Results of log analysis
• Information includes starting time and name of server
Searching the log file (LOG.NSF)

The log file (LOG.NSF) contains a wealth of information for the Domino
Monitoring
Administrator. However, if you are troubleshooting a problem, searching
through all of the information can be time consuming. Using the Log
Analysis tool, you can search the log file for specific events, event
severities, or for specific words, and you can specify the dates you want
to search. For example, if you are troubleshooting a mail routing
problem, you can search for routing events with an event severity of
warning or failure, that occurred during the time you were experiencing
difficulties.
Some advanced queries can be made on Domino 6 servers only, and then
only if the Event task is running on them.
When you perform a log analysis, the search results display
automatically and are also saved in the Search Results view of the log file
(LOG.NSF). They include the following types of information:
• Status of the event, displayed as an icon
• Type of event
• Severity of the event
• Time the event occurred
• A description of the event
To search the log file
2. Click Analyze, and then click Log.
3. In the Log Analysis dialog box, create a search query by specifying
the search criteria.

Note You can select more than one when specifying search criteria.
For example, you can select more than one event type, then you must
select one of these options:
• The results must match one of the criteria — select this option if
the results must match the selected criteria, such as event type, or
event severity.
• The results can match one of the criteria — select this option if
results that do not match the selected criteria can be included in
the log search as well.
Search criteria Complete the following
Date Start and End Date — Select the dates you want to search.
Start and End Time — Select the times you want to
search.
Select one:
• Use above time range in any time zone — Use this
setting when you do not need to vary the search start
and end parameters.
• Convert time range to server’s time zone — Use this
setting if you are searching the log file for a server in
a different time zone.
• Any time — Use this setting if you do not want to
limit the log search by date or time.
Event Type Select the type of event for which you want to search.
Event Severity Select the type of severity for which you want to search.
Add-in Name Select the add-in name for which you want to search.
Add Add-in Name — Enter the name of an add-in task
if you do not find it on the list.
Error Code Click in the column to the left of a message to select the
error message for which you want to search.
Event Text Do any of the following to refine your text.
• Look for — Choose one of these:
any of the words
all the words
exact phrase
• Enter — Enter the words or phrases for which you
want to search.
• Must Contain the Words — Enter the words that the
log search must contain to be successful.
• Must Not Contain the Words — Enter the words or
phrases that would make a search result invalid.
continued

Search criteria Complete the following
Queries Select Existing Query — Choose any predefined query.
Save query on exit — Select this option if you want to
save your query criteria.
Save Query As — Enter a name for your query.
Query Formula — Displays the new or selected query
for your verification.
4. When you click OK, the Log Analysis Results are displayed and a
copy of the results is stored in the Search Results view of the log file.
Tip Search strings can be any length containing any type of character
and the search is not case sensitive.
To view a search result

1. Open the log file (LOG.NSF).
2. Select the Search Results view.
3. Results are listed by starting time and server name. Select the results
Monitoring
you want to view.
4. Use File - Open or double-click to open the search results document.
Tip You can also view the search results from the Server - Analysis tab
using the tool Analyze - View Search Results, which gives you additional
sorting abilities when viewing the results.
Analyzing Domino 6 log files using a Domino 5 server

If you have a mixed environment in which you are using a Domino 6
Administration client and a server that is Domino 5 or earlier, the log
analysis is based on the Domino 5 Log Analysis functionality, and the
results are saved in the Results database (RESULTS.NSF).
The Results database is based on the LOGA4.NTF template. It shows the
date and time of events, their source (event or console message), and the
text of messages. The view doesn’t display times for server console
messages.
If you are using a Lotus Domino Administrator 6 client to analyze a
Domino 6 server log file, you can still create a Results database and save
the results to this database. To do so, open the document from the Search
Results view in LOG.NSF, then use the File - Save As menu to save it to
the desired location.
For more information about the Results database, see the Domino 5
documentation.

Logging Domino Web server requests
You can log Domino Web server requests to a database or to text files.
• Text files — Text files are smaller and can be used with third-party
analysis tools.
• Domino Web Server Log (DOMLOG.NSF) — Logging to a database
allows you to create views and view data in different ways.
However, the size of the database can become large so that
maintenance becomes an issue.
Note You can log to both text files and a database. These options are not
mutually exclusive.
The Domino Web server log (DOMLOG.NSF)

You can log your server activity and Web server requests to the Domino
Web server log (DOMLOG.NSF) database. This option may be preferable
if you want to create views and view data in different ways. Logging to a
database is somewhat slower than logging to text files, especially at very
busy sites, and the size of the database can become large so that
maintenance becomes an issue. However, if you use the Domino Web
server log, you can treat this information as you would other Notes
databases, and you can use built-in features to analyze the results.
The Domino Web server log (DOMLOG.NSF) logs all Domino Web
server activity and tracks this information about each HTTP request:
• Date and time the request was made
• User’s IP address (or the DNS address if DNS lookup is enabled in
the Server document)
• User’s name (if the user supplied a name and password to access the
server)
• Status code the server returns to the browser to indicate its success or
failure in generating the request
• Length of the information, in bytes, sent from the server to the
browser
• Type of data accessed by the user — for example, text/html or
image/gif
• HTTP request sent to the server from the browser

• Type of browser used to access the server
• Internal and Common Gateway Interface (CGI) program errors
• URL the user visited to gain access to a page on this site
• Server’s IP address or DNS name
• Amount of time, in milliseconds, to process the request
• Cookies sent from the browser
• Translated URL (the full path of the actual server resource, if
available)
Setting up the Domino Web server log (DOMLOG.NSF)

To set up the Domino Web server log, you must enable logging (by
default, logging is disabled). You can restrict the information logged to
the Domino Web server log to analyze log file results. Some information
may increase the size of the log file without providing meaningful
information — requests for graphics or icons, for example, so you may
Monitoring
want to exclude that type of information from the log. Domino creates
the Web server log database when the HTTP task starts after you enable
logging to DOMLOG.NSF.
To enable logging to the Domino Web server log
2. Open the Server document for the Web server.
3. Click the Internet Protocols - HTTP tab.
4. Under “Enable Logging To,” choose Enabled in the DOMLOG.NSF
field.
5. (Optional) Under “Exclude From Logging,” complete these fields to
exclude certain types of information from the log file:
Field Enter
URLs URL paths to exclude — for example, *.gif or /anydir/*
Methods HTTP methods — for example POST or DELETE
MIME types MIME types to exclude — for example, image (for all
images) or image/gif (for .gif images)
User agents Strings that are part of user agent (browser) strings to
exclude requests from a particular user agent.
• To exclude Microsoft Internet Explorer, enter MSIE*
• To exclude Netscape:
For version 4.7, enter Mozilla/4.7
continued

Field Enter
Return codes HTTP response status codes to exclude — for example,
300 or 400
Hosts and Browser client DNS names or IP addresses to exclude —
domains for example, 130.333.* or *.edu
Note To enter DNS names in this field, you must first
enable the DNS Lookup setting in the HTTP Server
section of the Server document. Otherwise, you can
enter only IP addresses in this field. Enabling this setting
will impact performance.
6. Save the document and then restart the HTTP task so that the
changes take effect.
Viewing the Domino Web server log (DOMLOG.NSF)

2. Open the Domino Web server database (DOMLOG.NSF).
3. Click Requests to display request documents, and then click a
request document to display its content.
Domino Web server logging to text files

When setting up Domino Web server logging to text files, you must
determine the Access file format. The content of the Access log varies
depending on which log file format you choose:
• Extended Common
• Common
The most commonly used Access log format is Extended Common,
which logs all Web server information into a single text file.
Optionally, you can choose Common for the Access log file format;
however, the Common format is an older log file format and is available
primarily for legacy information. If you choose the Common format for
your Access file, it contains a subset of the server request information,
with the requesting agent and referer information stored in separate
Agent and Referer log files. It is difficult to match the entries in these
different log files because a referer is not always sent with every request,
so the number of referer entries may not match the number of requests.

When you log to a text file, the following information is recorded:
Text file Records
Access Depending on the file format you choose, the Access log file records
the following Web server request information in the order shown:
Common
1. Client DNS name or IP address if DNS name is not available
2. Host header from request, or server IP address if Host header is
not available
3. Remote user if available
4. Request time stamp
5. Http request line
6. Http response status code
Extended Common
1. Client DNS name or IP address if DNS name is not available
2. Host header from request, or server IP address if Host header is
not available
Monitoring
3. Remote user if available
4. Request time stamp
5. Http request line
6. Http response status code
7. Request content length if available, otherwise shows “-”
8. Referring URL if available, otherwise shows “-”
9. User agent if available, otherwise shows “-”
10. Amount of time, in milliseconds, to process the request
11. Value of the cookie header
12. Translated URL, (the full path of the actual server resource, if
available)
Agent User agent if available, otherwise shows “-”
Referer URL the user visited to gain access to a page on this site

CGI Error file
Standard errors (stderr) from CGI programs are captured in the CGI
Error file, regardless of which text file format you set up.
Setting up Domino Web server logging to text files

To set up logging the Domino Web server to text files, you must enable
logging (by default, logging is disabled). By default, Domino stores log
files in the data directory. While the Web server is running, it creates new
log files depending on the log file duration settings. If the Web server is
not running, it creates log files as needed when the Web server is started.
Some information may increase the size of the log file without providing
meaningful information — requests for graphics or icons, for example, so
you may want to exclude that type of information from the log.
To enable logging to text files
2. Open the Server document for the Web server.
3. Click the Internet Protocols - HTTP tab.
4. Under “Enable Logging To,” choose Enabled the Log Files field.
5. Under “Log File Settings,” complete these fields:
Field Enter
Access log Choose one:
format • Common — To log information in three separate log
files
• Extended Common — To log information in one file
Note Although you have the option of logging to three
separate files, most third-party log-analysis tools require
a single text file.
Time format Choose one to record the time of requests:
• LocalTime (default) — To use the time zone currently
set on the server
• GMT— To use Greenwich Mean Time
continued

Field Enter
Log file duration Choose one to determine how often a new log file is
created:
Note The prefixes used in the file names are chosen in
the Log File Names section of the Server document.
• Daily (default) — To create a new log file each day,
starting at midnight. Daily log files use the file
naming convention:
file name prefixDDMMYYYY.log
Example: The access log file for May 29, 2001 is
access-log29051998.log
• Weekly — To create a new log file each week, starting
on Sunday at midnight. Weekly log files use the file
naming convention:
file name prefix__WWYYYY.log
Example: The access log for the week of May 24, 2001
is access-log__212001.log.
Monitoring
• Monthly — To create a new log file each month,
starting at midnight on the first day of the month.
Monthly log files use the file naming convention:
file name prefix—MMYYYY.log
Example: The access log file for May 2001 is
access-log—052001.log.
• Never — To create log files of unlimited duration.
The file naming convention is:
file name prefix.log
Example: The CGI error log file is cgi-error-log.log.
Maximum log The maximum length allowed for an individual entry in
entry length the access log file. If the entry exceeds this length it is
not written to the file. The default is 10 kilobytes.
Maximum size of The maximum size allowed for the access log file. If this
access log limit is reached no more entries are written to the file. A
value of zero (the default) indicates that the size is
unlimited.
6. Under “Log File Names,” complete these fields:

Field Enter
Directory for log The directory to store the log files; if this field is blank,
files Domino stores the log files in the data directory
Access log The prefix to use when creating the Access log file. The
default is access. Do not enter a file extension.
continued

Field Enter
Agent log The prefix to use when creating the Agent log file. The
default is agent.
Note If you chose the Extended Common format, you
will not have an agent log; this information will be
included in the access log.
Referer log The prefix to use when creating the Referer log file. The
default is referer.
Note If you chose the Extended Common format, you
will not have a referer log; this information will be
included in the access log.
CGI error log The prefix to use for the CGI error log. The default is
cgi-error.
Note The cgi-error log is created only if the CGI script
logs information to stderr. The format of cgi-error log
information is CGI script dependent. The Access log
format does not affect the cgi-error log in any way.
7. (Optional) Under “Exclude From Logging,” complete these fields to

exclude certain types of information from the log file:
Field Action
URLs Enter URL paths to exclude — for example, *.gif or
/anydir/*
Methods Enter HTTP methods — for example, POST or DELETE
MIME types Enter MIME types to exclude — for example, image (for
all images) or image/gif (for .gif images)
User agents Enter strings that are part of user agent (browser)
strings to exclude requests from a particular user agent.
• To exclude Microsoft Internet Explorer, enter MSIE*
• To exclude Netscape:
Return codes Enter HTTP response status codes to exclude — for
example, 300 or 400
Hosts and Enter browser client DNS names or IP addresses to
domains exclude — for example, 130.333.* or *.edu
Note To enter DNS names, you must first enable the
DNS Lookup setting in the HTTP Server section of the
Server document. Otherwise, you can enter only IP
addresses. Enabling this setting impacts performance.

Chapter 57
Setting Up Activity Logging
This chapter describes how to set up and use the Lotus Domino 6 activity
logging feature.
Activity logging
You use activity logging to collect information about the activity in your
enterprise. You can use this information to charge users for the amount
they use your system, monitor usage, conduct resource planning, and
determine if clustering would improve the efficiency of your system.
Monitoring
Domino writes the activity logging information in the Domino log file
(LOG.NSF). To create activity logging reports, you write a Notes API
program to access the information in the log file. You can also view the
activity logging information by using Activity Analysis.
In a hosted environment, enable activity logging on all of your ASP
servers, that is, the servers used to house and maintain your hosted
organizations.
The information in the log file

Domino logs activity in the log file (LOG.NSF). The information is not
visible in the log file, but you can access the information in the file by
writing an API program. For information about writing an API program
to access this information, see the Lotus C API Toolkit for Notes/Domino
6. The toolkit is available for download at http://www.lotus.com/ldd.
Note Activity logging records in the log file are hidden. The records you
can see in the log file do not contain as much detail as activity logging
records and are not updated as often as activity logging records. You can
view activity logging information by running Activity Analysis.
57-1
You use the Domino Administrator to specify which types of activity to
log. This table describes the types of activity you can log.
Activity type What this logs

Agent When a Domino server runs scheduled agents, as well as the
running time of the agents
HTTP Web server requests
IMAP Activity generated during an IMAP session
LDAP Activity generated by all LDAP activity. Each type of LDAP
activity generates a separate record. The types of LDAP activity
include abandon, add, bind, compare, delete, extended, modify,
modify distinguished name, search, and unbind.
Mail Activity generated by mail and mail-related messages being
routed to and from the server. The messages can come from a
Domino server or an SMTP server.
Notes When Notes clients and Domino servers open, use, and close
Database Notes databases and the duration of use.
Notes When users or servers connect through a Domino passthru
Passthru connection, as well as the activity that is generated through that
connection
Notes When Notes clients and Domino servers acting as clients start and
Session end sessions with a Domino server
POP3 Activity generated during a POP3 session
Replica Activity generated by replication with another server or with a
client
SMTP Activity generated during an SMTP session
Activity logging records

The records in the log file keep track of all activity generated. Domino
creates different types of records for each type of activity. For some types
of activity, Domino creates multiple records during a session; for other
types of activity, Domino creates a single record.
Checkpoint records
For types of activity that could require long sessions to complete,
Domino generates an Open or Authorization record when a session
begins. This record indicates that a session is open and shows the time at
which the session began. During the session, Domino generates
Checkpoint records, which log all activity that has occurred so far during
the session. Checkpoint records ensure that activity is logged even if a
server stops functioning before a session ends. When a session ends,
Domino generates a Close record, which consolidates all the activity for
the entire session.

Domino creates Checkpoint records for the following types of activity:
IMAP, Notes session, Notes database, Notes passthru, POP3, and SMTP.
The Checkpoint records are cumulative; each one contains all of the
activity that was logged to that point during the open session.
By default, Domino creates a Checkpoint record the first time there is
activity after a 15 minute waiting period, and every 15 minutes when
there is activity thereafter. This waiting period is called the checkpoint
interval. Domino generates a Checkpoint record the first time activity
occurs after the checkpoint interval has completed. For example, if
several transactions occur during the first 10 minutes of the checkpoint
interval but no more activity occurs until minute 21, Domino generates
the Checkpoint record in minute 21. For each type of activity for which
there is an open session, Domino creates only one Checkpoint record per
period, no matter how much activity occurs. To change the duration of
the checkpoint interval, you can change the “Checkpoint interval” setting
on the Activity Logging tab of the Configuration Settings document.
To determine how long to make the checkpoint interval, consider three
Monitoring
factors: the need to record information, the need to preserve storage
space, and the need for quick performance. The longer you make the
checkpoint interval, the more activity data that could be lost if the server
crashes before Domino writes the Checkpoint records. The shorter you
make the checkpoint interval, the more Checkpoint records that could be
created, requiring more storage space. In addition, if you set a short
checkpoint interval, system performance could be affected if there is a lot
of activity.
Note For types of activity that generate multiple activity logging
records, the record type is indicated in the EventType field in the record.
Agent activity logging

Agent activity logging generates a record for each Domino server-based
agent that runs successfully. The record shows the name of the agent, the
name of the database that contains the agent, the amount of time it took
to run the agent, and the name of the person who last saved the agent.
The record does not show the types of activities the agent performed.
Domino does not generate activity logging records for agents that run on
a Web server, for agents that you run manually from a client, or for
agents that are scheduled to run locally on a client.
For information about restricting who can run agents on a server, see the
chapter “Controlling Access to Domino Servers.”
Setting Up Activity Logging 57-3

HTTP activity logging
HTTP activity logging tracks requests from browsers to access Domino
Web servers. Domino generates an HTTP activity logging record each
time a browser sends an HTTP request to a Domino Web server. For
example, if a user opens a Web page that includes information from three
separate files, Domino generates three separate activity logging records.
HTTP activity logging records include such information as the name of
the Web server, the name of the user accessing the Web server, the HTTP
request, the URL the user clicked, the number of bytes returned as a
result of the request, the amount of time it took to process the request,
the HTTP status code returned as a result of the request, and the time at
which the request occurred. In addition, if you have set URL translation
rules in the Server Configuration document, the HTTP activity logging
record shows the results of the translations.
IMAP activity logging

IMAP activity logging tracks IMAP session activity, such as the user
name, the server name, the IP address of the client, the number of bytes
the client sent to and read from the server, and the duration of the
session.
There are three types of activity logging records for IMAP sessions:
• Authorization records, which log when an authenticated IMAP
session begins. Authorization is logged after any of the following
occur: a successful Login command; a successful Auth command; a
successful Greeting command, if the client is preauthorized.
• Checkpoint records, which log activity that occurs when an IMAP
session has been open for a specified length of time
• Close records, which consolidate IMAP information into a single
record when an IMAP session ends
LDAP activity logging

LDAP activity logging tracks information about every LDAP request.
Because each type of LDAP request has a different structure, Domino
generates a different activity logging record for each type.

This table shows the types of LDAP requests and some of the information
that Domino logs for each type of request. Domino does not generate
Checkpoint records for LDAP requests.
Request type Information logged
Abandon Organization name, user name, server name, client IP address, the
message ID of the command to abandon, the LDAP result code,
and any error messages returned to the client
Add Organization name, user name, server name, client IP address, the
distinguished name of the object to be added, the attributes that
are added and their new values, the names of the directories to
which the entry was added, the number of entries added, the
number of bytes sent to the server, the LDAP result code, and any
error messages returned to the client
Bind Organization name, user name, server name, client IP address,
LDAP version, the name the client is using to bind, the
authentication method, the LDAP result code, and any error
messages returned to the client
Monitoring
Compare Organization name, user name, server name, client IP address, the
distinguished name of the object that was compared, the attribute
and value portions of the attribute value assertion, names of the
directories searched, the number of bytes sent to the server in the
query, the LDAP result code, and any error messages returned to
the client
Delete Organization name, user name, server name, client IP address, the
distinguished name of the object that was deleted, names of
directories from which the object was deleted, the number of
entries deleted, the number of bytes sent to the server, the LDAP
result code, and any error messages returned to the client
Extended Organization name, user name, server name, client IP address, the
name of the extended command, the LDAP result code, and any
Modify Organization name, user name, server name, client IP address, the
distinguished name of the entry to be modified, the operations to
be performed on the entry (add, delete, replace), the attributes that
are modified and their new values, the names of the directories in
which the entry was modified, the number of entries modified, the
number of bytes sent to the server, the LDAP result code, and any
ModifyDN Organization name, user name, server name, client IP address, the
directory entry that is modified, the new Relative Distinguished Name
(RDN), whether the old RDN was deleted, the new parent entry, the
names of the directories in which the entry was modified, the number
of entries modified, the number of bytes sent to the server, the LDAP
result code, and any error messages returned to the client
continued

Request type Information logged
Search Organization name, user name, server name, client IP address, the
base object, the scope of the search, deref aliases, the maximum
number of entries the client requests, the time limit a client
requests for a session, the types of information to include in a
record (field names only or field names and values), filters, the
attributes that you want displayed for each entry, the amount of
time the search took, the names of the directories searched, the
number of entries and the number of bytes sent to the client, the
LDAP result code, and any error messages returned to the client
Unbind Organization name, user name, server name, client IP address, the
LDAP result code, and any error messages returned to the client
You can customize the LDAP service configuration to limit the amount of
data collected in the Values fields in Add and Modify records.
Mail activity logging

Mail activity logging tracks mail that is sent from and received by a
server. Activity logging records for mail include such information as the
name of the server that created the record, the originator and recipients
of the message, the message ID, the preceding and next hops on the
delivery route, and the size of the message.
There are five types of activity logging records for mail activity:
Type of record Description

Deposit Mail is deposited into MAIL.BOX on a server. This mail can
come from a Domino server or a Domino SMTP server. The
receiving server logs this activity as a Deposit. The sending
server logs this activity as a Transfer.
Delivery Mail is delivered from MAIL.BOX to a user.
Delivery The router could not deliver a message.
failure
Transfer Mail is transferred from one server to another on the way to its
final destination. The sending server logs this as a Transfer. The
receiving server logs this as a Deposit.
Transfer The router cannot transfer a message to another server. This is
failure logged on the sending server.
For each mail message, at least two types of records are logged — a
Deposit record and at least one of the other types of records, depending
on the disposition of the attempted delivery.

Domino logs updates to messages in MAIL.BOX as new deposits. For
example, if you change the address on a message in MAIL.BOX so that it
routes correctly, that message is logged as a new deposit.
If a message is split because the recipient list is too large, a separate
record is generated for each copy of the message. Each of these records
contains the same MessageID and Originator.
Notes session activity logging

Notes session activity logging tracks network traffic that occurs during a
server session with a Notes client or with another Domino server acting
as a client. Session records include such information as the name and
network address of the session user, the number of documents read and
written, the number of bytes read and written, the total number of
transactions executed during the session, and the duration of the session.
Servers, users, and API programs can all generate session activity.
There are three types of activity logging records for session activity:
Monitoring
• Open records, which log when a session begins
• Checkpoint records, which log activity that occurs when a session
has been open for a specified length of time
• Close records, which consolidate all session information into a single
record when a session ends
This table contains a few examples of the types of activities that generate
each type of session record.
Type of record Type of activity

Open • Opening a database or any action that opens a database, such
as checking database properties
• Starting replication
• Having a remote server open another server’s MAIL.BOX
Checkpoint • Reading documents
• Editing documents
• Saving and updating documents
• Viewing or changing an ACL
• Rebuilding a database view
• Performing any other activity while a session is open
Close • Closing a database
• Ending replication
• Logging off, either manually or automatically
• Exiting Notes
• Having a remote server close MAIL.BOX

Notes database activity logging
Notes database activity logging tracks Notes database activity that occurs
during a server session. Database records include such information as the
name of the database, the name and address of the database user, the
number of documents read and written, the number of bytes read and
written, the total number of transactions executed in the database, and
the length of time the database was open. Servers, users, and API
programs can all generate database activity.
There are five types of activity logging records for database activity:
• Open records, which log when a database opens
• Checkpoint records, which log activity that occurs when a database
has been open for a specified length of time
• Close records, which consolidate all log information for a database
session into a single record when a database closes
• CloseEnd records, which consolidate database information at the end
of a Notes session (when the client logs off of the server)
• MailDeposit records, which log when a mail message that does not
contain an attachment is deposited into MAIL.BOX. (Mail messages
that contain attachments generate Open records, Close records, and
possibly Checkpoint records.)
This table contains a few examples of the types of activities that generate
each type of database record.

Open • Opening a database or any action that opens a database, such
as checking database properties
• Starting replication, including opening a database to
determine if replication is needed (even if no replication is
needed)*
• Having a remote server open another server’s MAIL.BOX
Checkpoint • Editing documents
• Saving and updating documents
• Viewing or changing an ACL
• Performing any other database activity while a database is
open
continued

Close • Closing a database
• Ending replication
• Logging off, either manually or automatically (one record for
each open database)
• Exiting Notes (one record for each open database)
• Having a remote server close MAIL.BOX
CloseEnd Closing a database at the end of a session
Closing databases that the server opened for replication
Logging off of Notes
Exiting Notes
MailDeposit Depositing a mail message that does not contain an attachment
into MAIL.BOX
* When Domino closes databases after determining that replication is not
necessary, it generates a Close record that contains 0 (zero) in the Duration
field.
Monitoring
CloseEnd records log the total activity in a database during a Notes
session. Each time a user opens and closes a database during a session,
Domino creates separate database Open and Close records. When the
user closes the Notes session, Domino generates a CloseEnd record for
each database that was open during the session. The CloseEnd record
consolidates the total activity in the database during the entire Notes
session. Therefore, if you open and close a database several times during
a Notes session, Domino generates multiple Open and Close records for
that database, but only one CloseEnd record.
Notes passthru activity logging

Notes passthru activity logging tracks activity that is generated by a
client or a server through a passthru connection. This includes such
information as the number of bytes sent and received, the number of
documents read and written, the number of transactions executed, and
the duration of the passthru session.
There are three types of activity logging records for passthru
connections:
• Open records, which log when a passthru connection begins
• Checkpoint records, which log activity that occurs when a passthru
• Close records, which consolidate information into a single record
when a passthru session ends, such as when a client logs off or
disconnects from the passthru server

POP3 activity logging
POP3 activity logging tracks such POP3 information as the name of the
user, the IP address of the client, the number of bytes the client sends to and
reads from the server, the number of messages sent to the client, the
number of messages deleted from the client, and the duration of the session.
There are three types of activity logging records for POP3 activity:
• Authorization records, which log when a user is authenticated and a
session begins
• Checkpoint records, which log activity that occurs when a POP3
• Close records, which consolidate POP3 information into a single
record when a POP3 session ends
If a session ends before authentication is complete, Domino generates
only a Close record. The user name in this record is “Anonymous.”
Replication activity logging

When you use activity logging for replication, Domino generates one
activity logging record for each database replication request that a server
initiates. Only the initiating server generates activity logging records.
Activity logging records for replication include such information as the
names of the source and destination servers, the replicaID of the database
that was replicated, and the number of bytes replicated in each direction.
There are no Checkpoint records for replication activity logging.
When a client initiates replication with a server, Domino logs the activity
as session activity, not as replication activity. In addition, using the Cluster
Replicator does not generate activity logging records for replication.
SMTP activity logging

SMTP activity logging tracks SMTP session activity, such as the IP
address of the connected client, the number of messages the client sends
to the server, the number of bytes the client sends to and receives from
the server, the number of recipients to whom messages are sent, and the
duration of the session.
There are three types of activity logging records for SMTP sessions:
• Open records, which log when an SMTP session begins
• Checkpoint records, which log activity that occurs when an SMTP
• Close records, which consolidate SMTP information into a single
record when an SMTP session ends

Example of creating activity logging records
This example shows the activity logging records that Domino generates
when a user sends mail to another user whose mail database is on a
different mail server. In this example, the message goes directly to the
recipient’s mail server without making any intermediate hops.
Domino generates some of these records, such as Notes session Checkpoint
records and Notes database Checkpoint records, only if the activity occurs
after the checkpoint interval has elapsed during the session.
Activity Records generated Server that

generates
records
1. User opens mail Notes Session Open Sending server
database Notes Database Open
2. User creates a mail The following are possible: Sending server
message Notes Session Checkpoint
Monitoring
Notes Database Checkpoint
3. User sends message Mail Deposit plus the following: Sending server
to MAIL.BOX If the message contains an
attachment:
Notes Database Open
Notes Database Close
If the message does not contain an
attachment:
Notes Database MailDeposit
4. User saves message The following are possible: Sending server
Notes Session Checkpoint
Notes Database Checkpoint
5. The Router picks up Mail Transfer Sending server
the message from
MAIL.BOX
6. The Router deposits Mail Deposit plus the following: Receiving
the message in the If the message contains an server
destination server’s attachment:
MAIL.BOX Notes Database Open
Notes Database Close
If the message does not contain an
attachment:
Notes Database MailDeposit
continued

Activity Records generated Server that
generates
records
7. The Router delivers Mail Delivery Receiving
the message to the server
user’s mail database
8. User opens mail Notes Database Open Receiving
database and reads server
message
Configuring activity logging

You configure activity logging by editing the Configurations Settings
document.
2. In the Task pane, expand Server and click Configurations.
3. In the Results pane, select the Configuration Settings document you
want, and click Edit Configuration.
4. On the Configuration Settings document, click the Activity Logging tab.
5. Select “Activity logging is enabled.”
6. In the “Enabled logging types” field, select the types of activity you
want to log.
7. (Optional) To increase or decrease the frequency of creating
Checkpoint records, change the checkpoint interval.
8. (Optional) To automatically create Notes session and Notes database
Checkpoint records every day at midnight, select Log checkpoint at
midnight.
9. (Optional) To automatically create Notes session and Notes database
Checkpoint records every day at the beginning and end of a specific
time period, select “Log checkpoints for prime shift” and then
specify the times for the Prime shift interval.
11. (Optional) If you are logging activity for LDAP Add and Modify
operations and want to change the amount of information logged in
the Attributes field from the default of 4096 bytes, follow the steps in
the topic “Limiting the amount of attribute information logged for
LDAP Add and LDAP Modify activity.”

Limiting the amount of attribute information logged for LDAP Add
and LDAP Modify activity
Since it is possible for LDAP Add and LDAP Modify operations to add
or modify many attribute values, by default activity logging stops
logging attribute information in a record when the amount logged
reaches 4096 bytes in that record. To specify a different amount of
attribute information to log:
1. From the Domino Administrator, open the server that runs the LDAP
service or a server in the same domain as the server that runs the
LDAP service.
2. Click the Configuration tab.
3. In the Task pane, expand Directory; then expand LDAP; and then
select Settings.
• If you see the message “Unable to locate a Server Configuration
document for this domain. Would you like to create one now?” click
Monitoring
Yes, and then click the LDAP tab on the document that is created.
• If you do not see this message, click “Edit LDAP Settings.”
5. In the field “Activity Logging truncation size,” type a value (in
bytes).
Viewing activity logging data

You can view the activity logging information by running Activity
Analysis, which copies the information you specify to the Log Analysis
database (LOG4A.NSF or whatever name you specify). Domino creates
the Log Analysis database on your local computer. The Log Analysis
database includes views for the following activity information:
View Description
Agent For agent activity, shows the user, date, database, agent name,
and run time
All Shows the activity type and timestamp of all activity logging
records
HTTP For HTTP activity, shows the target server, user name, date,
HTTP request, time of the request, and the length of the content
IMAP For IMAP activity, shows the organization name, server name,
user name, timestamp, bytes sent and received, and the duration
continued

View Description
LDAP Add For LDAP Add activity, shows the organization name, user
name, timestamp, name of the added object (entry), number of
bytes received, and any error messages
LDAP All For all LDAP activity, shows the organization name, type of
activity, user name, and the timestamp
LDAP Delete For LDAP Delete activity, shows the organization name, user
name, timestamp, name of the deleted object (entry), number of
entries deleted, and any error messages
LDAP For LDAP Modify activity, shows the organization name, user
Modify name, timestamp, name of the modified object (entry), number
of bytes received, and any error messages
LDAP For LDAP ModifyDN activity, shows the organization name,
ModifyDN user name, timestamp, name of the modified object (entry), the
new RDN, the new superior, and any error messages
LDAP Search For LDAP Search activity, shows the organization name, user
name, timestamp, base object, filter, bytes sent, and the search
time
Mail For mail deposited into MAIL.BOX, shows the server name, who
Deposited the message was from and to, when the message was deposited,
the message ID, and the action taken upon the message
(depositing the mail into MAIL.BOX)
Mail For messages processed in MAIL.BOX, such as mail transferred
Processed to other servers and mail delivered to users, shows the server
name, who the message was from and to, when the message
was deposited, the message ID, and the action taken upon the
message
Notes For Notes database activity, shows the organization name,
Database server name, user name, database name, timestamp, number of
bytes sent and received, number of documents read and written,
and the total number of transactions
Notes For Notes passthru activity, shows the date, duration of the
Passthru connection, and the number of bytes sent and received by the
client and by the target server
Notes Session For Notes session activity, shows the organization name, server
name, user name, timestamp, number of bytes sent and
received, number of documents read and written, and the total
number of transactions
continued

View Description
POP3 For POP3 activity, shows the organization name, server name,
user name, timestamp, number of messages retrieved by and
deleted from the client, number of bytes the client sent to the
server and received from the server, and the duration of the
session
Replica For replication activity, shows the date, source server and
database name, destination server and path, and the number of
bytes transferred
SMTP For SMTP activity, shows the organization name, server name,
Session IP address of the connected client, timestamp, number of
messages the client sent, number of recipients to whom the
messages were sent, number of bytes the client sent to and
received from the server, and the duration of the session
Note In addition to containing the results of running activity analysis,

the Log Analysis database may contain the results of running log
analysis, especially if you run log analysis using a version of Domino
Monitoring
earlier than Lotus Domino 6.
Running activity analysis

1. In the Domino Administrator, make the server on which you want to
run activity analysis current.
2. Click the Server - Analysis tab.
3. In the Tools pane, expand Analyze; and then click Activity.
4. Do one of the following to select the types of activity you want to log:
• To log all the types of activity, skip this step. By default, all
activity types are selected.
• To deselect a type of activity to log, click the activity type in the
“Selected types of activity” pane, and then click Remove. To
deselect all the types of activity, click Remove All.
• To select a type of activity to log, click the activity type in the
“Select server activity types to search for” pane; and then click
Add. To add all the types of activity, click Add All.
5. Choose the starting and ending dates and times of the activity you
want to view.
6. (Optional) To write the analysis results to a database other than the
Log Analysis database, click Results Database and specify a different
database. Then click OK.

7. Select “Append to this database” to append the results of the
analysis to previous results in the database, or select “Overwrite this
database” to create a new database that contains only the results of
the current analysis.
8. Click OK to run the analysis and to open the Log Analysis database.
Viewing the data in the Log Analysis database

1. If the Log Analysis database is not already open, do the following:
• On your local computer, choose File - Database - Open.
• Select the Log Analysis database, and then click Open. (By default,
the database title is “Log Analysis” and the file name is
LOGA4.NSF.)
2. In the Task pane, expand Server Activity; and then click the view for
the type of activity you want to view.
3. (Optional) In the Results pane, double-click the record you want to
view.

Chapter 58
Maintaining Databases
This chapter describes how to maintain databases after you deploy them.
Database maintenance
To keep a specific database in good working order, perform these tasks
regularly.
Task Frequency
Monitor replication, if a database Daily
replicates
Monitoring
Check for and consolidate replication or Daily, for large active databases;
save conflicts weekly for other databases
Monitor database activity Weekly
Monitor database size Weekly
For information on monitoring database replication and database

activity, see topics in this chapter. For information on monitoring
database size, see the chapter “Improving Database Performance.”
In addition, if you’re a server administrator, perform the following tasks
regularly to maintain all databases on a server.
Task Frequency
Run the Updall task to update all views Daily. Occurs by default daily at 2
and full-text indexes AM.
Run the Designer task to keep databases Daily. Occurs by default daily at 1
that inherit design from master templates AM.
in sync with the master templates
Run the Compact task Weekly or monthly with the -B
argument and in conjunction with a
certified backup utility.
Monitor the database cache Occasionally
For information on running the Updall and Designer tasks, see the topic
“Synchronizing databases with master templates, ” later in this chapter.
For information on running the Compact task and monitoring the database
cache, see the chapter “Improving Database Performance.”
58-1
The Files tab in the Domino Administrator
The Files tab in the Domino Administrator provides an easy way for you
to manage files in the Domino data folder. From the Files tab, you can:
• View file information
• Manage databases — for example, compact databases and manage ACLs
• Manage folders and links
• Display disk space information
To customize the Files tab, you can:
• Choose the types of files you see
• Choose the folder contents you see
• Customize the column display
To display the Files tab

1. From the Domino Administrator, select a server in the Server pane
on the left. To expand the pane, click the Servers icon.
To open a specific database or template

Select the database or template in the files pane of the Files tab, and then
double-click.
Choosing the types of files you see in the Files tab

Do the following to choose the types of files you see in the Files tab:
2. In the “Show me” box, select one of the following options to control
the type of files that the files pane displays:
• Databases only — Displays databases but not templates
• Templates only — Displays templates and databases that act as
templates
• Mail Boxes only— Displays only MAIL.BOX databases for
administrators to quickly open when monitoring mail
• All database types — Displays all databases and templates
• All files — Displays all types of files
• Database links only — Displays only database links

3. To choose a combination of files to display, in the box, select Custom,
select one or more of these options, and then click OK:
• Databases
• Templates — Displays all templates except advanced templates
• Advanced templates — Displays advanced templates
• Database Links
• Mail boxes
• ID files
• Modem files
Alternately, you can specify one or more custom file extensions to
display files with those extensions, for example, TXT or BMP.
Choosing the folder contents you see in the Files tab

To choose the contents of folders that you see in the Files tab, do the
following:
Monitoring
2. Use the left pane in the Files tab to select a folder. By default, you see
only files in the selected folder. To see all the files in the Domino data
folder, click the files icon.
The Files tab can display files only in the data folder and in any folders
within the data folder.
Customizing the columns in the Files tab

The files pane of the Files tab in the Domino Administrator displays the
following information about databases in the order specified, by default:
• Title
• File name
• Physical Path
• File Format
• Size
• Max Size
• Quota
• Warning
• Created
• Last Fixup
• Is Logged
• Template
Maintaining Databases 58-3

To add and remove columns
1. From the Domino Administrator, choose Files - Preferences -
2. Click the Files icon.
3. To add a column, select the column in the Available Columns box
and then click the right arrow to include the column in the Use These
Columns box. All available columns are displayed by default.
4. To remove a column, select the column in the Use These Columns
box, and then click the left arrow to remove the column.
5. Click OK.
To change the order of columns

1. From the Domino Administrator, choose Files - Preferences -
2. Select the Files icon.
3. Select the column in the Use These Columns box and do the following:
• To move the column one place to the right, click the up arrow
below the box.
• To move the column one place to the left, click the down arrow
below the box.
4. Click OK.
Managing databases with the Files tab

Use the Files tab to manage databases from the Domino Administrator.
2. Select one or more databases in the files pane.
3. In the tools pane on the right, select Database and then select a tool
described in the following table. Or drag selected database(s) to the
tool.
Database tool Description
Manage ACL Manages access control lists
Create Replica Creates replicas of databases using the
Administration Process server task
Compact Compacts databases
Full-text index Manages full-text indexes
Multi-Database Index Enables and disables multi-database indexing for
databases
Advanced Properties Set advanced database properties
continued

Database tool Description
Quotas Set quotas to limit the size of databases
Move Moves databases using the Administration Process
server task
Sign Signs databases with signatures that can be used
for workstation data security
Replication Enables and disables replication of databases
Fixup Fixes corrupted databases
Cluster Manages databases in a cluster
Analyze Runs a database analysis
Find Note Finds a document based on Note ID or UNID and
displays its properties to aid in troubleshooting
Create Db Event Monitors a database based on various criteria
Generator
Manage Views Frees space used by view indexes
Monitoring
Managing folders and links with the Files tab
Use the Folder tool in the Files tab to manage folders, and folder and
database links from the Domino Administrator.
2. Select a folder location in the left pane.
3. In the Tools pane on the right, select Folder and choose one of the
following options:
• New
• New Link
• Update Link
• Delete
For more information, see the chapter “Organizing Databases on a
Server.”
Displaying disk space information with the Files tab

Use the Disk Space tool in the Files tab of the Domino Administrator to
display the disk size and free disk space on a selected server.
1. From the Domino Administrator, select the server for which you
want to display disk space.
3. In the Tools pane on the right, select Disk Space.

Monitoring replication of a database
If there are replicas of a database, you can use any of these methods to
monitor replication daily.
Method Description
Replication history Records each successful replication session for a
database. Useful for determining at a glance if a
replication is occurring.
Replication Events Shows details about replication events between servers.
view of the log file Useful for determining the cause of replication failure
(LOG.NSF) and for verifying that the expected number of
replication updates occurred.
Replication monitor Notifies you when replication of a database hasn’t
occurred within a specified time period. A server
administrator creates replication monitors as a part of
configuring the Event Monitor task.
Database Analysis Lets you collect replication history, replication events
tool from the log file, and other information specific to a
database into a results database that you can analyze.
In addition to ensuring that a database is replicating, you should

routinely check for and consolidate replication and save conflicts.
For more information on the Database Analysis tool, see the topic
“Database analysis,” later in this chapter.
The database replication history

A database’s replication history is stored in the Basics tab of the Database
Properties box. The first time one server replica successfully replicates
with a replica on another server, Domino creates an entry in the
replication history. The entry contains the name of the other server, as
well as the date and time of the replication. Separate entries are created
when a replica sends information and when a replica receives it. On each
subsequent replication with a specific server, Domino updates the entry
in the history to reflect the most recent replication time.
Domino uses the replication history to determine which documents to
scan for changes during the next replication. For example, if a database
successfully replicated with the HR-E/East/Acme server 24 hours ago,
Domino replicates only those documents that were added, modified, or
deleted in the replica on HR-E/East/Acme within the last 24 hours.
Before replication starts between two databases, Domino checks the
replication history of both databases to make sure that they agree. If they
don’t, Domino scans each document created or modified since the date

specified in the “Only replicate incoming documents saved or modified
after” setting on the Other panel of the Replication Settings dialog box.
If a database doesn’t replicate successfully, Domino doesn’t update the
replication history.
Clearing the replication history

If you have Manager access to a database, you can clear the database
replication history if you think the database doesn’t contain all the
documents it should or if the database replication history is not
synchronized with that of other replicas. Clear the replication history
only as a last resort to solve replication problems. If you clear the history,
during the next replication, Domino scans each document created or
modified since the data specified in the “Only replicate incoming
documents saved or modified after” setting on the Other panel of the
Replication Settings dialog box. Scanning all these documents can be
time-consuming, especially over dial-up connections. If you clear the
“Only replicate incoming documents saved or modified after” setting,
Monitoring
Domino scans all documents in the database.
Within a server cluster, the Cluster Replicator stores replication history
information in memory and updates the replication history about once an
hour.
For information on viewing cluster replication data, see the book
Administering Domino Clusters. For more information on the “Only
replicate incoming documents saved or modified after” setting, see the
chapter “Creating Replicas and Scheduling Replication.”
Displaying and clearing the replication history

To display a replication history
1. Make sure you have Reader access or higher in the database ACL.
3. Choose File - Replication - History.
• Select Date to view the information by date.
• Select Server name to view the information by server.
5. Click Done when you finish reviewing the history.
Tip If the replication history dialog box truncates an entry, click Zoom
to display the complete entry. To copy the entire replication history to the
Clipboard, click Copy.

To clear a replication history
3. Choose File - Replication - History.
• To clear one entry, select it, click Zoom, click Remove, then click
Yes.
• To clear the entire replication history, click Clear, then click Yes.
5. Click Done.
Viewing replication events in the log file

The Replication Log entries in the Replication Events view of the log file
(LOG.NSF) display detailed information about the replication of specific
databases. For each database that has replicated on a specified server, a
Replication Log shows the access the server has to the database; the
number of documents added, deleted, and modified; the size of the data
exchanged; and the name of the replica that this database replicated
with. The Events section of a Replication Log shows any problems that
occurred when a specific database replicated. For example, the Events
section shows if replication is disabled or if the database ACL is
preventing replication.
1. From the Domino Administrator, select the server that stores the log
file you want to view.
3. Select Notes Log - Replication Events.
4. Open a recent Replication Log.
Replication or save conflicts

Multiple users can simultaneously edit the same document in one copy
of a database or edit the same document in different replicas between
replication sessions. When these conditions occur, Domino stores the
results of one editing session in a main document and stores the results
of additional editing sessions as response documents. These response
documents have the title “Replication or Save Conflict.” Domino uses the
$Revisions field, which tracks the date and time of each document
editing session, to determine which document becomes the main
document and which documents become responses.

Replication conflicts
A replication conflict occurs when two or more users edit the same
document and save the changes in different replicas between
replications. These rules determine how Domino saves the edit sessions:
• The document edited and saved the most times becomes the main
document; other documents become Replication or Save Conflict
documents.
• If all of the documents are edited and saved the same number of
times, the document saved most recently becomes the main
document, and the others become Replication or Save Conflict
documents
• If a document is edited in one replica but it is deleted in another
replica, the deletion takes precedence, unless the edited document is
edited more than once or the editing occurs after the deletion.
Save conflicts
Monitoring
A save conflict occurs when two or more users open and edit the same
document at the same time on the same server, even if they’re editing
different fields. When this situation occurs, the first document saved
becomes the main document. Before the second document is saved, a
dialog box indicates that the user is about to save a conflict document
and if the user saves the document, it becomes a Replication or Save
Conflict document.
Note ACL and design changes never result in replication or save
conflicts; the most recent change always prevails.
Preventing replication or save conflicts

The following techniques reduce or eliminate replication or save
conflicts. The first four are techniques that a database designer uses:
• Select the Form property “Merge replication conflicts” to
automatically merge conflicts into one document if no fields conflict.
This applies to replication conflicts only and not to save conflicts.
• Specify a Form property for versioning so that edited documents
automatically become new documents.
• Lock documents in a database.
• Use LotusScript to write a custom conflict handler.
For information on designing forms and using LotusScript, see the
books Application Development with Domino Designer and Domino
Designer Programming Guide, Volumes 2A and 2B:
LotusScript/COM/OLE Classes.

The last three are techniques that a system administrator or database
manager can use:
• Assign users Author access or lower in the database ACL to prevent
users from editing other users’ documents.
• Keep the number of replicas to a minimum.
• If the database property “Limit entries in $Revisions fields” is set to a
value greater than 0, increase the limit by specifying a greater value
than the existing one or specify -1 to remove the limit.
For more information on the database property “Limit entries in
$Revisions fields,” see the chapter “Improving Database Performance.”
Consolidating replication or save conflicts

Regularly look for and consolidate replication or save conflicts. To
consolidate a conflict, merge information into one document and remove
the other document. Conflicts are easiest to consolidate immediately after
they occur, since the conflict document is still closely synchronized with
the information in the main document. It’s important to consolidate
replication or save conflicts quickly, so users access the correct
information.
Tip To locate replication or save conflicts, create a view that displays
only conflict documents. Then, to see a conflict document in context with
its main document, select the Replication or Save Conflict document in
the view that displays conflicts, hold down the CTRL key, and switch to
the view that shows the main document.
To consolidate replication or save conflicts, you can save the main
document or save the Replication or Save Conflict document
To save the main document

1. Copy any information you want to save from the Replication or Save
Conflict document into the main document.
2. Delete the conflict document.
To save the Replication or Save Conflict document

• Copy any information you want to save from the main document
into the Replication or Save Conflict document.
• If you do not need to save any information from the main
document, perform a minor edit in the replication or save conflict
document — for example, delete a space.

2. Save the conflict document. The conflict document becomes a main
document.
3. Delete the original main document.
Monitoring database activity

Monitor database activity regularly. If database activity is high and users
report performance problems, do any of the following:
• Set database properties that improve performance.
• Create a replica of the database on another server, if possible, one
within a server cluster.
• Move the database to a more powerful server.
• Move the database to a disk that is less heavily used, or if it’s a large
database, to its own disk.
•
Monitoring
Track database activity with activity logging.
If a database or view is inactive, consider deleting the database or view
to free disk space on the server.
How the Statlog task generates activity statistics

The Statlog task on a server runs by default once a day at 5 AM, at which
time it reports database activity for databases on the server in Database
Activity Log entries in the Database - Usage and Database - Sizes views
of the log file (LOG.NSF) and to the User Activity dialog box of
individual databases. This table compares the information generated in
each location.
Information provided Database User

Activity Log Activity
entry dialog box
Shows total number of times user and servers Yes Yes
accessed, read, and wrote to a database in past 24
hours, past week, past month, and since the
creation of the database*
Shows inactive views (indicated by the size 0) Yes No
Shows names of users and servers who read and No Yes
wrote documents, sorted by date*
* Includes activity for anonymous and authenticated Internet clients.

Tip In addition to viewing activity statistics reported by Statlog, you
can evaluate database activity by creating a view that sorts documents by
date. You can also create File Monitor documents as part of Event
Monitor configuration. File Monitors report user activity for specific
databases.
For information on creating views, see the book Application Development
with Domino Designer. For information on monitoring database activity
within a server cluster, see the book Administering Domino Clusters.
Statlog always reports activity information to the log file, but to save disk
space, you can prevent it from automatically reporting to User Activity
dialog boxes.
Note The Statlog task also reports database size statistics in the
Database - Sizes view of the log file.
Viewing database activity statistics generated by the Statlog task

Instead of opening the log file or viewing the User Activity dialog box
directly as described below, you can use the Database Analysis tool to
see activity statistics.
For information on monitoring database activity using the Database
Analysis tool, see the topic “Database analysis,” later in this chapter.
In the log file (LOG.NSF)

1. From the Domino Administrator, select the server that stores the log
file you want to view.
• Select Notes Log - Database - Sizes
• Select Notes Log - Database - Usage
4. Double-click a Database Activity Log entry to view it.
Tip If you don’t have access to the Domino Administrator, select the log
file database and choose File - Database - Open.
In the User Activity dialog box

1. Open the database and choose File - Database - Properties.
2. Click the i tab, and then click User Detail.
Tip To track usage over a period of time, choose Copy to Clipboard to
copy the summary to a document that you use to track usage statistics.

Managing database activity recording in databases
Disable automatic activity recording in User Activity dialog boxes
By default, Statlog reports database activity to all database User Activity
dialog boxes when it runs. Even if a user disables User Activity reporting
for a specific database, the next time Statlog runs, it enables recording in
the dialog box again.
To prevent Statlog from automatically recording activity in User Activity
dialog boxes, add No_Force_Activity_Logging=1 to the NOTES.INI file.
Then, you can enable activity recording per database, as needed. Because
recording activity in the User Activity dialog box adds 64K to the size of
each database, disabling automatic activity recording saves disk space on
the server.
Tip Disable automatic activity recording to improve database
performance.
Note If you use No_Force_Activity_Logging, Statlog still reports
activity to the log file (LOG.NSF).
Monitoring
Enable activity recording in a single database’s User Activity dialog
box
Even if the server administrator uses the No_Force_Activity_Logging
setting in the NOTES.INI file to disable automatic activity recording in
databases, you can enable recording for a single database.
1. Make sure that you have Designer or Manager access in the database
ACL.
3. Click the i tab, and then click User Detail.
4. Select Record Activity to enable activity recording.
5. (Optional) Select “Activity is Confidential” to allow only users with
at least Designer access in the database ACL to view the activity.
6. Click OK.
Disable activity recording in a single database’s User Activity dialog

box
Use the above procedure, but deselect Record Activity in Step 4.
Disabling activity recording also removes any existing activity statistics
in the User Activity dialog box.

Updating database indexes and views
A view index is an internal filing system that Lotus Notes uses to build
the list of documents to display in a database view or folder. View
indexes should be kept up-to-date so that information in views and
folders stays synchronized with document updates. You can also purge
or delete view indexes to improve database performance.
A full-text index is an index of the text in a database. To perform
advanced searches for text in a database, users need an up-to-date
full-text index that reflects the latest content of a database.
You can use any of these methods to update database indexes:
• The Update task
• The Updall task
• Keyboard shortcuts
• The Database Properties box
For information on using the Database Properties box to update full-text
search indexes, see the chapter “Setting Up and Managing Full-text
Indexes.”
Indexer tasks: Update and Updall

The Update and Updall tasks keep view indexes and full-text indexes
up-to-date.
Update
Update is loaded at server startup by default and runs continually,
checking its work queue for views and folders that require updating.
When a view or folder change is recorded in the queue, Update waits
approximately 15 minutes before updating all view indexes in the
database so that the update can include any other database changes
made during the 15-minute period. After updating view indexes in a
database, it then updates all databases that have full-text search indexes
set for immediate or hourly updates.
When Update encounters a corrupted view index or full-text index, it
rebuilds the view index or full-text index in an attempt to correct the
problem. This means it deletes the view index or full-text index and
rebuilds it.
To improve view-indexing performance, you can run multiple Update
tasks if your server has adequate CPU power.

Note The Update task spawns a directory indexer thread. The directory
indexer runs at one-minute intervals and is dedicated to keeping Domino
Directory view indexes up-to-date. The directory indexer runs against
any local or remote Domino Directory or Extended Directory Catalog
that a server uses for directory services.
Updall
Updall is similar to Update, but it doesn’t run continually or work from a
queue; instead you run Updall as needed. You can specify options when
you run Updall, but without them Updall updates any view indexes or
full-text search indexes on the server that need updating. To save disk
space, Updall also purges deletion stubs from databases and discards
view indexes for views that have been unused for 45 days, unless the
database designer has specified different criteria for discarding view
indexes. Use the NOTES.INI setting Default_Index_Lifetime_Days to
change when Updall discards unused view indexes.
Like Update, Updall rebuilds all corrupted view indexes and full-text
Monitoring
search indexes that it encounters.
By default Updall is included in the NOTES.INI setting ServerTasksAt2,
so it runs daily at 2 AM. Running Updall daily helps save disk space by
purging deletion stubs and discarding unused view indexes. It also
ensures that all full-text search indexes that are set for daily updates are
updated.
The following table compares the characteristics of Update and Updall.
For Updall, the table describes default characteristics. For information on
options you can use to modify some of these characteristics, see the topic
“Updall options” later in this chapter.
Characteristic Update Updall

When it runs Continually after server 2 AM and when you run
startup it
Runs on all No. Runs only on databases Yes
databases? that have changed.
Refreshes views Yes Yes
indexes?
Updates full-text Yes. Updates full-text indexes Yes. Updates all full-text
indexes? set for immediate and hourly indexes.
updates.
Detects and attempts Yes Yes
to rebuild corrupted
view indexes?
continued

Characteristic Update Updall
Detects and attempts Yes Yes
to rebuild corrupted
full-text indexes?
Purges deletion No Yes
stubs?
Discards unused No Yes (after a view is
view indexes? unused for 45 days or
according to a view
discard option specified
by a designer)
Ignores “Refresh Yes Yes
index” view
property?
Can customize with No Yes
options?
Updall options
You can use any of these methods to run Updall on a server:
• Task - Start tool in the Domino Administrator — Use this method if
you don’t want to use command-line options.
• Load Updall console command — Use this method if you’re
comfortable using command-line options or if you want to run
Updall directly at the server console when there is no Domino
Administrator running on the server machine.
• Program document that runs Updall — Use this method to schedule
Updall to run at particular times.
• Run Updall on a Win32 platform — Use this method if you are
unable to run Updall at the server console. This method requires that
you use the “n” prefix — for example, nupdall - R.
When you use these methods, you can include options that control what
Updall updates. For example, you can update all views and not update
any full-text search indexes.
The following tables describe the options you can use with Updall. The
first column describes the option names as they appear in the Task - Start
tool. The second column lists the equivalent command-line options that
you use when you use a console command to run Updall and when you
schedule Updall to run in a Program document.

Use this syntax when you use the Load updall console command:
Load updall databasepath options
For example:
Load updall SALES.NSF -F
You can specify multiple options — for example:

Load updall -F -M
For information on Updall behavior when you don’t specify options, see
the topic “Indexer tasks: Update and Updall,” earlier in this chapter.
Updall - Basic options

Option in Task - Start Command-line Description
tool option
• Index all databasepath “Only this database” updates only the
databases For more specified database. To update a
• Index only this information on database in the Domino data folder,
Monitoring
database or databasepath, see enter the file name, for example,
folder the topic “Using SALES.NSF. To update databases in a
a console folder within the data folder, specify
command,” later the database path relative to the data
in this chapter. folder, for example,
DOC\README.NSF.
“Index all databases” (or no database
path) updates all databases on the
server.
Update this view database -T Updates a specific view in a database.
only viewtitle Use, for example, with -R to solve
corruption problems.
Updall - Update options

tool option
Update: All built -V Updates built views and does not
views update full-text indexes.
Update: Full text -F Updates full-text indexes and does not
indexes update views.
Update: Full text -H Updates full-text indexes assigned
indexes: Only those “Immediate” as an update frequency.
with frequency set to:
Immediate
continued

tool option
Update: Full text -M Updates full-text indexes assigned
indexes: Only those “Immediate” or “Hourly” as an update
with frequency set to: frequency.
Immediate or Hourly
Update: Full text -L Updates full-text indexes assigned
indexes: Only those “Immediate,” “Hourly,” or “Daily” as
with frequency set to: an update frequency.
Immediate or Hourly
or Daily
Updall - Rebuild options

tool option
Rebuild: Full-text -X Rebuilds full-text indexes and does not
indexes only rebuild views. Use to rebuild full-text
indexes that are corrupted.
Rebuild: All used -R Rebuilds all used views. Using this
views option is resource-intensive, so use it as
a last resort to solve corruption
problems with a specific database.
Rebuild: Full-text database -C Rebuilds unused views and a full-text
indexes and index in a database. Requires you to
additionally: All specify a database.
unused views
Updall - Search Site options

tool option
Update database -A Incrementally updates search-site
configurations: database configurations for search site
Incremental databases.
Update database -B Does a full update of search-site
configurations: Full database configurations for search site
databases.

Running the Updall task
Using the Task - Start tool
1. From the Domino Administrator, select the server on which to run
Updall.
2. Click the Server - Status tab.
3. In the task panel on the right, click Task - Start.
4. Select “Update all.” Do not select “Update.”
• To customize how Updall runs, click “Select advanced options,”
click Start Task, specify options to customize how Updall runs,
then click OK.
• To run Updall without options, deselect “Select advanced
options” and then click Start Task.
Using a console command
Monitoring
Updall.
3. Click Console.
4. Enter the following command in one of the following ways: 1) In the
command line at the bottom of the console, and then press ENTER,
or 2) Directly at the console on a server:
Load updall databasepath options
where databasepath specifies the files on which to run Updall

and options are Updall command-line options.
For example, enter :
Load updall SALES.NSF -F
The following table illustrates how you can use databasepath to specify
databases, folders, and subfolders.
To compact Example command Files compacted

Specific databases in Load updall DATA\SALES.NSF
the Domino data folder SALES.NSF,DEV.NSF DATA\DEV.NSF
All the databases in a Load updall SALES DATA\SALES\all
folder relative to the databases
Domino data folder
continued

A specific database in a Load updall DATA\SALES\
folder relative to the SALES\USER1.NSF USER1.NSF
Domino data folder
All the files specified in Load updall WEEKLY.IND DATA\SALES.NSF
an IND file created in where WEEKLY.IND DATA\DEV.NSF
the Domino data folder contains: DATA\SALES\
SALES.NSF USER1.NSF
DEV.NSF DATA\SALES\NEW\all
SALES\USER1.NSF databases
SALES\NEW
Using a Program document

Use a Program document to schedule Updall to run with options at a
regular time. Note that by default Updall is included in the NOTES.INI
setting ServerTasksAt2, so it runs daily at 2 AM on all databases without
options.
For more information on Program documents, see the appendix “Server
Tasks.”
2. Next to “Use Directory on,” select the server with the replica of the
Domino Directory that you want to modify.
3. Expand Server - Programs and then click Add Program.
4. Complete these fields on the Basics tab:
Field Enter
Program name Updall
Command line Command line options. Don’t specify “load” before the
options.
Server to run on Server on which to run Updall
Comments Optional comments
For more information on the available command-line options, see the

topic “Updall options,” earlier in this chapter.

5. Complete these fields on the Schedule tab:
Field Enter
Enabled/disabled Enabled
Run at times Times to run Updall each day
Repeat interval of How soon to run Updall again after it completes
Days of week The days to run Updall
Keyboard shortcuts that update or rebuild views

This table describes the keyboard shortcuts you can use to update or
rebuild views.
Shortcut Description When to use

F9 Updates the current To display current information in the
view view
Monitoring
SHIFT+ F9 Rebuilds the current To fix problems with a view
view
CTRL+SHIFT+ Rebuilds all views in a To rebuild or update all views if you
F9 database that are not are unable to run the Updall task.
built; updates all other You must wait until the process is
views complete, so use Updall instead if
possible.
Running multiple Update tasks

To improve view indexing performance, you can run multiple Update
tasks. Doing this can affect server performance and is recommended
primarily for multi-processor machines. On a server with multiple
processors, enable a maximum of one Update task per processor.
Using a Configuration settings document

2. Next to “Use Directory on,” select the server that stores the Domino
Directory you want to modify.
3. Expand Server - Configurations.
• Click Edit Configuration to edit an existing Configuration settings
document
• Click Add Configuration to create a new Configuration settings
document

5. Click the NOTES.INI Settings tab.
6. Click Set/Modify Parameters.
7. In the Item box, select Updaters. In the Value box, enter the number
of Update tasks to run. Then click OK.
9. Restart the server so that the setting takes effect.

Use the Task - Start tool to run multiple Update tasks without having to
shut down and restart the server. If you eventually shut down the server,
you must repeat this procedure when you restart it.
Each time you enter this command, the server loads another Update task.
Update.
3. In the Tools pane on the right, click Task - Start.
4. Select “Update.” Do not select “Update all.”
5. Click Start Task.
Tip You can also enter the following command at the console:
Load update
Changing the temporary folder used for view rebuilds

When Domino rebuilds views — for example, when you use updall -R or
when a user opens a view whose index has been deleted — it may
generate temporary files to sort the data in order to rapidly update the
views; Domino deletes these files after rebuilding the views. By default,
these temporary files are located in your system’s temporary folder — for
example, C:\TEMP. If your system doesn’t have a temporary folder, then
Domino puts the files in the Domino data folder.
Depending on the amount of memory available during rebuilding, the
space required in the temporary folder for each view being rebuilt is
approximately two times the size of the largest view or two times the size
of all the data in documents, whichever value is greater. It is
recommended that you change the location of the temporary files to a
different drive from the Domino data folder. Putting the temporary
folder on a different drive distributes disk I/O and ensures that there is
enough space to rebuild views. Domino is very conservative when
estimating the amount of disk space needed for optimized view rebuilds
so that it won’t spend unnecessary time sorting data only to discover that

there’s inadequate disk space. Make sure that the temporary folder you
specify has plenty of disk space available.
To change the temporary folder used for view rebuilds, add the setting
View_Rebuild_Dir to the server’s NOTES.INI file and specify a new
location. For example, add:
View_Rebuild_Dir=D:\REBUILD
If Domino estimates that there’s not enough space available in the

temporary folder to rebuild a specific view, Domino uses a slower
method to rebuild the view and logs this message to the Miscellaneous
Events view of the log file (LOG.NSF):
Warning: unable to use optimized view rebuild for view due
to insufficient disk space at directory. Estimate may need x
million bytes for this view. Using standard rebuild instead.
You can add the following setting to the NOTES.INI file to disable
optimized view rebuilding. However, do this only as a last resort if
Monitoring
you’ve specified a view rebuild folder and you still see the preceding
message for many views. If you see the message for just a few views,
don’t disable view rebuilding.
Disable_View_Rebuild_Opt=1
Managing view indexes

A view index is an internal filing system that Lotus Notes uses to build
the list of documents to display in a database view or folder. Because a
database grows when you add views and folders, you can improve
database performance by occasionally purging view indexes.
To purge one or more of the view indexes in a database:
2. Select the database.
3. Choose Database - Manage Views.
4. For each view index in the database you want to purge:
a. Select the view index.
b. Click Purge.
c. Click Yes at the prompt.
5. Click Done.

Synchronizing databases with master templates
To use a consistent design for multiple databases, database designers can
associate databases or elements within databases with a master template.
Designers can manually synchronize databases with a master template,
but more often they rely on the Designer task to do this. When a master
template design changes, the Designer task updates all databases that
inherit their designs from the master template. The Designer task runs
daily by default at 1 AM. The Updall task, which runs by default at 2
AM, updates the view indexes of databases changed by Designer.
For a server’s Designer task to update databases, you must create a
replica of the master template on each server that stores databases that
inherit from the master template.
After updating database designs, the Designer task also reloads the
LDAP schema on a Domino server that runs the LDAP service.
You can’t run the Designer task against a specific database or folder. It
runs only against all databases on a server.
For more information on master templates, see the book Application
You can run the Designer task by using one of the following methods.
Running the Designer task using the Task - Start tool

Designer.
4. Select Designer and then click Start Task.
Running the Designer task using a console command

the Designer task.
3. Click Console.
4. Enter the following command in the command line at the bottom of
the console, and then press ENTER:
Load design

The following table describes the command line options you can use with
the Designer task.
Command line option Description

-d directory name Synchronizes the databases in a directory relative to the
data directory. For example, to synchronize databases in
the directory DATA\SALES, specify -d SALES.
-f filename Synchronizes a specific database. For example, to
synchronize the database DATA\SALES.NSF, specify -f
SALES.NSF.
-i name Synchronizes the databases specified by name, which can
be a database, folder, or file name that contains a list of
paths, each of which can be a database or a folder.
The following table shows an example of the -i command line option.
If the file SCHEDULE where then load design -i

contains this SCHEDULE is the same as this
Monitoring
SALES SALES is a directory load design -d SALES
DEV and load design -d DEV
DEV\USER1.NSF DEV is a directory load design -f
DEV\USER1.NSF
Fixing corrupted databases

Corrupted databases don’t occur frequently when you use transaction
logging. When you use transaction logging to log changes to databases, a
server automatically uses the transaction log to restore and recover
databases after a system failure — for example, after server failures or
power failures. If a disk failure occurs, you use the transaction log along
with a certified backup utility to restore and recover the databases.
For information on upgrading database format, see the Upgrade Guide.
The Miscellaneous Events view of the log file (LOG.NSF) records
detailed messages about corrupted documents and views. These
messages in the log file indicate document corruption:
• Document NTdocument number in database database name is damaged
• Document document number in database database name has been
deleted

The following messages indicate that Domino has rebuilt, is in the
process of rebuilding, or was unable to rebuild damaged views:
• Page format is incorrect
• Invalid CNO vector - position == 0
• Container integrity has been lost - rebuild
For information on using the log file, see the chapter “Using Log Files.”
Ways to fix corrupted databases

If you encounter database corruption in a database, you can use any of
these methods to try to fix the problem. Because corruption is much less
of an issue for logged databases, these methods are primarily used for
solving corruption problems in unlogged databases.
• Run Fixup to fix corrupted views and documents.
• Run Updall to fix corrupted views and full-text indexes; if a
corrupted view is the problem, try Updall before trying Fixup.
• Run Compact with the -c option to fix corruption problems that
Fixup doesn’t correct.
• Press SHIFT+F9 to rebuild one view; press CTRL+SHIFT+F9 to
rebuild all views in a database.
• Create a replica of the database.
For information on using Compact, see the chapter “Improving Database
Performance.”
Using Fixup
When you restart a server, the server quickly searches for any unlogged
databases that were modified but improperly closed because of a server
failure, power failure, hardware failure, and so on. A few minutes after
server startup is complete, the Fixup task then runs on these databases to
attempt to fix any inconsistencies that resulted from partially written
operations caused by a failure. When users attempt to access one of these
databases and Fixup hasn’t yet run on the database, the users see the
message “This database cannot be opened because a consistency check of
it is in progress.” A similar Fixup process occurs when you restart a
Lotus Notes client.

Multiple Fixup tasks run simultaneously at server startup to reduce the
time required to fix databases. The number of Fixup tasks that Domino
runs by default at startup is equal to two times the number of processors
available on the server. Although this default behavior should be
adequate in most circumstances, you can edit the NOTES.INI file to
include the Fixup_Tasks setting. The actual number of tasks run is the
smaller of the configured number of tasks that can run and the number
of databases that require fixing. For example, if you set Fixup_Tasks to 4
but only one database requires fixing, then only one Fixup task runs.
Keep in mind that after you set up transaction logging, Fixup is not
needed or used to bring databases back to a consistent state.
Ways to run Fixup manually

Use Domino Administrator to use any of these methods to run Fixup
manually to fix a corrupted database. With each of these methods, you
can customize how Fixup runs.
Monitoring
• Run Fixup using the Fixup tool in the Files tab — Use this method to
run Fixup on one or a few databases; you can easily select the
databases and you don’t have to use command-line options, but you
can’t use the Domino Administrator until Fixup finishes.
• Run Fixup using the Task - Start tool — Use this method to run Fixup
on all databases; you can continue to use the Domino Administrator
while Fixup runs and you don’t have to use command-line options.
• Run Fixup using a console command — Use this method if you want
to use command-line options or to run Fixup directly at the server
console when there isn’t a Domino Administrator client available.
• Run Fixup using a Program document — Use this method to
schedule Fixup to run at particular times.
• Run Fixup on a Win32 platform — Use this method if you are unable
to run Fixup at the server console. This method requires that you use
the “n” prefix, for example, nfixup - F.

Fixup options
The following table describes the options you can use with Fixup. The
first column lists the options as they appear when you run Fixup using
the Fixup tool or the Task - Start tool in the Domino Administrator. The
second column lists the equivalent command-line options that you use
when you run Fixup using a console command or using a Program
document.
Fixup options in Fixup Command-line Description
tool and Task - Start tool equivalent
• Fixup all databases databasepath “Fixup only this database or folder”
• Fixup only this runs Fixup only on a specified database
database or folder or all databases in a specified folder. To
run Fixup on a database in the Domino
data folder, enter the file name, for
example SALES.NSF. To run Fixup on a
database or databases in folders within
the data folder, enter the path relative to
the data folder. For example, to run
Fixup on all databases in the
DATA\SALES folder, specify SALES.
“Fixup all databases” or no command
line database path runs Fixup on all
databases on the server.
Note To specify databases or folders to
run on using the Fixup tool, select the
database(s) or folder(s).
Report all processed -L Reports to the log file every database
databases to log file that Fixup opens and checks for
corruption. Without this argument,
Fixup logs only actual problems
encountered.
Scan only since last -I When you run Fixup on a specific
fixup database, Fixup checks only documents
modified since Fixup last ran. Without
this option, Fixup checks all documents.
Scan all documents -F When you run Fixup on all databases,
Fixup checks all documents in the
databases. Without this option, Fixup
checks only documents modified since it
last ran.
Note To specify this option using the
Fixup tool, deselect “Scan only since last
fixup.”
continued

Perform quick fixup -Q Checks documents more quickly but
less thoroughly. Without this option,
Fixup checks documents thoroughly.
Exclude views (faster) -V Prevents Fixup from running on views.
This option reduces the time it takes
Fixup to run. Use if view corruption
isn’t a problem.
Don’t purge corrupted -N Prevents Fixup from purging corrupted
documents documents so that the next time Fixup
runs or the next time a user opens the
database, Fixup must check the database
again. Use this option to salvage data in
documents if the corruption is minor or
if there are no replicas of the database.
Optimize user unread -U Reverts ID tables in a database to the
Monitoring
lists previous release format. Don’t select
this option unless Customer Support
recommends doing so.
Fixup -J Runs on databases that are enabled for
transaction-logged transaction logging. Without this
databases option, Fixup generally doesn’t run on
logged databases.
If you are using a certified backup
utility, it’s important that you schedule
a full backup of the database as soon
after Fixup finishes as possible.
Fixup open databases -O If you run Fixup on open databases,
Fixup takes the databases offline to
perform the fixup.
This is the default if you run Fixup and
specify a database name. Without this
option, when you do not specify
database names, Fixup does not run on
open databases.
Don’t fixup open -Z Applies only to running Fixup on a
databases single database. When a database isn’t
taken offline and is in use, then Fixup is
not run.
This is the default when Fixup is run on
multiple databases.
continued

Verify only -C Verifies the integrity of the database and
reports errors. Does not modify the
database (for example, does not purge
corrupted documents).
Fixup subdirectories -Y Runs Fixup on databases in subfolders
(subdirectories).
Don’t fixup -y Does not run Fixup on databases in
subdirectories subfolders (subdirectories).
For information on transaction logging, see the chapter “Transaction

Logging and Recovery.”
Running the Fixup task

Use this method primarily to run Fixup on all unlogged databases on a
server.
Fixup.
4. Select Fixup.
• To specify options to control how Fixup runs, Click “Select
advanced options,” click Start Task, select options to customize
how Fixup runs, then click OK.
• To run Fixup without options, deselect “Select advanced options”
and then click Start Task.
For information on the options available, see the topic “Fixup options”
Using a console command

Fixup.
3. Click Console.

4. Enter the following command in one of the following ways: 1) In the
command line at the bottom of the console, and then press ENTER,
or 2) Directly at the console on a server:
Load fixup databasepath options
where databasepath specifies the files on which to run Fixup

and options are Fixup command-line options.
To fixup Example command Files on which Fixup runs

Specific databases in the Load fixup DATA\SALES.NSF
Domino data folder SALES.NSF,DEV.NSF DATA\DEV.NSF
All the databases in a Load fixup SALES DATA\SALES\all databases
folder relative to the
Domino data folder
A specific database in a Load fixup DATA\SALES\USER1.NSF
Monitoring
folder relative to the SALES\USER1.NSF
Domino data folder
All the files specified in Load fixup DATA\SALES.NSF
an IND file created in the WEEKLY.IND DATA\DEV.NSF
Domino data folder where WEEKLY.IND DATA\SALES\USER1.NSF
contains:
DATA\SALES\NEW\all
SALES.NSF databases
DEV.NSF
SALES\USER1.NSF
SALES\NEW
Using a Program document

Use a Program document if you want to schedule Fixup to run at a
regular time.
Tasks.”
2. Next to “Use Directory on” select the server with the replica of the
Domino Directory that you want to modify.
3. Select Server - Programs and then click Add Program.

Field Enter
Program name Fixup
Command line Command line options. Don’t specify “load” before the
options.
Server to run on Server on which to run Fixup
Comments Optional comments

topic “Fixup options” earlier in this chapter.
5. On the Schedule tab, complete these fields:
Field Enter
Run at times Times to run Fixup each day
Repeat interval of How soon to run Fixup again after it completes
Days of week The days to run Fixup
Using the Fixup tool

Use this method to run Fixup on one or a few databases.
databases you want to run Fixup on. If the Domino Administrator
does not run on a server, you can select local to run Fixup on
databases stored on the client.
3. Select the databases on which to run Fixup.
4. In the Tools panel at the right, select Database - Fixup.
5. (Optional) Select options to control how Fixup runs.
For information on the options available, see the topic “Fixup
options” earlier in this chapter.
6. Click OK.

Moving databases
It may be necessary to move a database from one server to another — for
example, to distribute databases evenly among servers. If there are
replicas of the database, the server to which you move the database
should have the appropriate Connection documents to replicate the
database to other servers that store replicas. If you’re moving a database
to a server in a cluster, replication between the server and other servers
in the cluster that have replicas of the database occurs without
Connection documents.
Keep in mind that within a cluster, the Cluster Manager distributes
workloads and provides failover to database replicas if one cluster server
becomes disabled. Before moving a database in a cluster, you should
analyze the cluster workload to be sure it will remain balanced after you
move the database. Only the person who administers the cluster should
perform the move.
For more information on clusters, see the book Administering Domino
Monitoring
Clusters.
You can use any of these methods to move a database:
• Use the Domino Administrator and the Administration Process to
move the database.
• Manually move the database. Use this option when you do not have
access to the Domino Administrator and the Administration Process.
Moving databases using the Administration Process

This feature isn’t intended for moving mail files.
For information on moving mail files, see the chapter “Setting Up and
Managing Notes Users.”
1. Make sure the source and destination servers are running the
2. Make sure that you have Create Database access in the Server
document of the destination server and at least Manager with “Delete
documents” access in the ACL of the databases on the source server.
3. Make sure that the source server (or another server that replicates
with the source server and has a replica of the database) has Create
Replica access in the ACL of the destination server.
4. Make sure the destination server has at least Reader access in the
ACL of the replica on the source server.
For information on specifying server access in an ACL, see the chapter
“Creating Replicas and Scheduling Replication.” For information on

using a Server document to set “Create replica databases” access, see
the chapter “Controlling Access to Domino Servers.”
databases you want to move.
7. In the files pane, select one or more databases to move.
8. In the Tools pane on the right, select Database - Move. Or drag the
selected database(s) to the Move tool.
9. (Optional) If the current domain includes a cluster, click “Show only
cluster members” to display only destination servers that are
members of the cluster.
10. Select one or more destination servers. To select a server that doesn’t
appear in the list, click Other, specify the hierarchical server name,
then click OK.
11. (Optional) Select a destination server, click “File Names” to choose a
custom file path on the destination server for any database you’re
moving and then click OK. You can repeat this procedure for each
destination server. If you don’t choose this option, the database is
stored on the destination server in the same location as on the source
server.
To move a database to a folder below the data folder, type the folder
name, backslash, and then the file name — for example,
JOBS\POSTINGS. If the specified folder does not exist, Domino
creates it for you.
12. Click OK. A dialog box shows the number of databases processed
and indicates if any errors occurred. See the status bar for more
information.
13. If the source server is not a cluster server, you must approve the
deletion of each original source database after the Administration
Process completes the “Non Cluster Move Replica” request, which
creates a replica at the new location. To do this:
a. Make sure you have Editor access to the Administration Requests
database (ADMIN4.NSF).
b. Open the Administration Requests database.
c. Select the Pending Administrator Approval view.
d. Open the “Approve Deletion of Moved Replica” request for each
source database that you moved, click Edit Document, click
Approve File Deletion, click Yes, and then click Save and Close.
14. Notify users that you’ve moved the database.

Moving databases by dragging them to a destination server
Rather than choosing Database - Move, you can drag databases to a
destination server. When you use this method, you must store all
databases in one preexisting folder on the destination server. This
method also uses the Administration Process to automate moving the
database. You can’t use this method to move a database to another
Domino domain.
2. In the files pane, select one or more databases to move.
3. Drag the selected databases to a destination server in the server pane
on the left.
4. In the dialog box that appears, select “Move database,” select a
folder on the destination server in which to store the database(s),
then click OK.
Moving a database without using the Administration Process
Monitoring
Use this procedure to move a database to a server in another Domino
domain or to move a database when you don’t have access to the
Domino Administrator. Do not use this procedure to move a mail file.
For information on moving mail files, see the chapter “Setting Up and
Managing Notes Users.”
1. Make sure that you have Create Replica access in the Server
document of the destination server.
2. Make sure you have Manager with “Delete documents” access in the
ACL of the original database.
3. Choose File - Replication - New Replica to create a replica of the
database on the destination server.
4. Make a note of the file name and path of the original database. You’ll
include this information when you notify users of the move.
5. Choose File - Database - Delete to delete the original database.
6. If the database receives mail, change the Mail-In Database document
in the Domino Directory to reflect the new location.
7. In the ACLs of any replicas of the database, remove the name of the
server that you moved the database from and add the name of the
destination server.
8. Notify users that you have moved the database.

Deleting databases
To keep a server performing efficiently and to free disk space, delete
databases that are no longer active. To delete databases from a cluster
server, you use the Cluster database tool in the Domino Administrator.
To delete databases on non-cluster servers, select the databases and
delete them manually, or use the Delete database tool in the Domino
Administrator to have the Administration Process deletes replicas of the
database.
Within a cluster of servers, you create a number of replicas for each
database to ensure user access to an updated replica even if a particular
cluster server becomes unavailable. You can mark a cluster replica for
deletion while users are working with the replica. Domino then prevents
new users from accessing the marked replica and deletes the database
after all current users exit the database. Before deleting the database,
Domino replicates any changes to other replicas in the cluster.
For more information on clusters, see the book Administering Domino
Clusters.
Deleting a replica in a cluster

replicas you want to delete.
4. Select the folder containing the replicas you want to delete.
5. In the files window, select the replicas you want to delete.
6. In the Tools pane on the right, select Database - Cluster. Or drag the
selected replicas to the Cluster tool.
7. Select “Pending delete.”
8. Click OK to mark the database for deletion.
Deleting a non-cluster database and its replicas using the

Administration Process
database you want to delete.
4. Select the database to delete.
5. Click Database - Delete

6. (Optional) Select “Also delete replicas of this database on all other
servers” if you want the Administration Process to delete other
replicas.
7. Click OK.
Deleting a non-cluster database manually

2. Notify users of the impending deletion and the reason for it.
3. If there are no replicas of the database, make an archive copy of it.
4. Record the file name and path of the original database. This allows
you to replace the deleted database with a new database that notifies
users that the original database has been deleted.
5. Select the database icon.
6. Select File - Database - Delete.
7. (Optional) Select “Delete all replicas of this database.”
Monitoring
8. Click Yes to confirm the deletion.
9. Delete any Mail-In Database documents associated with the deleted
database.
10. Remove references to the database in database libraries and
bookmarks.
11. Notify users that you have deleted the database.
Archiving an obsolete database

• If users occasionally need to access the database, keep the archive
copy on a Domino server. If no access or very little access is required,
copy the database to a file server or optical disk.
• In the database ACL of the archive copy, assign Manager access to at
least two users and assign Reader access to all other users.
• Indicate in the database title and in the About This Database
document that the database is an archive copy.
• Notify users of the location of the archive copy.
Database analysis
You can perform a database analysis to collect information about one or
more databases from a variety of sources — the replication history, the
User Activity dialog box, and the log file (LOG.NSF) — and view it in a
single “results” database. You can perform a database analysis only if
you have access to the Domino Administrator.

Use database analysis to collect the following information about a database:
• Replication history, as recorded in the Replication History dialog box
• User reads and writes, as recorded in the User Activity dialog box
• Document creations, edits, and deletions, as recorded in a database
• Design changes, as recorded in a database
• Replication additions, updates, and deletions, as reported in the log
file (LOG.NSF)
• Mail messages delivered by the mail Router
You can collect this information from multiple replicas of a database.
The results database

When you perform a database analysis, you create a database that holds
the results, which are stored in analysis documents. After you create a
results database, each time you perform a database analysis, you can
choose to overwrite its contents or append new results to its contents.
The results database is created from the Database Analysis (DBA4.NTF)
template.
Analysis documents
Each analysis document in the results database contains fields that
describe a particular event.
Field Describes
Date Date of the event
Time Time of event
Source of Event The analyzed database or its replicas or the log file (LOG.NSF)
Information
Source Name of a database containing documents that were read
Database For database replication events, name of database from which
information was pulled
Source Name of server that stores a database containing documents
that were read or written
For database replication events, name of server that stores the
database from which information was pulled
Destination Name of a database on which documents were updated
For database replication, name of the database to which
information was replicated
Destination Name of a server that stores a database that was updated
machine For database replication, name of a server that stores a
database to which information is replicated
Description Description of the event

Events
Analysis documents describe these types of events:
Event Describes Required database

analysis option
Activity Number of user or server reads and User reads
writes generated by the Statlog task User writes
+Activity Number of user reads and writes as Log file activity
noted in the database and in the log file User reads or User
writes
Mail Router Number of documents delivered to the User writes
database
Data Note Document creations, edits, and deletions Changes to documents
Design Note Changes to the database ACL and design Changes to design
Replicator Replication history Replication history
Monitoring
+Replicator Number of replication additions, Log file activity
updates, and deletions, as reported in the
log file (LOG.NSF)
Running a database analysis

databases you want to analyze.
3. Select the folder containing the databases you want to analyze.
4. In the files window, select the databases you want to analyze.
5. In the Tools pane on the right, select Database - Analyze. Or drag the
selected database(s) to the Analyze tool.
6. In the “Analyze last x days of activity” field, enter a number that
represents how many days’ worth of information to report. You can
specify up to 99; the higher the number, the longer it takes to
generate the results.
7. Select one or more of the remaining options from the following table.

8. Click Results, do one of the following, then click OK.
• Specify the server, title, and file name of the database where you
want to store the results. It’s recommended that you create the
results database on a local client rather than on a server. If
multiple people generate results databases on a server, they
should each specify a different file name so the results don’t
conflict.
• If the specified results database already exists, click “Overwrite
database” to write over the existing contents or click “Append to
this database” to add the new results to existing ones.
9. Click OK to run the analysis.
10. To see the results, open the database and choose one of the available
views.
11. Open Database Analysis Results documents in the selected view.
Database analysis options

Option Reports
Changes in: Data documents Details of document additions, edits, and
deletions
Changes in: Design documents Changes to the database ACL and design
User activity: User reads Total times users opened documents in the
database
Total times servers read documents
User activity: User writes Total times users and servers created,
modified, or deleted documents
Total number of mail messages delivered to
the database
Replication: Find replicas on Data for other replicas
other servers
Replication: Replication history Successful replications of a database as
reported in the database replication history
In logfile: Miscellaneous Events Events relating to this database, as recorded in
view the Miscellaneous Events view of the log file
In logfile: Database usage view Database activity, as recorded in the Usage -
By User view of log file

NOTES.INI file settings used to maintain databases
The following table summarizes the NOTES.INI file settings you can use
to maintain databases.
For more information on these settings, see the appendix, “NOTES.INI
File.”
NOTES.INI file setting Description

Default_Index_Lifetime_Days Changes when Updall discards unused view
indexes.
Disable_View_Rebuild_Opt Disables optimized view rebuilding.
Fixup_Tasks Specifies the number of Fixup tasks to run
concurrently on the server.
No_Force_Activity_Logging Prevents Statlog from automatically recording
activity in User Activity dialog boxes.
ServerTasksAt[n] Specifies which server tasks to run at time n.
Monitoring
Update_NO_BRP_Files When set to 1, the Fixup task creates a BRP file
when it encounters an error in a view index.
Updaters Specifies the number of Update tasks to run
View_Rebuild_Dir Changes the temporary folder used for view
rebuilds.

Chapter 59
Maintaining Domino Servers
This chapter describes how to manage your existing Domino servers. It

includes information on recertifying a server, deleting a server name and
decommissioning servers as well as other server-related activities.
Managing servers
To manage servers, you can do any of the following tasks:
• Change the server administrator
Monitoring
• Decommission a server
• Decommission a Domain Search server
• Delete a server name
• Find a server name in the domain with the Domino Administrator or
the Web Administrator
• Recertify a server ID
• Upgrade a server name to hierarchical
• Uninstall a Domino server partition
While managing servers, you may also need to recertify a certifier ID. To
do so, see “Recertifying a Certifier or User ID.”
Changing the server administrator

If the name of the former administrator is explicitly listed in the access
control list (ACL) for the Domino Directory, delete the name of the
former administrator from the ACL. Add the name of the new
administrator and assign the administrator Manager access.
For more information on modifying ACLs, see the chapter “Controlling
User Access to Domino Databases.”
59-1
If the name of the former administrator is included in any groups, delete
the former administrator’s name from the Group document(s), if
appropriate. Add the name of the new administrator.
1. From the Domino Administrator, select the Configuration tab.
2. Click Server, and then select one:
• Current Server Document — to change the administrator name for
the current server.
• All Server Documents — and then select the server document you
want to change.
3. Click “Edit Server.”
4. Click the Administration tab.
5. In the Administrator field, type the administrator’s name or click the
arrow and complete the following fields as necessary in the Select
Names dialog box:
Field Action
Choose address Select the address book and choose a name from the list.
book Click one of the following:
• Add — to add the name to the Names list.
• Details — to view address details from the Person
document.
Find names (Optional) Enter a user name, last name followed by first
starting with name, to search for a name if you are unsure of the
spelling or the complete name.
Add name not Enter a user name and then click Add to add the name to
in list the Names list without selecting it from an address book.
Names (Optional) Do one:
• Select a name and then click Remove to remove the
selected name from the Administrator field.
• Don’t select any names. Click Remove all to remove all
names from the Administrator field.
Select a name and click to copy a name from the open
address book to the local address book.
6. Click OK, and then click “Save & Close” in the Server document.
7. Use the Replicate server command at the console to force replication
of the Domino Directory and disseminate the change quickly.
For more information on the Replicate command, see the appendix

Decommissioning a server
You use the Decommission Server Analysis tool when you are
consolidating existing servers and/or permanently removing a server from
service. Whether you are combining two servers into one server or
renaming a server, the result is the same — the old server name is replaced
with the new server name. The analysis tool can help you avoid a loss of
service for your Domino server and can be used to help build a foundation
for a decommission “to do” checklist. The role of the Server Analysis Tool
is to compare the responsibility of the source server to that of the target
server and to report differences that could cause a possible loss of service.
When you run the Decommission Server Analysis tool, you create a
Results database containing detailed information comparing the source
server and the target server. The source server is the server being
removed from service, and the target server is the server taking the place
of the source server. The source and the target servers must be Domino
servers that have hierarchical names and that are in the same domain.
Monitoring
Inconsistencies between the source and target servers are marked in the
Results database to alert you to the administrative tasks you may need to
do before you can decommission the server. Each comparison that the
Decommission Server Analysis tool makes is somewhat individual.
Relationships between analysis items are not determined by this tool;
therefore, you need to review each report and make your own
comparisons before taking any action. Perform comparisons between
only two servers at a time. You do not need to resolve all differences
before you decommission a server.
Before decommissioning a server

Before decommissioning a server, you may need to perform the
following types of administrative activities:
• Check each database for formulas that contain specific server name
references.
• Update the documents in the Domino Directory, such as the
Connection and Program documents, to reflect the new server name.
• If the old server had cross-certificates, make sure the new server has
the same cross-certificates.
• Notify other domains that access the server about the change.
• Inform users about the new location for databases, including their
mail database, if necessary.
• Make sure the network protocols on the old and new servers match.
• Replicate all the databases from the old server to the new server.
• Update mail routing tables to ensure that mail gets delivered correctly.
Maintaining Domino Servers 59-3

To run an analysis report on Decommission Server
1. To use the Decommission Server Analysis Tool, you must have
administrator access to both the source and the target servers.
If you don’t have administrator rights, some portions of the report
may not be completed properly.
3. From the tools pane, select Analyze - Decommission Server.
Field Enter
Source server Name of the server being decommissioned
Target server Name of the server that will replace the server
being decommissioned
Results database Name and/or location of the Results database if
you are not using the default file name
DECOMSRV.NSF. Complete these fields:
• Server
• Title
• File Name
• Folder
Append to this database (Default) Adds the new report to the end of the
existing information in the Results database
without deleting any existing data
Overwrite this database Adds the new Results database by overwriting
the existing database
5. Click OK.
When the analysis is complete, the Results database opens to the
Reports view. This can take up to several minutes depending on
network traffic and the number of databases on both the source and
target servers.
Note You can create multiple reports in the same database or in
different databases and then use these reports to verify that differences
between the two servers are remedied and cannot be seen by the system
when you run the Decommission Server Analysis tool. You can re-run
the reports as many times as you wish.
Viewing the report in the Results database

The Decommission Server Analysis tool generates a categorized list of
items that were analyzed. Each category represents a different aspect of a
server’s configuration that needs attention. Within each category, items
are listed alphabetically. Each item lists any differences between the

source and the target server’s settings or values. In the Results database,
you can view the categorized list of the items that were analyzed.
Monitoring
Each item is represented by a document. A document’s status is
indicated by an icon to the left of the document as follows:
Icon Explanation
A difference was found when doing the comparisons and may
require the attention of an administrator.
An error was encountered when performing or trying to perform a
comparison.
No icon No attention is required because the fields being compared are
either equivalent or the source’s values are a complete subset of the
target’s values.

Click a document to open it and view the actual report that was
generated. A sample report is shown here:
Report Field Description

Report category The section or category that the document belongs to.
These categories are: Certificates, Cluster, Connections,
Databases, Domains, Internet, Miscellaneous, Network,
Programs, Security, SMTP, and Router.
Report title The specific field or item that is being analyzed — for
example, Databases — Mail Users or Databases — No
Matching Replica.
Report date Date the report is generated.
Server to be Name of the server being retired.
decommissioned
(source server)
Server to accept Name of the server that will assume the responsibilities
responsibility (target of the server being decommissioned.
server)
Errors Errors that occur during the analysis on this item or field.
This field is blank if there are no errors.
Report details Information that indicates the problem or inconsistency
that exists between the source and target servers.

Report comparisons
The following types of field comparisons are done between the two
Server documents and the Configuration documents:
Field Comparison Explanation

Boolean The content of the two fields being compared must be an exact
match. In some cases, if the field on the source server is not
set, no comparison is done with the value for the target server.
Numeric The two fields are compared and differences are reported.
Text list Two text lists are compared and a report is generated if the
source is not a complete subset of the target.
Name list Two names lists are compared by expanding both lists to
single entries, removing duplicates, and generating a report
if the source is not a complete subset of the target. When
expanding names lists, all groups are expanded until only
single entries remain.
Special cases In some cases, a blank field has a special meaning. In these
Monitoring
cases, the specific interpretation of blank for each field is
taken into consideration when comparisons are performed.
Comparisons are made to the following documents:
Document Explanation
comparison
Connection A comparison is performed on any connection in which the
documents server to be decommissioned is listed as the source server in
the Connection document. The comparison ensures that all
destination servers in those connections are also included in
the target server’s Connection documents. A report is
generated if the Tasks differ or if any corresponding
connections do not exist.
All connections listing the server to be decommissioned as
the Destination server are reported.
Program All Program documents that list the source server as the server
documents on which to run the program are included in the report. No
comparison between the source and target Program documents
is done because there is no way to ensure that the executables
exist or are the same on the source and target.
Domain All Foreign domain documents are checked to see if the
documents Gateway server name lists the source server. If one is found,
a document is generated showing which foreign domain
documents list the source.
Cross-Certificates Any cross-certificate that lists the source server in the Issued
By field is reported.

These comparisons are made to databases:
Database comparison Explanation

Mail-in databases, Rooms, Each document that lists the source server as the
Resources, Certifiers, Mail server is reported.
Person documents
Replicas Any database on the source server that does not
have a matching replica on the target server is
reported.
A file name comparison for all databases that do
not have replicas on the target is done. Any
database on the source that has a name conflict
with a different database with the same name on
the target is listed.
These comparisons are made to networks:
Network comparison Explanation

Enabled ports A comparison is done for both port name and
protocol. A report is generated for any differences.
Notes named networks If the source and target servers do not share the
same Notes named networks, a report is
generated.
Deleting a server name

Follow these steps to use the Administration Process to delete references
to a server from the Domino Directory and from database ACLs and
Extended ACLs. The Administration Process automatically deletes
mail-in database documents and cross-certificate documents as necessary
during the Delete Server process.
For more information on the Administration Process, see the chapter
“Setting Up the Administration Process.”
1. To delete a server name, you must have:
• At least Author with Delete documents role and the
ServerModifier privilege, or Editor access to the Domino Directory
3. Click Server - All Server Documents.
4. Select the server name you are deleting and click Delete Server.

5. Do one of these:
• Click the check box “Delete servers from Domino Directory
immediately” to immediately remove the server name from the
Domino Directory, and post Administration Requests to remove
the server name from ACLs, Names fields, and other locations.
• Leave the check box “Delete servers from Domino Directory
immediately” not selected, to create Administration Requests to
remove the server name from the Domino Directory, ACLs,
Names fields, and all other locations.
6. Click OK.
For information on removing a server from service and replacing it with
another server, see the topic “Decommissioning a server” in this chapter.
Recertifying a server ID
Follow this procedure to use the original certifier to recertify a server ID
that has a certificate that is about to expire.
Monitoring
1. To recertify a server ID, you must have:
• Author with Create documents access and the ServerModifier
role, or Editor access to the Domino Directory
• At least Author with Create documents access to the Certification
Log
then click Server - All Server Documents.
3. Select the server you are recertifying.
4. Choose Actions - Recertify Selected Servers.
5. Choose one:
• Click Supply certifier ID and password — if you want to use a
certifier ID and password instead of the new server-based
certification authority (CA). To change to a different certifier ID,
click Certifier ID, select the new ID, enter the password, and then
click OK.
• Use the CA Process — Click to use the Domino server-based
certification authority (CA) to recertify the server ID. Choose a
CA-configured certifier from the list.
6. Accept the default certificate expiration date (two years from the
current date), or enter a different date.
7. (Optional) Enter a date in the field “Only renew certificates that will
expire before” if you want to limit which server IDs can be
recertified.

8. (Optional) Click the check box “Inspect each entry before submitting
request” if you want to view the server ID before finalizing the
recertification.
9. Click OK.
10. Select one of the following:
• OK — to submit the recertification.
• Skip — if you are recertifying more than one server ID and you
want to continue to the next server ID without submitting a
recertification for the current server ID.
• Cancel Remaining Entries — to cancel this server recertification
and recertifications for any other server names you selected and
have not yet submitted.
11. Review the processing statistics that appear and then click OK.
Note You can use the @Certificate function to create a custom view of
specific IDs for recertification based on the ID name, issuer of the
certificate, and expiration date. If you create a custom view, be sure to
include the Recertify Servers or an equivalent action in the Actions menu
of the view.
For more information on the @Certificate function, see the Domino
Designer Programming Guide.
Upgrading a server name to hierarchical

Use this procedure to upgrade a flat server name to a hierarchical server
name. After upgrading a server name to a hierarchical name, the server
cannot be renamed.
1. From the Domino Administrator, Server view, select the server you
are upgrading.
2. Choose Actions - Upgrade server to hierarchical.
3. Choose the new certifier ID.
4. Enter the password for the certifier ID and click OK.
5. (Optional) Enter the qualifying organizational unit.
6. Accept or change the certification ID expiration date.
7. Click Upgrade and then click OK.

Finding a server name in the domain with the Domino Administrator
or the Web Administrator
You can search for a server name in the domain and then view a log that
includes document links and directory links to each occurrence of the
server name.
1. From the Domino Administrator or the Web Administrator, click the
Server - Analysis tab.
2. From the Tools pane, click Analyze - Find Server.
3. Do one of these:
• From the Domino Administrator, select a server name from the list
box, and click OK.
• From the Web Administrator, enter a server name and click Send.
4. One of these occurs:
• On the Domino Administrator, a message appears indicating that
an administration request will be initiated to search the enterprise
Monitoring
for the server name. Click Yes.
• On the Web Administrator, the status line displays a message
indicating that an administration request has been generated to
locate the server name. Click Done or enter another server name
and repeat the process.
To view the log of locations

1. To view the log of locations where the server name has been located,
from the same view, click Administration Requests(R6).
2. Click All Requests by Name.
3. Locate the server name you are looking for.
4. Expand the section and locate the Find Name in Domain request.
5. Open the request. View the documents that contain that server name
in the “Links to items found within Domino Directory documents”
field. View the database ACLs that contain that server name in the
“Links to item found in Database ACLs” field.
6. Click Cancel to close the Response Log document.
For more information on using the Web Administrator, see the chapter
“Setting Up and Using Domino Administration Tools.”

Decommissioning a Domain Search server
If you want the server that creates full-text indexes of the Domino
domain to resume duty as a regular Domino server, remove it from the
appropriate group in the Domino Directory, edit its Server document,
and then delete some files from its directory structure.
To decommission a Domain Search server

2. Open the Domino Directory (NAMES.NSF), and then click Groups.
3. Select LocalDomainCatalogServers and click “Edit Group.”
4. On the Basics tab, in the Members field, remove the indexing server
you want to decommission.
5. Click “Save and Close.”
6. Expand the Servers section in the view pane, and then click Servers.
7. Select the server that you want to decommission, and click “Edit
Server.”
8. Click the Server Tasks - Domain Catalog tab.
9. In the Domain Catalog field, select Disabled and click OK.
Disabling the Domain Catalog automatically disables the Domain
Indexer schedule on the next tab.
10. Click “Save and Close.”
11. Delete the Domain Catalog (CATALOG.NSF) from the server.
12. Delete the FTDOMAIN.DI subdirectory from the server’s Domino
data directory.
Note Users’ Location documents can be automatically updated with the
name of your new indexing server if you include the new server in your
desktop policy settings.
For more information on policy settings documents, see the chapter
“Using Policies.”

Uninstalling a Domino partitioned server
You can remove all server partitions from a computer or you can remove
just one server partition.
To remove all Domino partitions on a computer

To remove all server partitions from a computer, complete these steps:
1. Run the Uninstall program that comes with your operating system.
2. Delete the Domino data directories for those partitions.
To remove one Domino partition

1. Save any files you want, and then delete the Domino data directory
for the partition that you want to uninstall.
2. If the Domino partition used a unique IP address, disable support for
the IP address. Do this only if you added the IP address when you
set up the partition. If the Domino partition used the computer host
Monitoring
name as its Domino server name, do not disable its IP address.
3. If the partitioned server used port mapping, edit the NOTES.INI file
of the port-mapping partition so that it no longer refers to the
Domino partition you want to remove. If you are uninstalling the
port-mapping partition, set up another Domino partition to do the
port-mapping.
4. If you use Windows NT, edit the NT registry as follows:
a. In the folder HKEY_LOCAL_MACHINE - SOFTWARE - Lotus -
Domino check each numbered subkey (for example, 1,2,3) that
has a named value DATA whose value is the directory path of
the partition you want to remove. Remove the whole numbered
subkey and all of its values.
b. In the folder HKEY_LOCAL_MACHINE - SOFTWARE - Lotus -
Domino, remove the corresponding numbered key from the
value of the key named PARTITIONS. Ensure that the list ends in
a comma. For example, if you are removing partition 2 from a
3-partition install, you would change the PARTITIONS value
from 1,2,3 to 1,3.

Chapter 60
Improving Server Performance
This chapter describes ways you can improve the performance of your
Domino server.
Improving Domino server performance

You can improve basic server performance and capacity, as well as the
performance of these Domino features:
• Agent Manager
• Databases and the Domino Directory
• Directory catalog
For more information on improving directory catalog performance,
see the chapter “Setting Up Directory Assistance.”
• LDAP searches
For more information on improving LDAP searches, see the chapter
“Setting up the LDAP Service.”
Performance
• Mail
• Web server
For more information on improving Web server performance, see the
chapter “Setting up the Domino Web Server.”
• Windows NT server
• UNIX server
For more information on performance, visit the Domino Performance
Zone at www.lotus.com/performance.
See the Notes.net column, “Performance Perspectives” for detailed
information about performance issues.
For more information on improving network performance see the
chapter “Setting up the Domino Network.” For more information on
database performance properties, see the chapter “Improving Database
Performance.”
60-1
Tools for measuring server performance
Domino offers performance tools you can use to measure and evaluate
server performance.
Domino Server.Load
Using Domino Server.Load, you run a script (a simulated workload) in
your own environment to obtain server capacity and response metrics.
You can run a built-in script or create a custom script. Domino
Server.Load includes real-time control of the test environment and
variables, such as the number of simulated users. Using Domino
Server.Load, you can evaluate the capacity of your servers and evaluate
the requirements for additional CPU, memory, or disk storage upgrades.
Server.Load can also be used to determine the effect of changes to the
machine, such as upgrading a device drive, an OS service pack, or a
Domino maintenance release.
Domino Server.Load is included as part of the Administrator client. For
details about setting up and working with Server.Load, see the chapter
“Using Server.Load.”
NotesBench
NotesBench is a collection of benchmarks (workloads) that simulate the
behavior of workstation-to-server or server-to-server operations.
Vendors and other organizations use NotesBench to evaluate the
performance of various Domino and Notes platforms and configurations.
Using NotesBench, hardware vendors and business partners generate
benchmark information, which they can distribute to their customers. In
turn, customers can use the benchmark information to evaluate vendors,
select configurations, and plan resource budgets.
To use NotesBench for testing, you must be a member of the NotesBench
Consortium, which is an independent, nonprofit organization dedicated
to providing Domino and Notes performance information to customers.
The consortium requires that each member run the NotesBench tests in
the same manner and allows tests to be audited.
To view published data and test results, go to the NotesBench Web site at
www.notesbench.org.

Improving basic server performance and capacity
This section contains suggestions for improving basic server performance
and increasing server capacity.
Improving server capacity and response time

These tips for improving server capacity and response time come from
the analysis of NotesBench reports, which are published by NotesBench
Consortium members. Some of this information may derive from earlier
versions of Domino, and, therefore, may not be completely applicable to
Lotus Domino 6.
Make sure your server memory matches the number of users you want to
support. Most NotesBench vendors use 300K to 400K per active user.
They also set their NSF_BUFFER_POOL_SIZE to the maximum for their
memory configuration. This setting isn’t necessary, because the Domino
server initially obtains a third of available memory and grows only if
necessary (depending on the load). You should use published physical
memory configurations as a ceiling for memory configuration decisions.
1. Make I/O subsystem improvements. For example you can:
• Move from EISA-based systems (such as, controllers) to PCI-based
systems
• Exchange EISA/PCI boards for PCI-only boards (this way, lower
speed EISA devices won’t decrease the I/O throughput)
• Use stripping to balance the load across all drives in the array. Use
Performance
hardware RAID, such as RAID 0+1, to improve performance and
availability.
• Use multiple I/O controllers to distribute logical volumes (and
use file pointers to databases across separate controllers). Make
sure you have the latest BIOS for your I/O subsystem. This is an
inexpensive way to remove a likely throughput bottleneck.
2. Use faster disk drives.
3. Increase the stripe size. Refer to the NotesBench reports to see what
the vendors use. NotesBench vendors use a stripe size of 8K
(Hewlett-Packard systems) or 16K (IBM NetFinity® reports). (The
IBM NetFinity report provides additional information on I/O
settings such as IOQ Depth, Outbound Posting, PCI Line Prefetch,
and Address Bit Permitting.)
4. Use faster CPUs. NotesBench vendors have moved beyond the
Pentium®, Sparc®, and PowerPC® processors, which were in the
100Mhz to 200Mhz range, to higher speed processors. However, they
consistently use P6-based systems over the Pentium II systems for
Improving Server Performance 60-3

high-end Domino server loads. The size of your Level 2 cache should
match your expected user loads and the response time you want.
Vendors have moved from 256K to 512K, 1MB to 2MB Level 2 cache
systems, especially on their greater than two-CPU configurations.
5. Improve your network. NotesBench vendors have:
• Moved from 10Mbps cards and networks to 100Mbps
configurations
• Used multiple LAN segments (one for each partition) to isolate
network traffic, at the high-end user loads
6. Change your network protocol to IP. Vendors initially used NetBIOS
and SPX internally but have unanimously moved to IP for their
performance publishing efforts.
7. You can improve Web server performance by disabling HTTP server
logging. Logging options are stored in the Server document. In the
HTTP server “Enable logging to” section are two fields, Log files and
DOMLOG.NSF. Disabling both of these fields improves Web server
performance.
8. You can improve general server performance by disabling the
type-ahead mail addressing feature. (Type-ahead allows users to
enter the first few characters of a user’s name; the server then
completes the rest of the name automatically.) To disable type-ahead
on a server, open the server’s Configuration Settings document in the
Domino Directory. On the Basics tab, choose Disabled in the
Type-ahead field. Then save and close the document.
NOTES.INI file settings that affect Domino server performance

Replicators
This setting specifies the number of Replicator tasks that can run
concurrently on the server. The default is 1. Typically, the number of
replicators should equal the number of processors on the server.
However, hub servers can run more replicators.
Server_Availability_Threshold
This setting specifies the acceptable level (a percentage) of system
resources available to a server. By setting this value for each server in a
cluster, you determine how the workload is distributed among cluster
members. The default is 0, which indicates a fully available state
(workload balancing is disabled). A value of 100 indicates the server is
busy; the Cluster Manager then tries to redirect user requests to more
available cluster members.

Server_MaxUsers
This setting sets the maximum number of users that are allowed to access
a server. When this number is reached, the server state becomes
“MaxUsers,” and the server stops accepting new Database Open
requests. The default is 0 (unlimited access to server by user). By setting a
maximum number of users allowed on the server, you can prevent server
performance from degrading because of demand overload.
Server_Session_Timeout
This setting specifies the number of minutes of inactivity after which the
server automatically terminates network and mobile connections. The
minimum recommended setting is 15 minutes. If you specify a lower
time, the server must reopen database server sessions too frequently,
which slows server performance. For best performance, the
recommended time is 45 minutes.
For mobile connections, X.PC has its own internal time out. If the X.PC
time-out value is shorter than the Server_Session_Timeout value, the
X.PC time out takes precedence.
ServerTasks
This setting controls the tasks that the server runs. These tasks start
automatically at server startup and continue until the server is shut
down. Improve performance by removing tasks that aren’t appropriate
to the server. Do not remove the Update task from a server. If you do so,
the Domino Directory will not update.
Performance
Translog_Status
This setting enables transaction logging for all Release 5 and later
databases on the server. Default is 0 (transaction logging disabled). Set
this to 1 to enable transaction logging. Transaction logging improves the
availability and reliability of the server.
Note You must upgrade databases to Domino Release 5 or later format
before they can use transaction logging.
Improving partitioned server performance and capacity

You use the same set of tools to monitor partitioned servers as you use to
monitor individual servers. However, remember that a partitioned server
can use a large amount of system resources, denying those resources to
other partitioned servers on the same computer. For example, the
Indexer on one partitioned server may be using a large percentage of the
available CPU cycles, causing the other partitioned servers to have a
slow response time. Therefore, it is important to look at your operating

system’s performance monitor as well as the Domino statistics to
determine which partitioned server is using the system resources.
For more information about monitoring Domino servers, see the chapters
“Monitoring the Domino Server” and “Using Log Files.”
Optimizing performance
If one partitioned server uses significant system resources, consider
moving that server to a different computer. If partitioned servers causes
slow disk access, consider moving the Domino data directories of the
partitioned servers to separate disk drives.
Another way to limit access to a server is to limit the number of users
who can use a partitioned server at one time. To do this, you can use the
Server_MaxUsers setting in the NOTES.INI file. When the server reaches
the number of users you specify, Domino denies additional user requests
for access to the server.
For additional information about these NOTES.INI settings, see the
appendix “NOTES.INI File.”
Improving Agent Manager performance

The Agent Manager controls when agents run on a server. Every time an
agent runs, it uses server resources. To control when scheduled and
event-triggered agents run, you specify settings in the Server document
and in the NOTES.INI file. Customizing when agents run may conserve
server resources, but it may also delay when agents run.
Controlling how often Agent Manager runs agents

These NOTES.INI settings affect how often the Agent Manager executes
agents. In general, the more frequently agents run, the sooner they
perform their tasks. Running agents more frequently, however, may
increase demand on server resources and adversely affect overall system
performance.
AMgr_DocUpdateAgentMinInterval
This setting specifies the minimum elapsed time, in minutes, between
executions of the same document update-triggered agent. This lets you
control the time interval between executions of a given agent. Default is
30 minutes. A longer interval can result in the agent running less often,
reducing server demand. If document update events are infrequent, you
can reduce the delay.

Note Setting this and other Agent Manager variables to zero does not
completely eliminate the delay; a built-in delay will always exist.
AMgr_DocUpdateEventDelay
This setting specifies the delay time, in minutes, the Agent Manager
schedules a document update-triggered agent after a document update
event. The default is 5 minutes. The delay time ensures the agent runs no
more often than the specified interval, regardless of how frequently
document update events occur. When the agent executes, it will also
process all additional events (if any) that occurred during the interval.
A longer interval results in the agent running less often, thus reducing
demand for server time. If document update events are infrequent,
however, you can reduce the delay to ensure the agent runs soon after
the event occurs.
AMgr_NewMailAgentMinInterval
This setting specifies the minimum elapsed time, in minutes, between
execution of the same new mail-triggered agent. The default is 0 (no interval
between executions). Similar to AMgr_DocUpdateAgentMinInterval,
entering an interval can result in the agent running less frequently.
AMgr_NewMailEventDelay
This setting specifies the time (in minutes) that the Agent Manager delays
before scheduling a new mail-triggered agent after new mail is delivered.
The default is 1 minute. Similar to AMgr_DocUpdateEventDelay, the
delay time ensures the agent runs no more often than the specified
interval. When the agent executes, it will also process all additional events
Performance
(if any) that occurred during the interval. A longer interval results in the
agent running less often, thus reducing demand for server time. If
document update events are infrequent, however, you can reduce the
delay to ensure the agent runs soon after the event occurs.
DominoAsynchronizeAgents
This setting specifies whether Web agents triggered by browser clients
can run at the same time (asynchronously). The default is zero (only one
agent can run at a time). Set this to 1 to allow multiple agents to run
simultaneously. This can result in faster execution of agents. However, a
high number of agents executing at the same time can slow overall
system performance. Open the Server document you want to change,
and click the Internet Protocols - Domino Web Engine tab. In the Web
Agents section, enable or disable the “Run Web agents concurrently?”
option. For “Web agent time-out (in seconds),” the default is 0 (no
time-outs).

Controlling how quickly the Agent Manager queues agents
The Agent Manager periodically checks to see if it has any new agents
that it needs to schedule. These NOTES.INI settings control how quickly
an agent gets into the schedule queue.
AMgr_SchedulingInterval
This setting specifies a delay (in minutes) between running of the Agent
Manager’s scheduler. Valid values are 1 minute to 60 minutes. The
default value is 1 minute.
AMgr_UntriggeredMailInterval
This setting specifies a delay (in minutes) between running of the Agent
Manager’s check for untriggered mail. Valid values are 1 minute to 1440
minutes (the number of minutes in a day). The default value is 60 minutes.
Controlling when the Agent Manager runs agents

When you create or modify an event-triggered agent, the Agent Manager
schedules it to run immediately. This ensures the agent can quickly
process new documents. These NOTES.INI settings let you specify a time
interval between subsequent running of the agent. This can prevent
repeated running of the agent — for example, because of a rapid series of
triggering events.
Scheduling an agent to run immediately means that it will execute as
soon as possible. If there are many agents ahead of it, it may not be
executed right away.
These settings control when the Agent Manager runs agents.
For more information, see the topic “Controlling how often Agent
Manager runs agents,” earlier in this chapter.
• AMgr_NewMailEventDelay
• AMgr_DocUpdateEventDelay
• AMgr_DocUpdateAgentMinInterval
• AMgr_NewMailAgentMinInterval
Monitoring the load on the Agent Manager

Domino 4.6 and earlier include the field “Max % busy before delay” in
the Server document. This field limits the percentage of time the Agent
Manager can use to run agents. When this limit is exceeded, the Agent
Manager delays agent execution. Agent Manager performance has
significantly improved, so this delay is no longer necessary. Domino
Release 5 and later releases do not include this limitation. This field is
still valid for Domino Release 4.6 and earlier releases.

If your server attempts to schedule agents at a rate faster than the Agent
Manager can run them, the message “AMgr: Agent scheduling is
paused” appears on the console. The Agent Manager will not schedule
any new agents until the server processes some agents that are already
scheduled. Therefore, the running of new agents may be slightly delayed.
Controlling how many concurrent agents are running

You can relieve a heavily loaded Agent Manager by allowing agents to
run concurrently. To do this, modify the “Max concurrent agents” field
in the Server Tasks/Agent Manager section of the Server document.
Values greater than 1 allow more than one agent to run at the same time.
Valid values are 1 through 10. Default values are 1 for daytime and 2 for
nighttime.
An Agent Executive runs each concurrent agent. To see a snapshot of the
Agent Manager status, including the number of Agent Executives
currently running, enter the command tell amgr status at the server
console. To see a list of scheduled agents, enter the command tell amgr
schedule at the server console.
Improving database and Domino Directory performance

By default, the Domino Directory uses two database performance
properties — “Document table bitmap optimization” and “Don’t
maintain unread marks” — to improve performance. The following
Performance
NOTES.INI settings can affect database and Domino Directory
performance.
For more information on database performance properties, see the
chapter “Improving Database Performance.”
NSF_Buffer_Pool_Size
This NOTES.INI setting sets the size of the NSF buffer pool, a section of
memory used for buffering I/O transfers between the NSF and NIF
subsystems and disk storage. The number of server partitions, users, size
and number of views, and number of databases all affect how you should
set the buffer pool specification. The default value (determined
automatically by the server) is usually sufficient, but if Database Statistics
indicate more memory is needed, increase the value a few megabytes at a
time. You can use a performance monitor to find out if a larger value is
causing too much swapping or paging. (NSF_Buffer_Pool_Size sets the
buffer pool size in bytes; NSF_Buffer_Pool_Size_MB sets the size in
megabytes.)

NSF_DbCache_Maxentries
This NOTES.INI setting sets the maximum number of databases stored in
the database cache (if enabled). For short intervals, Domino stores up to
1.5 times the number entered for this setting. Increasing the maximum
number of databases improves performance but requires more memory.
Improving performance for users accessing the Web using the Web
Navigator
There are several ways to improve performance:
• Speed up your access to Web pages by speeding up your server
connection to the Internet. Contact your Internet Service Provider to
find out what options you have.
• Improve database performance by managing your database with the
Purge and Refresh agents or any other agents you may create for the
database.
• Manage the number of users retrieving pages in the Web Navigator
database by setting the maximum number of concurrent retrievals
(the number of Web pages the server retrieves at the same time). The
default maximum number of concurrent retrievals is 25. The number
of concurrent retrievals that your server allows depends on your
specific system environment.
Show DBS command

The Show DBS command is a tool for monitoring the performance of a
database. This command returns the following information:
• Refs — The number of times the database has been opened (the
DBHANDLE count for the database).
• Mod — Whether the database has been modified, but not yet flushed
to disk.
• FDs — The number of file descriptors currently being used for the
database.
• LockWaits — The number of times a user has had to wait for a lock
on the database (read or write).
• AvgWait — The average wait time in milliseconds for each wait.
• #Waiters — The number of waiters currently on the database lock.
(This number changes rapidly.)
• MaxWaiters — The maximum number of waiters ever on the
database lock.
Note To display LockWaits and AvgWait values, you must temporarily
add the setting COLLECT_DB_LOCK_WAITS=1 to the server’s
NOTES.INI file. Because this setting consumes server resources, remove
it after you view Show DBS statistics.

Tips for tuning mail performance
You can modify settings on the Configuration Settings document, or
change NOTES.INI settings to help improve mail performance.
For more information on monitoring mail performance, see the chapter
“Monitoring Mail.” For more information on using multiple MAIL.BOX
databases and disabling type-ahead addressing to improve mail
performance, see the chapter “Customizing the Domino Mail System.”
Controlling message delivery

You set delivery controls in the Configuration Settings document on the
Router/SMTP - Restrictions and Controls - Delivery Controls tab, under
Delivery Controls.
Maximum delivery threads

This setting determines the maximum number of threads the Router can
create to perform local mail delivery. Increasing this value can improve
message throughput for local deliveries. The ideal number ranges from 3 to
25. This is determined by a formula, based upon the NSFBufferPoolSize.
You can increase or decrease the value based on the server configuration.
Monitor Mail.Waiting over a period of time. If there is a backlog over a
period of time, increase the number. Monitor Mail.Delivery.Threads.Total.
If the value is less than Mail.Delivery.Threads.Max, set the value to the
total.
Performance
Setting transfer limits
You set transfer limits in the Configuration Settings document on the
Router/SMTP - Restrictions and Controls - Transfer Controls tab, under
Transfer Controls.
Maximum concurrent transfer threads

This setting determines the maximum number of concurrent transfer
threads per destination. The default is the value entered for “Maximum
transfer threads” divided by 2.
Maximum transfer threads

This setting determines the maximum number of threads the mail Router
can create to perform mail transfers. Without this variable, the default is
one thread per server port. Increasing this number creates more threads
to handle mail transfers. However, additional threads may increase the
demand for server processing time.

Setting the number of mailboxes
If there are a small number of users on a server, the default (1) is usually
sufficient. For larger numbers of users, set the number to 2 or higher. To
determine the optimum number, enter SHOW STAT MAIL at the server
console. If MAIL.WaitingRecipients is large or increasing, adding a
mailbox may improve performance if the server resources are not
overloaded.
You set the number of mail.boxes in the Configuration Settings document
on the Router/SMTP - Restrictions and Controls - Basics tab. Under
Router/SMTP Basics, enter a value for “Number of mailboxes.”
For more information on creating multiple MAIL.BOX databases, see the
chapter “Customizing the Domino Mail System.”
Setting IMAP session time-out

If the server supports IMAP users and has limited resources, it may free
up server resources and improve performance to set this to a value of 30
minutes or more.
For more information on IMAP settings, see the chapter “Setting Up the
IMAP Service.”
MinNewMailPoll
This setting determines how often workstations can contact the server to
see if new mail has arrived for the user. This setting overrides the user’s
selection in the Mail Setup dialog box. You can increase the mail polling
interval if there are a large number of mail users on your server and you
want to prevent frequent polling from affecting server performance.
NoMsgCache
This setting disables per-user message caching by the IMAP task. This
can improve capacity (number of users) on a server by reducing memory
consumption. However, response time for some user operations may be
slower.
POP3_Config_Update_Interval
This setting determines how often (per minute) the Domino server that
runs the POP3 service updates its configuration information. The default
is 2 minutes.

Improving Windows NT and Windows 2000 server performance
In general, use the default settings for your Windows server. You may
gain some performance improvements by doing the following:
• Take care of fragmented disks. Run a defragmenter utility frequently
on your disks, including the OS disk to prevent performance
degradation. Do this weekly on busy disks. You can use the
defragmenter that ships with Windows 2000, or use a defragmenter
that automatically runs on a number of systems at specified intervals.
• Use a separate pagefile disk. For best performance on all medium
and large systems (especially for Windows NT), use a separate
pagefile disk.
• Optimize performance for applications or background services.
• Windows 2000 — In the Control Panel, select System - Advanced -
Performance Options and select Background services.
• Windows NT — In the Control Panel, select System - Performance,
then set “Boost for foreground” to None.
• Use the NTFS file system (NT File System). The NTFS file system
has significant performance advantages over FAT or FAT32. For
best performance, format the disks with a cluster size of at least
4KB. Use a cluster size that is a little larger than the average file
size on the disk. NTFS supports these sizes: 512, 1024, 2048, 4096,
8192, 16KB, 32KB, and 64KB. For example, to use a 16KB
allocation size for formatting the NTFS volumes, at the command
Performance
prompt enter (format <drive>:/fs:ntfs/A:16K).
• RAID sets. When setting up data disk RAID sets, set the stripe size to
be approximately equal to the average logical disk transfer per
second measured in Perfmon for the typical workload for the server.
Set the cache write policy to “write back.” Set the cache read policy
to “read ahead.”
• Balance the I/O bandwidth for each PCI bus. Distribute the network
adapters and RAID controller across multiple buses if your server
has them. Do not put the RAID controller on a bus that has a network
adapter.
• Use LargeSystemCache. Both Windows NT and Windows 2000 have
this disk-I/O cache. The default setting favors file sharing. This uses
more memory than the other settings. If server memory is a
bottleneck, set the cache to favor network applications, or, in extreme
cases, set it to minimize memory. Otherwise, leave the default
setting.

To change the setting in Windows 2000, go to the Control Panel, click
the “Network and Dial up Connections” icon, click Local Area
Connection. Right-click on the properties for a network connection,
and click “File And Printer Sharing for Microsoft Networks.”
To change the setting in Windows NT, go to the Control Panel, click
the Network icon, and then click the Services icon.
Choose one of the following:
• “Maximize data throughput for file sharing” (Windows NT and
Windows 2000)
• “Maximize data throughput for network applications” (Windows
NT and Windows 2000)
• “Minimize memory used” (Windows NT and Windows 2000)
• “Balance file sharing and network applications” (Windows NT
only).
Improving UNIX server performance
NOTES.INI settings
Most NOTES.INI settings that affect Domino server performance apply
to all UNIX platforms.
NSF_Buffer_Pool_Size_MB
Many machines that run UNIX have very large amounts of physical
RAM. Use the parameters NSF_Buffer_Pool_Size_MB or
PercentSysAvailable Resources to control how much memory Domino is
allowed to use. Each Domino instance on a UNIX machine can reference
a maximum of 4GB of RAM.
Disk and memory requirements

When a UNIX system runs Domino server software, the server must
have enough disk space for program and data files and enough memory
to handle swapping and the number of processes. You can also change
several system parameters to improve server performance.
System V Shared Memory

This is used on AIX and HP-UX. Run the “ipcs -a” command to list all
shared memory segments used by the Domino server. The maximum
segment size is the default value of Notes_SHARED_DPOOLSIZE on
that platform.

Disk I/O tuning
Maintaining multiple file systems for operating system files, swap space,
transaction logs, and data improves overall server performance. Use
RAID 0+1 hardware for the disk drives that the data files are on. Keeping
swap space on their own separate striped volumes improves server
performance at high loads on systems that have high swap rates.
Transaction logging should be on its own disk drive for improved server
restart time, reliability, and availability.
Console and database logging

To improve server performance, limit the amount of information that is
logged to the log file (LOG.NSF) and the console.
For more information on controlling logging, see the chapter “Using Log
Files.”
Sources for improving server performance

The following links provide up-to-date information and
recommendations. These links were current at the time this
documentation was created:
• Individual articles and the “Performance Perspectives” monthly
column in the Lotus Developer Domain at www-10.lotus.com/ldd
• NotesBench Consortium at www.notesbench.org
• Domino Performance Zone at www.lotus.com/performance
Performance
• IBM Redbooks at www.redbooks.ibm.com
• Solaris at www.lotus.com/dominosolaris
• Windows NT and Windows 2000 internals at www.sysinternals.com
• Hewlett-Packard at www.hp.com
• IBM performance pages for the following machines:
iSeries at www-1.ibm.com/servers/eserver/iseries/
xSeries at www.pc.ibm.com/ww/eserver/xseries/domino
zSeries at www-1.ibm.com/servers/eserver/zseries/

Chapter 61
Improving Database Performance
To optimize database performance, you can set properties for individual

databases and configure the database cache to improve overall database
access time on a server. To keep database size to a minimum, you can set
database properties that save disk space, compact databases, set database
size quotas, and regularly delete inactive documents in databases.
Setting advanced database properties

Set advanced database properties to:
• Optimize database performance
• Enable or disable transaction logging
• Allow more fields in a database
• Allow soft deletions
Setting database properties that optimize database performance

You can set database properties to optimize database performance and to
Performance
reduce database size. Set database performance properties by opening
the Database Properties box on an existing database or as you create a
database.
Make sure you fully understand these database properties before
changing their settings.
1. Make sure you have Designer or Manager access in the database ACL.
• Open a database and choose File - Database - Properties.
• As you create a new database, click the Advanced button.
3. Select or deselect properties listed in the table below.
4. After you select any of these three properties, compact the database
for the property to take effect:
• Don’t maintain unread marks
• Document table bitmap optimization
• Don’t support specialized response hierarchy
61-1
Tip You can use the Compact task with specific options to enable or
disable the above three properties and then compact the database.
Property Tab To optimize Improves Reduces
performance/ database database
size performance? size?
Allow use of stored Basics Deselect option Yes Yes
forms in this
database
Display images Basics Select option Yes No
after loading
Don’t maintain Advanced Select option Yes Yes
unread marks
Document table Advanced Select option Yes No
bitmap
optimization
Don’t overwrite Advanced Select option Yes No
free space
Maintain Advanced Deselect option Yes No
LastAccessed
property
Don’t support Advanced Select the option Yes Slightly
specialized
response hierarchy
Don’t allow Advanced Select the option Prevents No
headline performance
monitoring degradation
Limit entries in Advanced Select the option Yes Yes
$UpdatedBy fields and specify the
number of
entries
$UpdatedBy
fields can
contain
Limit entries in Advanced Select the option Yes Yes
$Revisions fields and specify a
limit on the
number of
entries
$Revisions fields
can contain. The
suggested limit
is 10 entries.

Database properties that optimize database performance
Properly setting database properties can improve the performance of an
active database. Setting database performance properties on many
databases or on one, large, active database can also improve server
performance. In addition, some of these property settings also help
reduce the size of databases. Many of these properties require knowledge
of application design, and the database designer often sets these
properties when creating a database.
For information on designing applications, see the book Application
Display images after documents

To quickly display documents that contain images, select the Basics
database property “Display images after loading.” Then Notes users can
read the text while the images load. If you don’t load images after text,
Notes loads images in the order in which they appear in a document; if
an image appears first, Notes loads it before displaying text. With large
images or slow connections, loading images in order may slow the
display of the document.
This setting applies only when using Notes to view databases; Web
browser settings control the display of images to Web browser users.
Tip Users also can specify “Load images: On request” in the Advanced
section of a Location document to display images only when users click
Performance
them. For more information, see Lotus Notes 6 Help.
Prevent the use of stored forms

To ensure that a document always displays correctly, you can store the
form with the document. However, storing a form with every document
uses system memory and may require as much as 20 times more disk
space than not doing so. To save memory and disk space, you may want
to prevent the use of stored forms, especially if users experience
performance problems when trying to read the documents. To prevent
the use of stored forms, deselect the Basics database property “Allow use
of stored forms in this database.” Before preventing the use of stored
forms, make sure you understand how this design feature works and
how the database uses it.
Don’t maintain unread marks

Maintaining unread marks in a database requires system resources and
can significantly slow database performance. For some databases, unread
marks aren’t useful — for example, reference databases such as the Help
Improving Database Performance 61-3

databases provided with Domino, administration databases such as the
Domino Directory, or databases such as the log file (LOG.NSF) that are
continually updated. In these types of databases, consider disabling
unread marks. To disable unread marks, select the Advanced database
property “Don’t maintain unread marks.”
Note Designing views that don’t display unread marks doesn’t improve
database performance because they are still maintained but not
displayed.
If you select or deselect the “Don’t maintain unread marks” property,
you must compact the database so that the setting takes effect.
Compacting in this case makes a temporary copy of the database, so your
system must have the disk space to make the copy.
Tip You can also run the Compact server task with the -u or -U option
to enable or disable this property and then compact.
Associate document tables with forms for view updates

When updating a view, Domino refers to tables of document
information. These tables are stored internally in the database. By
default, during view updates and rebuilds, Domino searches each table
for documents that appear in the view being updated. To update views
more efficiently, select the Advanced database property “Document table
bitmap optimization.” This property associates tables with the forms
used by the documents the tables contain. Then during a view update,
Domino searches only the tables associated with the forms used by
documents in the view being updated. This significantly improves the
performance of view updates, especially updates of small views within
large databases — for example, the Connections view in the Domino
Directory.
This property only works for views that use Form= as part of the
selection criteria. There’s a slight performance cost to maintaining the
table/form association; however, when updating small views in large
databases, the benefits offset the cost.
If you select or deselect the “Document table bitmap optimization”
property, you must compact the database so that the setting takes effect.
Compacting in this case makes a temporary copy of the database, so your
system must have the disk space to make the copy.
Tip You can also run the Compact server task with the -F or -f option to
enable or disable this property and then compact.

Prevent overwriting of deleted data
When data is deleted from databases, Domino, by default, overwrites the
deleted data on disk with a pattern. This pattern prevents an
unauthorized user from using a utility to access the data. This
overwriting affects disk I/O and can affect database performance.
Preventing the overwriting of deleted data is appropriate in these
circumstances:
• The data is already secure — for example, the database is on a server
in a locked room.
• Deleted space in the database is constantly reallocated — for
example, in a system database such as MAIL.BOX.
• Data security isn’t an issue — for example, in an informal discussion
database.
To prevent the overwriting of deleted data, select the Advanced database
property “Don’t overwrite free space.”
Don’t maintain “Accessed (In this file)” document property

The Document Properties box displays the property “Accessed (In this
file)” which can show the date a document was last modified or read.
The Advanced database property “Maintain LastAccessed property”
controls whether the “Accessed (In this file)” property is updated if the
last document access was a read. Maintaining the “Accessed (In this
file)” property for reads causes disk I/O that wouldn’t otherwise occur.
Performance
By default, the database property “Maintain LastAccessed property” is
not selected, meaning the “Accessed (In this file)” property isn’t updated
when the last document access was a read, only when the last access was
a document modification. Change the default behavior by selecting
“Maintain LastAccessed property.”
You should select “Maintain LastAccessed property” if you use the
document archiving tool, available in the Database Properties box, to
delete documents based on days of inactivity.
Disable specialized response hierarchy information

By default every document stores information that associates it with a
parent document or a response document. Only the @functions
@AllChildren and @AllDescendants, which are often used in view
selection and replication formulas, use this stored information.
Maintaining this information has a significant, negative effect on
database performance.

To improve database performance, disable the response hierarchy
information in databases that don’t use these @functions by selecting the
Advanced database property “Don’t support specialized response
hierarchy.”
Disabling the response hierarchy information has no effect on views and
replication formulas that display information hierarchically without
using @AllChildren and @AllDescendants.
Disabling the response hierarchy information sets
NotesDocument.Responses to 0 documents.
If you select or deselect the “Don’t support specialized response
hierarchy” property, you must compact the database so that the setting
takes effect. Compacting in this case makes a temporary copy of the
database, so your system must have the disk space to make the copy.
Tip You can also run the Compact server task with the -h or -H option
to enable or disable this property and then compact.
Prevent headline monitoring

Users can set up headline monitoring to automatically monitor databases
for information that interests them. Monitoring a database this way
affects performance, especially if many users do this. To prevent users
from monitoring a database, select the Advanced database property
“Don’t allow headline monitoring.” You can also use the Security section
of a Server document in the Domino Directory to control headline
monitoring at the server level.
Allow more fields in a database

You can increase the number of fields in a database by selecting the
advanced database property “Allow more fields in database” which
allows the database to contain up to 23,000 fields.
For a database without this option selected, all the field names in a
database when concatenated cannot exceed 64 kilobytes, which results in
a database limit of approximately 3000 fields.
Use LZ1 compression for attachments

In Lotus Domino Designer 6, you can choose to compress attachments
using the new LZ1 algorithm instead of the Huffman algorithm. Because
LZ1 compression can be performed quickly and efficiently, it is favored
over the Huffman method. However, if you are working in an
environment that uses different versions of client and server software
(for example, a Lotus Domino Designer 6 client and a Domino 5 server)
and you choose this option, attachments are automatically recompressed

on the server using the Huffman method. Note that recompressing has
performance implications. For best performance, use LZ1 in primarily
Domino 6 environments.
Limit the size of $UpdatedBy fields

Every document includes an $UpdatedBy field that stores, by default,
the name of the user or server associated with each document editing
session. Storing a complete edit history consumes disk space and slows
view updates and replication. To conserve disk space and improve
database performance, use the Advanced database property “Limit
entries in $UpdatedBy fields” to specify the number of entries that the
$UpdatedBy field can contain. When the $UpdatedBy field reaches this
limit, the oldest entry is removed to make room for the newest entry.
Limit the size of $Revisions fields

Every document includes a $Revisions field that stores, by default, the
date and time of each document editing session. Domino uses this field
to resolve replication or save conflicts that occur when two users
simultaneously edit the same document on one replica or edit the same
document on different replicas between replications.
By default, the $Revisions field stores a history of up to 500 edit sessions,
each of which requires 8 bytes of disk space. Over time, $Revisions fields
can grow large, taking up disk space and slowing view updates and
replication. To conserve disk space and improve database performance,
use the Advanced database property “Limit entries in $Revisions fields”
Performance
to specify the number of entries that the $Revisions field can contain.
When the $Revisions field reaches this limit, the oldest entry is removed
to make room for the newest entry.
Consider limiting the entries in $Revisions fields on a database with all of
the following characteristics:
• The database contains many documents.
• The database replicates often or has no replicas.
• The database contains documents that are not often edited.
A suggested upper limit is 10 entries in the $Revisions field. If you set the
limit lower than 10, you run the risk of increased replication or save
conflicts.

Specify expiration time for soft deletions
When “Allow soft deletions” is selected, documents marked for deletion
are held in the database for a specified time before they are deleted. On
the Advanced tab of the Database Properties box, you can specify the
number of hours documents are held before they are deleted from the
database.
Soft deletions
In some databases, deleting a document permanently removes it from the
database. In other databases, such as the Notes mail file database,
deleting a document moves it into a Trash folder and stores it in a state of
“soft deletion.” From this folder, users can restore deleted documents by
dragging them from the Trash folder into another folder or by selecting
Remove from Trash.
Deleted documents are not permanently removed until a specified
expiration time or until the user empties the Trash folder. By default, soft
deletions are enabled for mail databases created from the Domino 6 mail
template (MAIL6.NTF). The default expiration time is 48 hours. You can
turn soft deletions on or off for any database and specify how long to
retain soft deletions before removing them from the database.
To display soft-deleted documents in other types of databases, you must
create a view to list the documents and provide users with an action
programmed to un-delete documents and restore them to the database.
For information on creating views to display soft-deletions, see the book
Because deleted documents are not removed immediately from a
database that has soft deletions enabled, space in the database is not
reclaimed as quickly as in a database that does not use soft deletions. If
space consideration is an issue, consider disabling soft deletions.
To enable or disable soft deletions for a database

1. From the Files tab of the Domino Administrator, select the database
and choose Edit - Properties.
2. On the Advanced tab of the Database properties box, check “Allow
soft deletions.”
3. Set a value for “Soft delete expire time in hours.” The default is 48
hours. After that amount of time, soft deletions are permanently
removed from the database.

The database cache
To minimize delays that occur when users, servers, or API programs
open and close databases on a server, each server maintains a database
cache. When a database closes and there are no users or processes using
the database, Domino puts the database in the cache so it can close it
quickly. The database remains in the cache until it’s opened again or for
about 15 to 20 minutes, whichever comes first. Databases in the cache can
be opened quickly.
The database cache is available to the first process that starts on a
machine and to any processes spawned from it. If you run the Domino
Administrator and the Domino server on the same machine — a
configuration that is not recommended — start the server before you
start the Domino Administrator. If you start the Domino Administrator
first, it owns the cache and prevents the Domino server from using it
effectively.
Database cache size

By default, the number of databases that the cache can store
simultaneously is the greater of these values:
• The value of the NSF_Buffer_Pool_Size setting in the NOTES.INI file,
divided by 300K
• 25
To change this limit, add the NSF_DbCache_Maxentries setting to the
Performance
NOTES.INI file or increase physical memory. Increasing the database
cache size improves system performance but requires additional
memory. The minimum number of databases allowed in the cache at one
time is 25; the maximum is 10,000.
The actual number of databases allowed in the cache is 1.5 times the
maximum allowed. This buffer increases the chance that when a user
opens a database from the cache, Domino can return the database to the
cache when the user closes it.
How databases are dropped from the cache

Databases are dropped from the cache by an “ager” thread that performs
necessary writes, deallocates memory, and completes other tasks to close
databases. This process happens over a period of 15 to 20 minutes.
Ideally, databases are dropped from the cache in time to allow new
databases to be added without exceeding the maximum databases

allowed in the cache. However, if the maximum is exceeded, one of the
following occurs:
• If the number of databases in the cache is less than the maximum
allowed times 1.5, when a database is closed it is added to the cache,
and the ager accelerates to reduce the number of databases to the
maximum allowed. This action may increase stress on the server I/O
subsystem and increase competition for cache resources.
• If the current number of databases in the cache is greater than or
equal to the maximum allowed times 1.5, when a database is closed,
Domino doesn’t put the database in the cache. Instead it uses the
slower, non-cache method to close the database. And when a user or
process next opens the database, Domino reads the database from
disk rather than from the cache, causing the database to open more
slowly than if it were in the cache.
Monitoring the database cache

Monitor the effectiveness of the database cache by occasionally checking
cache statistics. You can view the following statistics by viewing Mail &
Database Statistic Reports or by using the server command:
Show Stat Database.DbCache.*
For information on statistics reporting, see the chapter “Monitoring the

Domino Server.” For more information on server commands, see the
appendix “Server Commands.”
Statistic Description
Database.DbCache. Number of databases currently in the cache. If this number
CurrentEntries frequently approaches the value of
Database.DbCache.MaxEntries, increase the number of
databases the cache can hold.
Database.DbCache. Maximum number of databases in the cache during this
HighWaterMark running of the server program. This number may be
artificially high because of startup activity, so it may not
be a genuine indicator of cache performance.
Database.DbCache. The number of times an “InitialDbOpen” is satisfied by
Hits finding the database in the cache. A high “hits-to-opens”
ratio indicates that the database cache is working
effectively. If the ratio is low, increase the number of
continued

Database.DbCache. The number of times a user/server opened a database that
InitialDbOpens was not already being used by another user/server. For
example, if a user opens a mail file while it is being used
by the Replicator, this number does not increase. Compare
this number to Database.DbCache.Hits to gauge the
effectiveness of the cache.
Database.DbCache. The number of lookups to the database cache. A high
Lookups “Database.DbCache.Hit” to “Database.DbCache.Lookups”
ratio means the database cache is effective. If the ratio is
low, increase the number of databases the cache can hold.
Database.DbCache. The number of databases the server can currently hold in
MaxEntries its cache at once. To change this value, use the NOTES.INI
file setting, NSF_DbCache_Maxentries, or increase
physical memory.
Database.DbCache. Number of times a database is not placed into the cache
OvercrowdingReje when it is closed because
ctions Database.DbCache.CurrentEntries equals or exceeds
Database.DbCache.MaxEntries times 1.5. This number
should stay low. If it begins to rise, increase the number of
Managing the database cache

To change the number of databases the cache holds
If after monitoring the database cache you determine that you should
Performance
increase the number of databases the cache can hold, use the NOTES.INI
file setting, NSF_DbCache_Maxentries, as follows:
NSF_DbCache_Maxentries=value
Where value is the maximum number of databases allowed in the

database cache at one time.
The alternative to using NSF_DbCache_Maxentries is to increase physical
memory.
To show databases in the cache

Enter this command at the server console to display the names of the
databases currently in the cache:
dbcache show

To close databases in the cache
Enter this command at the server console to close all databases in the
cache:
dbcache flush
To disable the cache

By default, the database cache is enabled on a server. To disable the
cache, add the following NOTES.INI file setting:
NSF_DbCache_Disable=1
Controlling database size

Databases whose size is monitored and minimized show increased
performance: database operations require less I/O and fewer CPU
resources; view rebuilding and updating is quicker; and memory and
disk space allocation is improved. The maximum database size is 64GB
on Windows and UNIX. Use the following methods to minimize and
monitor the size of databases:
• Compact databases
• Set database size quotas to prevent databases from growing beyond
a specified size
• Delete inactive documents using the document archiving tool or
using agents
• Set database performance properties that also reduce database size
• Use replication settings to limit the size of a replica by replicating to
it only what’s necessary
• Decrease the database purge interval to remove deletion stubs more
often
• Disable the default user activity recording in databases
• Disable soft deletions in databases
For information on replication settings and the database purge interval,
see the chapter “Creating Replicas and Scheduling Replication.” For
information on user activity recording, see the chapter “Maintaining
Databases.”

Tools for monitoring database size
This table summarizes the methods you can use to monitor database size
and the information each method provides.
Monitoring method Database View size Quotas Percent of
size used space**
Domino Administrator Yes No Yes No
Files tab
Database - Sizes view of the Yes Yes No Yes
log file (LOG.NSF) or logs in
the view
Logs in Miscellaneous Events No No Messages No
view of the log file (LOG.NSF) relating to
File statistic reports in the Yes No No Yes
Statistics database
** Not always a reliable indicator of used space.
Monitoring database size

Use the following method to monitor database size and used space in a
database.
Performance
2. Click the Info tab (i) to see the size of the database.
3. Click % Used to display the percentage of database space in use.
Compacting databases
When documents and attachments are deleted from a database, Domino
tries to reuse the unused space, rather than immediately reduce the file
size. Sometimes Domino won’t be able to reuse the space or, because of
fragmentation, can’t reuse the space effectively until you compact the
database.

Styles of compacting
There are three styles of compacting:
• In-place compacting with space recovery
• In-place compacting with space recovery and reduction in file size
• Copy-style compacting
In-place compacting with space recovery only
This style of compacting recovers unused space in a database but doesn’t
reduce the size of the database on disk. Databases retain the same
database instance IDs (DBIIDs), so the relationship between the
compacted databases and the transaction log remains intact. Users and
servers can continue to access and edit databases during compacting.
This style of compacting is useful for databases that you expect to stay
the same size or to grow in size.
When you run Compact without specifying options, Domino uses this
style of compacting on all databases enabled for transaction logging.
Domino also uses this style of compacting when you use the -b option
(case sensitive) when compacting any database.
Tip Use this compacting method the most frequently — it is the fastest
method and causes the least system impact.
In-place compacting with space recovery and reduction in file size

This style of compacting reduces the file size of databases as well as
recovers unused space in databases. This style of compacting is
somewhat slower than in-place compacting with space recovery only.
This style of compacting assigns new DBIIDs to databases, so if you use it
on logged databases and you use a certified backup utility, perform full
backups of the databases shortly after compacting is complete. This style
of compacting allows users and servers to continue to access and edit
databases during compacting.
When you run Compact without specifying options, Domino uses this
style of compacting on databases that aren’t enabled for transaction
logging. Domino also uses this style of compacting when you use the -B
option. To optimize disk space, it’s recommended that you run Compact
using the -B option on all databases once a week or once a month.
Copy-style compacting
Copy-style compacting creates copies of databases and then deletes the
original databases after compacting completes, so extra disk space is
required to make the database copies. This style of compacting
essentially creates a new database with a new database ID. If you use
copy-style compacting on logged databases (using the -c option),

compacting assigns new DBIIDs, so if you use a certified backup utility,
you should perform full backups of databases shortly after compacting
completes. When you use copy-style compacting, users and servers can’t
edit databases during compacting, and they can only read databases if
the -L option is used.
Domino uses copy-style compacting by default when you use an option
with Compact to enable a database property that requires a structural
change to a database or when you run Compact on a database that has a
structural change pending that was initiated from the Database
Properties box. Enabling or disabling the database properties “Document
table bitmap optimization” and “Don’t support specialized response
hierarchy” require structural database changes.
The following table compares the three styles of compacting.
Characteristics In place, space In place, space Copy-style

recovery recovery with file
size reduction
Databases that use it when Logged Unlogged Databases with
compact runs without databases with databases with pending
options no pending no pending structural
structural structural changes
changes changes
Databases you can use it Current release Current release Current release
on (need -c)
Relative speed Fastest Medium Slowest
Performance
Users can read databases Yes Yes No (unless -L
during compacting option used)
Users can edit databases Yes Yes No
during compacting
Reduction in file size No Yes Yes
Extra disk space required No No Yes
Renaming a copy-style compacted database

Domino attempts only once to rename a database that was copy-style
compacted. You can request successive attempts by specifying the value
of the Num_Compact_Rename_Retries setting in the NOTES.INI file.
Domino tries to rename until it succeeds or the number of retries is
exhausted. For example, to request that Domino try once again to
rename, specify Num_Compact_Rename_Retries=1; to request that
Domino try 5 more times to rename, specify
Num_Compact_Rename_Retries=5.

If you have specified a value for the Num_Compact_Rename_Retries
setting, Domino waits 30 seconds before trying to rename a database that
was copy-style compacted. You can request a different amount of time to
wait by specifying the value of the Compact_Retry_Rename_Wait setting
in the NOTES.INI file. For example, to request that Domino wait 2
minutes before trying to rename a database that was copy-style
compacted, specify Compact_Retry_Rename_Wait=120.
Domino enforces the following upper limit when trying to rename a
copy-style compacted database:
Num_Compact_Rename_Retries x Compact_Retry_Rename_Wait <=
60 minutes
When to compact databases

It’s recommended that you compact databases weekly or monthly using
the -B option to recover disk space. If you use a certified backup utility,
remember to run it after compacting is complete.
Also compact databases to:
• Enable or disable specific database properties — for example,
transaction logging
• Run the document archiving tool on server databases that are
configured for document deletion and archiving
• Fix corrupted databases
Logging and Recovery.” For information on the document archiving tool,
see the topic “Running the document archiving tool” later in this chapter.
Note The Database - Sizes view of the log file (LOG.NSF), the File
Statistic reports generated by the Statistics Collector server task, and the
Info tab (i tab) of the Database Properties box, all report the percentage of
used space in a database. These are often not accurate indicators of used
space; therefore, you shouldn’t use them.
Ways to compact databases

Use any of these methods to run Compact. Each of these methods allows
you to customize how Compact runs.
• Run Compact using the Compact tool in the Files tab of the Domino
Administrator — Use this method to compact a few databases; you
can select the databases to compact, but you can’t use the Domino
Administrator until compacting finishes.

• Run Compact using the Task - Start tool in the Domino
Administrator — Use this method to compact all databases on a
server; you can continue to use the Domino Administrator during
compacting and you don’t have to remember specific command-line
options.
• Run Compact using a console command — Use this method if you’re
comfortable using command-line options or to compact databases
directly at the server when there isn’t a Domino Administrator client
running on the server.
• Run Compact using a Program document — Use this method to
schedule compact to run at particular times.
• Run Compact on a Win32 platform — Use this method if you are
unable to run Compact at the server console. This method requires
that you use the “n” prefix. For example: ncompact - C.
Determining the file format of a database

Follow these steps to check the ODS (on-disk structure) and determine
the file formats of databases before compacting them.
1. From the Domino Administrator, in the Server pane on the left, select
the server on which to run Compact. Click the servers icon to expand
the Server pane.
3. Select the folder containing the files you want to check.
Performance
4. Look at the File Format column in the files window.
Compact options
The following tables describe the options you can use with the Compact
server task. The first column lists the options as they appear when you
run Compact using the Task - Start tool or the Files tab in the Domino
Administrator. The second column lists the equivalent command-line
options that you use when you run Compact using a console command
or using a Program document.

Compact - Basics
Option Command-line Description
equivalent
Compact only database path To compact a database in the Domino data
this database Specify any folder, enter the file name, for example
or folder additional SALES.NSF. To compact databases in a folder
(To specify options after within the data folder, specify the database
databases to the database path relative to the data folder. For example, to
compact using path. compact all databases in the folder
the Files tab, DATA\SALES, specify SALES.
select the If you choose “Compact all databases” (or don’t
databases in specify a database path at the command line)
the files pane.) Compact compacts all databases in the data
folder and in folders within the data folder.
For more information on database path, see the topic “Running Compact
using a console command” later in this chapter.
Compact - Options
equivalent
Compact -S percent Compacts all databases with a specified percent
database only of unused space. For example, if you specify 10,
if unused space databases with 10% or more recorded unused
is greater than space are compacted. Note that the unused
x percent space calculation is not always a reliable
measure of unused space.
Discard any -D Discards built view indexes. Use this option to
built view compact databases just before you store them
indexes on tape, for example. Does copy-style
compacting.
Keep or revert -R Compacts databases without converting to the
database to current release file format of the server that
previous stores the databases or reverts databases in the
format current release file format to the previous
release file format. For example, on Domino 6
servers, this option compacts Domino 5
databases without converting them to the
Domino 6 file format and converts Domino 6
databases to the Domino 5 file format. This
option uses copy-style compacting.

Compact - Style
equivalent
In-place -b Uses in-place compacting and recovers
(recommended) unused space without reducing the file size,
unless there’s a pending structural change to
a database, in which case copy-style
compacting occurs. This is the recommended
method of compacting.
In-place with -B Uses in-place compacting, recovers unused
file size space and reduces file size, unless there’s a
reduction pending structural change in which case
copy-style compacting occurs. If you use
transaction logging, do full database backups
after compacting completes.
Copy-style -c Uses copy-style compacting. Use this option,
for example, to solve database corruption
problems.
Copy-style: -L Enables users to continue to access databases
Allow access during compacting. If a user edits a database
while during compacting, compacting is canceled.
compacting This is useful only when copy-style
compacting is done.
Copy-style: -i Enables compacting to continue even if it
Ignore errors encounters errors such as document
and proceed corruption. Only used for copy-style
Performance
compacting.
Compact - Advanced
The advanced compact options are not available through the Compact
tool in the Files tab of the Domino Administrator.
Option* Command-line Description
equivalent
Document table -f Disables “Document table bitmap
bitmap optimization” database property. Does
optimization: Off copy-style compacting.
Document table -F Enables “Document table bitmap
bitmap optimization” database property. Does
optimization: On copy-style compacting.
Don’t support -h Disables “Don’t support specialized response
specialized hierarchy” database property; in other
response words, support specialized response
hierarchy: Off hierarchy. Does copy-style compacting.
continued

equivalent
Don’t support -H Enables “Don’t support specialized response
specialized hierarchy” database property; in other
response words, do not support specialized response
hierarchy: On hierarchy. Does copy-style compacting.
Enable -t Disables transaction logging.
transaction
logging: Off
Enable -T Enables transaction logging.
transaction
logging: On
Don’t maintain -u Disables “Don’t maintain unread marks”
unread marks: database property; in other words, maintain
Off unread marks.
Don’t maintain -U Enables “Don’t maintain unread marks”
unread marks: database property; in other words, do not
On maintain unread marks.
* Select “Set advanced properties” before you enable or disable any of these
properties.
Compact - Archive
When you use the document archiving tool to archive and delete
documents in a database, you can use the following Compact options to
archive documents if the database is located on a server and you’ve
chosen the advanced archiving option “Automatically on server.”
equivalent
Archive only -A Archives and deletes documents from a
database without compacting the database.
Archive and then -a Archives and deletes documents from a
compact database and then compacts the database.
Delete and then -j Deletes documents from a database and
archive then compacts the database.
*The Compact tool in the Files tab of the Domino Administrator provides only
the option “Archive database;” this option archives and then compacts.

Running Compact using the Files tab
Use the Compact tool in the Files tab of the Domino Administrator to run
Compact on specific databases. The databases can be stored on a server
or stored locally on a Domino Administrator client.
1. From the Domino Administrator, select the server in the Server pane
that stores the databases you want to run Compact on. If the Domino
Administrator does not run on a server, you can select local to run
Compact on databases stored on the client. To expand the Server
pane, click the servers icon.
3. Select the databases on which to run Compact.
4. In the Tools pane at the right, select Database - Compact. Or drag the
selected database(s) to the Compact tool.
5. (Optional) Select options to control how Compact runs.
For information on the options available, see the topic “Compact
6. Click OK.
Running Compact using the Task - Start tool

Use this method to compact many databases on a server. You can
continue using the Domino Administrator during compacting.
1. From the Domino Administrator, on the Server pane on the left,
select the server on which to run Compact. To expand the pane, click
Performance
the servers icon.
3. In the Task pane on the right, click Task - Start.
4. Select Compactor.
• To run Compact with options (to control how Compact runs), click
“Show advanced options,” click Start Task, select options, and
then click OK.
• To run Compact without options, click Start Task.
For information on the options available, see the topic “Compact

Running Compact using a console command
select the server on which to run Compact. To expand the pane, click
the servers icon.
3. Click Console.
4. Enter the following command in one of the following ways: 1) in the
command line at the bottom of the console, and then press ENTER or
2) directly at the console on a server:
Load compact databasepath options
where databasepath specifies the files to compact

and options are Compact command-line options.

Specific databases in Load compact DATA\SALES.NSF
the Domino data SALES.NSF,DEV.NSF
DATA\DEV.NSF
folder
All the databases in a Load compact SALES DATA\SALES\all
folder relative to the databases
Domino data folder
A specific database in Load compact DATA\SALES\USER1.NSF
a folder relative to SALES\USER1.NSF
the Domino data
folder
All the files specified Load compact DATA\SALES.NSF
in a .IND file created WEEKLY.IND DATA\DEV.NSF
in the Domino data where WEEKLY.IND
DATA\SALES\USER1.NSF
folder contains:
DATA\SALES\NEW\all
SALES.NSF
databases
DEV.NSF
SALES\USER1.NSF
SALES\NEW

Running Compact using a Program document
Use a Program document to schedule Compact to run at a regular time.
For example, schedule Compact to run with the -B option once a week.
Remember to perform full backups of the databases after compacting is
complete.
Tasks.”
2. Next to “Use Directory on,” select the server with the replica of the
Domino Directory you want to modify.
3. Expand Server - Programs and then click Add Program.
Field Enter
Program name Compact
Command line Command line options. Don’t specify “load”
before the options.
Server to run on Server on which to run Compact
Comment Optional comments
5. On the Schedule tab, complete these fields:

Field Enter
Performance
Run at times Times to run Compact each day
Repeat interval of How soon to run Compact again after it
completes
Days of week The days to run Compact

topic “Compact options” earlier in this chapter.
Database size quotas

Set a database size quota to specify the maximum size a database can
attain. When a database exceeds its quota, the following message appears
in the Miscellaneous Events view of the log file (LOG.NSF); a user
attempting to open the database sees it as well: “Cannot allocate
database object - database would exceed its disk quota.” Although a
database may have reached its quota, a user may be able to add

documents to it if the database contains unused space — that is, space
that remains from deleted data.
In conjunction with setting a quota, you can specify that when a database
reaches a certain size threshold, this warning message appears in the
Miscellaneous Events view of the log file: “Warning, database has
exceeded its size warning threshold.” For example, if the quota is 50MB,
you might specify that the warning appear when the database size
reaches 45MB so you can take steps to reduce the size of the database or
move it to a server that has more disk space available.
Note You can set quotas on user mail files, but, by default, when a mail
file exceeds its quota, the Router continues to deliver mail to it, and users
can update existing mail views. This ensures that users can continue to
receive and read all mail sent to them. The quota is enforced only for
other means of increasing the size of the mail file — for example, when a
mail file reaches its quota, users can’t manually add documents or views
to it. However, you can customize routing to strictly enforce quotas on
mail files.
For more information on customizing mail, see the chapter “Customizing
the Domino Mail System.”
Database size limits

Databases can attain a maximum size of 64GB on Windows and UNIX.
Setting database size quotas

select the server that stores the databases you want to set quotas for.
To expand the pane, click the servers icon.
3. Select the databases you want to set quotas for.
4. In the tools panel on the right, select Database - Quotas. Or drag the
selected databases to the Quotas tool.
5. Below “Database size quotas,” click “Set database quota to x MB”
and specify a maximum size in megabytes the selected databases can
attain.
6. Below “Quota warning thresholds,” click “Set warning threshold to x
MB” and specify a size in megabytes at which a message appears in
the log file (LOG.NSF).
7. Click OK. When processing is complete, a dialog box indicates how
many databases were affected and if any errors occurred. See the
status bar for details.

Deleting inactive documents
Regularly delete inactive documents from databases to save disk space,
to make it easier for users to find information, and to improve database
performance. This table compares the deletion methods available.
Deletion method Multiple Archive Leaves
deletion capability? deletion
criteria? stubs*?
Create an archive settings document Yes Yes Yes
Document archiving tool in the Database Yes Yes Yes
Properties box
“Remove documents not modified in the last x No No No
days” replication setting
Agents Yes Yes Yes
* Deletion stubs are markers that remain from deleted documents so that the
documents are deleted in other replicas of the database.
In addition to these methods, you can also create an API program that
deletes documents.
For information on the “Remove documents not modified in the last x
days” setting, see the chapter “Creating Replicas and Scheduling
Replication.”
To archive deleted documents
Performance
If you have disk space available and you want users to be able to access
deleted documents, archive the documents before deleting them. When
doing so, follow these guidelines:
1. Determine an archive frequency based on the type of database. For
example, you might archive an infrequently accessed database, such
as a company policy database, every three months. Archive a heavily
used tracking database, such as a customer call-tracking database,
once a month or once a week.
2. Notify users that you plan to archive the database.
3. In the About This Database document of the active database, post the
archiving schedule and the location of the archive database.
4. Archive the database when it is not in use and server traffic is low —
for example, on Sunday night.
5. After archiving is complete and you’ve deleted documents from the
active database, compact the active database.

6. If the database has replicas, replicate the active database when
database use is light so that you minimize user interruptions.
7. Limit access to the archive database. Assign Manager access in the
database ACL to one or two users and replicating servers. Assign
Reader access in the database ACL to everyone else. By doing this,
you ensure that view indexes and full-text search indexes update
only when archiving occurs.
To customize an archive database for fast access

Using an archive database ensures that users can continue to access the
archived data. Use any of these methods to make accessing the archive
database fast and easy.
Note Don’t customize an archive database used by the document
archiving tool.
Remove unnecessary fields

Removing unnecessary fields makes the documents smaller and the
views smaller and faster. For example, although the active database
might include fields for the customer name, phone number, address, and
fax number, the archive database might require only the customer name.
Use only a few views and create a full-text index

Using only a few views improves view performance by keeping the total
size of the view indexes to a minimum. Providing a full-text index allows
users to retrieve information easily.
Create buttons or agents in the active database

Buttons and agents allow users to quickly open the archive database
when necessary.
To use an archive copy for statistical analysis

To analyze statistics within a database, create a view that generates
statistics in an archive copy of the database. For example, in an archive
copy of a Call Tracking database, create a view that generates totals for
specific categories of call records and for all call records. Because archive
databases usually contain data that span a long period of time, they are
ideal for performing statistical analysis.

Running the document archiving tool
If you selected the option “Automatically on server,” run the Compact
task on the server that stores the source database.
• Use the -A option to archive documents without compacting the
source database.
• Use the -a option to archive documents and then compact the source
database.
Viewing a document Archiving Log

If you set up the document archiving tool to log archiving information to
an Archiving Log database, an entry is created in the Archiving Log
database when either the client or server finishes archiving. To view this
entry:
1. Open the entry in the Archiving Log database.
2. Click “Archive statistics” to display the date of the archive, the
number of documents archived to the Archive database, and the
number of archived documents deleted from the original database.
3. Click “Database/Server” to display the location, title, and path for
the original database and for the Archive database.
4. Click “Links to archived docs” to use document links to access
documents in the Archive database that have been removed from the
original database. This doesn’t apply if you selected the advanced
archiving option “Delete matching documents without archiving
Performance
them.”
Using an agent to delete and archive documents

Agents give you a very high degree of control over document deletion
criteria. However, agents can be slow to run.
The following procedure describes creating an agent using simple
actions. You can also create agents using Notes formulas, LotusScript, or
Java.
When you run the agent, if Domino cannot copy all specified documents
to an archive database — for example, if there is not enough disk space
on the target folder — the agent stops.
For more information on agents, see the chapter “Agents.” For more
information on Notes formulas, LotusScript, and Java see Domino
Designer Programming Guide, Volumes 1 through 4.

To use an agent to delete and archive documents
1. (Optional) To archive deleted documents, choose File - Database -
New Copy to create a copy of the database as the archive copy. Copy
only the database design.
2. Open the database and choose Create - Design - Agent.
3. Type a name for the agent.
4. Below “When should this agent run,” click the arrow and select an
option.
5. Below “Which documents should it act on?” click the arrow and
select an option. Click Add Search, specify the search criteria, then
click OK.
6. (Optional) To archive deleted documents, on the bottom pane next to
Run, select “Simple action(s)” then click “Add Action.” Then select
“Copy to Database” and select the archive copy of the database
created in Step 1. Click OK and go to Step 8.
7. In the bottom pane next to Run, select “Simple action(s)” then click
“Add Action.” Then select “Delete from Database.”
8. Close and save the agent. Then choose View - Agents, select the
agent and choose Actions - Test to simulate a run and test that it
works correctly.
9. Save and close the agent if necessary.
Examples of using an agent to delete and archive documents

An agent that archives documents according to date modified
These selections create an agent that copies all documents modified more
than 60 days ago from the active database to an archive database with
the file name ARCHIVE.NSF. The agent deletes the archived documents
from the active database after all the documents have been copied.
When should this agent run? On Schedule Monthly
Which document(s) should it All documents in the database
act on? Add Action: @Function formula
Search for documents created more than 60 days
ago
What should this agent run? Simple action: Copy to Database ARCHIVE.NSF
Simple action: Delete from Database

An agent that archives documents according to field status
These selections create an agent that weekly copies all documents with a
Status field set to “Closed” from the active database to an archive
database with the file name ARCHIVE.NSF. Then the agent deletes the
archived documents from the active database.
When should this agent run? On Schedule Weekly

Which document(s) should it All documents in the database
act on? Condition: by Field
Search for documents where field Status contains
Closed
What should this agent do? Add Action: Copy to Database ARCHIVE.NSF
Add Action: Delete from Database
Allowing more fields in a database

You can increase the number of fields in a database by selecting the
advanced database property “Allow more fields in database” which
allows the database to contain up to 23,000 fields.
For a database without this option selected, all the field names in a
database when concatenated cannot exceed 64K, which results in a
database limit of approximately 3000 fields.
To allow more fields in a database:
Performance
2. Click the Advanced tab.
3. Select “Allow more fields in database.”
NOTES.INI file settings used to optimize database performance

The following table summarizes the NOTES.INI file settings you can use
to optimize database performance.
File.”

Compact_Retry_Rename_Wait The amount of time to wait before trying to
rename a copy-style compacted database.
The default value is 30 seconds.
NSF_Buffer_Pool_Size Specifies the amount of memory allocated to
database operations.

NSF_Dbcache_Disable When set to 1, disables the database cache on
the server.
NSF_Dbcache_Maxentries Specifies the maximum number of databases
allowed in the database cache at one time.
Num_Compact_Rename_Retries The number of times to try renaming a
copy-style compacted database. The default
value is 0.

Chapter 62
Using Server.Load
This chapter discusses Server.Load, a capacity-planning tool for the

Domino server.
Server.Load
Server.Load is a capacity-planning tool that you use to run tests, also
called “scripts” and “workloads,” against a targeted Domino server to
measure server capacity and response metrics.
Server.Load supports any platform that is supported by the Domino
Administrator client. The client runs the Server.Load tests and generates
the transactions that are presented to the server. A typical Server.Load
configuration has one or more client systems driving the server under
test (SUT). Each client running Server.Load generates a simulated user
load of Notes transactions against the SUT, which reports server statistics
back to the client. If you configure multiple clients, you set up and run
the test from each client system.
Performance
You can run built-in scripts, create custom scripts from a library of
commands, or submit commands manually. For example, run the built-in
R5 Simple Mail Routing script to simulate users on a Notes client reading
and sending mail. Or create a custom script to create and open a Notes
mail database and populate it with messages. To test or execute
individual commands, you can use the manual command line mode to
delete documents from a database or issue remote server commands.
Using Server.Load, you have real-time control of the test environment
and variables. Prior to running a test, you can change test parameters,
stop conditions, and existing script variables. You can also monitor
real-time server metrics. While the script is running, the Metrics window
displays an immediate characterization of server performance by
updating metrics on a per-minute basis.
62-1
Built-in and custom Server.Load scripts
Server.Load includes a set of built-in scripts. You can also create a
custom script from scratch.
Built-in scripts
The following table describes the scripts that are built into Server.Load.
To see the actual code of each script, see the appendix “Server.Load
Scripts.”
Script Description
Idle Workload Establishes the upper boundary of the number of
sessions that a Domino server can support. You can use
the metric derived from this script to help you set up
other tests.
R5 IMAP Workload Runs Notes transactions that model a server for mail
users at sites that rely on IMAP for communication. This
test stresses the IMAP protocol by receiving messages
and exercises SMTP and LDAP by sending SMTP
messages to recipients and performing LDAP lookups
on them. You use the IMAP Initialization Workload
script to initialize the SUT.
R5 Simple Mail Simulates one or more Notes mail users performing
Routing basic mail operations such as opening mail files, reading
and categorizing documents, sending calendar and
schedule items, and composing multiple mail messages
to multiple recipients. You use the NRPC Mail
Initialization Workload script to initialize the SUT.
R5 Shared Database Simulates one or more active users performing database
operations on the same Discussion database. The script
includes performing view operations, navigating unread
documents, adding users to the database, and updating
documents.
SMTP and POP3 Runs Notes transactions that model a server for mail
Workload users at sites that rely on SMTP and POP3 mail for
communication. You use the SMTP and POP3
Initialization Workload script to initialize the SUT.
Web Idle Workload Simulates users connecting to the default page or home
page on a Domino Web server.
Web Mail Workload Runs transactions that model a server for Web Mail
users. The test simulates a Web browser user sending,
retrieving, and deleting Notes mail. You use the Web
Mail Initialization Workload script to initialize the SUT.

Custom scripts
You can use the Server.Load command language to build a script from
scratch, copy a built-in script and modify it, or use a sample script. Then
by modifying only test parameters and script variables, you can further
customize the script without changing the actual script code. Script
variables are environmental values that are referenced through the
NOTES.INI file. Test parameters control the number and creation of
simulated users, or threads; the number of times the test runs for each
user; and the test duration. If you create a script from scratch, you can
test each line of code by entering it in the command line. In addition,
using the command line, you can issue remote server console commands.
NotesBench
A related performance tool, NotesBench is a collection of benchmarks, or
workloads, for evaluating the performance of Domino servers. To learn
more about NotesBench, go to http://www.notesbench.org.
Tips for running a Server.Load test

1. Consider the number of simulated users you plan to assign to the
SUT and evaluate how that number relates to system limitations,
such as disk space and memory. Server.Load creates one thread per
simulated Notes user. If, for example, you assign 100 users to one
client system, 100 threads will run the test script. Note that all
threads run the specified test concurrently.
2. Set the Thread Creation Interval parameter to stagger the creation of
each user. For example, a value of 2 staggers the creation of each user
Performance
by 2 seconds.
3. Plan to enter values for the Starting Thread No. and Max No. of
Users parameters. The values you enter depend on how many client
systems and database users the test is simulating. For example, to
simulate 400 database users across 4 client systems, with 100 users
spread across the 4 clients specify these values when you run the test
on each client.
Client Max. No. of Users Starting Thread No.
1 100.00 1.00
2.00 100.00 101.00
3.00 100.00 201.00
4.00 100.00 301.00
4. Simulate the behavior of actual users by providing pauses between

commands in your script. Use the built-in scripts as a reference point.
Using Server.Load 62-3

5. Be aware of both ramp-up and steady state. Ramp-up state occurs after
all threads run at least one iteration of the script. Steady state represents
the server’s true, sustainable performance with reproducible results.
Steady state occurs when the number of Notes users on the server is
equal to the total simulated users across all clients.
Server.Load agents
Server.Load includes a set of agents in the file NAMAGENT.NSF, which
is initially installed in the data directory on the Domino Administrator
client. The first agent in this list — Create NotesBench Mail Person
Documents — is used to set up Person documents for the workloads and
set the HTTP password. The rest of the agents are used to repair and
change the workload setup.
To use the agents, you must use Domino Designer to add them to the
Domino Directory on the SUT.
• Create NotesBench Mail Person Documents
• Refresh All Documents
• Set HTTPPassword to “NotesBench”
• Set Message Storage Format = MIME
• Set Message Storage Format = No Preference
• Set Message Storage Format = Notes
• Update ACL of MailDBs to include Owner (mail1, mail2, ...)
Agent to set up a workload: Create NotesBench Mail Person

Documents
This agent prompts you for information required to create the necessary
number of Person documents for a workload. The following table
describes the prompts and defaults.
Prompt Default
Starting value to create mail users 1.00
Number of users to create 1000.00
Number of Mailn.NSF files to create 1000.00
Starting Mailn.NSF file 1.00
Location for mail databases mail\
continued

Prompt Default
Mail domain Default is read from the server’s mail
domain
Mail server directory is on Name of the server that stores the
Domino Directory
Message storage format 2 (MIME)
Mail system 1 (NOTES)
Internet host name Host name of the server that stores the
Domino Directory
Agents to repair and change a workload setup

After you use the Create NotesBench Mail Person Documents agent, you
may need to use the Refresh All Documents agent to refresh the view in
If you have trouble connecting with HTTP-based workloads and the
Person documents do not display any encrypted passwords, use the Set
HTTPPassword to “NotesBench” agent to reset the password in all
Person documents.
When you change to a different workload, you must remake all of the
mail files, but you can use one of these agents to change the mail type in
the Person documents without having to recreate all of the Person
documents:
• Set Message Storage Format = MIME
Performance
• Set Message Storage Format = No Preference
• Set Message Storage Format = Notes
• Update ACL of MailDBs to include Owner (mail1, mail2, ...) — Use
this agent for a workload that has authentication on.

Server.Load test parameters
Before you run a Server.Load test, you can modify any of these
parameters, which are located on the Test Parameters tab.
Field Action
Max No. of Users Enter the number of simulated users. Default is 1.
Maximum value for this setting is 512.
Note To verify that a script is running properly, run the
test the first time with only one simulated user.
If you are running the test on multiple clients, increment
the value of the Max No. of Users parameter when you run
the test on each client.
The client should not run at anything higher than 75% to
85% CPU. If the client is running at 100%, reduce the
number of users.
Script Loop Count Enter the number of times the script runs per simulated
user. Default is 1.
To calculate total iterations, multiply Script Loop Count by
Max. No. of Users.
Note For long-duration tests, enter a large value, and
specify No Time Limit in the Test Time Parameter field.
If a test uses the ScriptIterationLimit script variable, set both
the variable and the Script Loop Count to the same value.
Thread Creation Enter the rate, in seconds, at which simulated users are
Interval (sec) created. Default is 1
To calculate total ramp-up time, multiply Thread Creation
Interval by Max. No. of Users.
Starting Thread Enter the thread number that will start the test. Default is 1.
No. Note If you use multiple clients in a test, you must stagger
the starting thread number — for example, client 1 starts at
thread 1; client 2 starts at thread 101, and so on.
Test Time Choose one:
Parameter • No time limit (default) — To run the test indefinitely.
• Run between two time periods — To run the test
between Start and Stop times that you enter in standard
format (1:00 PM) or military format (13:00).
• Specify Total Test Time — To run the test for a specific
number of minutes.
Build Recipient Click Browse and select the Domino Directory or Personal
List using Name Address Book to use when building a list of recipients of
and Address Book the test results.
Storage test Click Browse to choose the location to store test output.
output to

Server.Load metrics
As you run a test, you can view various script metrics and server statistic
metrics and optionally store the test output in a separate file. Server
statistic metrics are generated by the Domino server. Script metrics
correspond to Server.Load command names and display the
performance of particular commands. For example, if you select the Add
metric, the Metrics window displays the results of the Add command.
For more information on script commands, see the appendix
“Server.Load Command Language.”
Note If the server runs Windows, you can also use the Windows
Performance Monitor to measure performance.
Database statistics
Database.BufferPool.Reads Number of database buffer pool
reads.
Database.BufferPool.Used Number of bytes allocated in the
buffer control pool.
Database.BufferPool.Writes Number of database buffer pool
writes.
Database.DbCache.CurrentEntries Number of entries in the database
cache.
Performance
Database.DbCache.HighWaterMark High water mark of the database
cache.
Database.DbCache.Hits Number of hits to the database
cache.
Database.DbCache.InitialDbOpens Number of database opens done by
the database cache.
Database.NIFPool.Used Number of database NIF pools

System statistics
Disc.c.Free (bytes) Free disk space in bytes on drive ’n’. When disk space
is low, compact, delete, or move databases. If problem
persists, consider a larger hard disk.
Disc.c.Size (bytes) Total size in bytes of drive ’n’.
Server.Trans.PerMinute Number of transactions that took place in the last
minute. Useful to monitor server use. If this number is
consistently higher than that of other servers and
performance is a problem, redistribute the server load
to other servers.
Server.Users Number of users with sessions open on the server.
Useful to monitor overall server use. If this number is
consistently higher than that of other servers and
performance is a problem, redistribute the server load
to other servers.
Mail statistics
Mail.AverageDeliverTime Average delivery time of messages in seconds
Mail.AverageServerHops Average number of server hops for a delivered
message.
Mail.AverageSizeDelivered Average size of message delivered, in K.
Mail.Dead Number of undeliverable messages in
MAIL.BOX. Useful for detecting problems with
the Router. Check the server MAIL.BOX to view
the dead mail messages and determine the
problem.
Mail.Delivered Number of messages received by the Router.
Mail.MaximumDeliverTime Slowest delivery time of messages in seconds.
Mail.MinimumServerHops Least number of server hops for a delivered
message.
Mail.MaximumSizeDelivered Largest message delivered, in K.
Mail.MinimumDeliverTime Slowest delivery time of messages in seconds.
Mail.MaximumServerHops Most number of server hops for a delivered
message.
Mail.MinimumSizeDelivered Smallest message delivered, in K.
Mail.TotalFailures Total number of mail failures.
continued

Mail.TotalRouted Total number of recipients that mail has routed
to since the server started.
Mail.Waiting Number of outgoing mail messages waiting to
be either delivered locally or transferred in
MAIL.BOX. Useful for detecting problems with
the mail Router.
Mail.WaitingRecipients Number of recipients awaiting either local
delivery or transfer.
Network statistics
NET.TCPIP.BytesReceived Amount of data received from
client to server using TCP/IP
protocol.
NET.TCPIP.BytesSent Amount of data sent from client
to server using TCP/IP protocol.
NET.TCPIP.Sessions.Established.Incoming Incoming sessions from client to
server using TCP/IP protocol.
Per Minute Thread Statistics

These statistics are automatically provided and collected for every test.
Performance
Avg. Trans (Per The average number of transactions per thread.
Thread)
Min. Trans (Per The minimum number of transactions per thread.
Thread)
Max. Trans (Per The maximum number of transactions per thread.
Thread)
Total Trans (All The total number of transactions per thread.
Threads)
Running Threads The total number of all threads currently running.
Agg. Replications The aggregate number of replications that occurred.
Avg. Rsp. Time (ms) The average NRPC response time. This is the average
response across all threads and is the best overall value
to track general server response curves.
Note This value is not applicable to the Web Mail
script
Running time (min) The total running time.

Monitoring Server.Load metrics
1. Click Execute from the main window.
2. Choose a script metric or server statistic metric.
3. Do one:
• Click Add Metric to add a metric to monitor.
• Click Delete Selected Metric to stop monitoring a metric.
4. (Optional) Click Browse next to “Store the Metrics to this File” and
then choose a file to store the metrics.
Tip The Output monitor displays real-time test results,
command-by-command, as the test runs. You can see up to 64KB of data
in the Output monitor.
Setting a Server.Load stop condition

You can control what happens if the SUT fails to respond appropriately
during a test.
1. From the main window, click the Stop Conditions tab.
2. Do one:
• Choose “If Total Number of Timeouts Exceeds” and then enter the
number of timeouts after which the test will stop.
• Choose “If Average Response Time Exceeds (msec)” and then
enter a number, in milliseconds, after which the test will stop.
Changing a Server.Load script variable

To further refine a test, you can change the default values of script
variables. Within a script, each variable appears enclosed in square
brackets [ ]. Each variable must have a value. After you edit a test
variable, its corresponding setting in the NOTES.INI file changes.
1. From the main window, click the Script Variables tab.
2. Locate the row containing the variable to change, and click the
leftmost column.
3. Double-click the value of the variable to activate Edit mode, and then
enter the new value.
4. Click next empty variable row.
5. Open the script so that Server.Load acknowledges the change.

Testing a Server.Load command
Using the Command Line Screen, you can test an individual Server.Load
command. The results of each command appear in an output window.
1. On the client system, start Server.Load.
2. In the Test Type field, choose Manual.
3. Click the Command Line Screen tab, enter a Server.Load command
or a server command in the Command Line field, and click Submit.
Modifying a built-in Server.Load script

Rather than build a script from scratch, modify a copy of a built-in script.
For example, to test replication, you can edit the R5 Simple Mail Routing
script to include the Replicate command.
1. On the Domino Administrator client, start Server.Load by running
SLOAD.EXE from the Program directory.
2. In the Test Type field, choose Built-in, and then choose the script to
modify.
3. Click View Script, and a window containing the script code appears.
4. Copy the script to a text editor.
5. Use the Server.Load commands to customize the script.
For more information, see the appendix “Server.Load Commands.”
6. Save the script as a text file.
Performance
Running a custom Server.Load script
If you create a custom script, use these steps to run it.
2. In the Test Type field, choose Custom. Then click Browse and select
the script you want to add; to view or edit the script, choose Edit
Script.
3. Click the Test Parameters tab. If you are running the test on multiple
clients, increment the value of the Starting Thread No. parameter
when you run the test on each client.
4. (Optional) Click the Stop Conditions tab to set a stop condition.
For more information, see the topic “Setting a Server.Load stop
condition” earlier in this chapter.
5. Click Execute.

6. (Optional) Select metrics to monitor.
For more information, see the topic “Monitoring Server.Load
metrics” earlier in this chapter.
7. (Optional) In the “Server to receive console commands” field, enter
the name of the SUT.
8. Click Start Test.
Setting up clients and servers for Server.Load

To use Server.Load, you must install the Domino server on the server
under test (SUT) and install the Domino Administration client and the
Server Load Utility on each client.
For information on installing the Domino server, see the chapter
“Installing and Setting Up Domino Servers.” For information on
installing the Domino Administration client, see the chapter “Setting Up
and Using Domino Administration Tools.”
To set up a SUT
1. Make sure that:
• The Domino server is installed and operational
• The server has adequate RAM, approximately 512KB per
simulated user (thread) across all clients used in the test
2. Make sure that you have Administrator access, Create database
access, and access to run unrestricted LotusScript and Java agents.
3. Make sure that the Server, Replicator, Router, and Update tasks are
running on the Domino server. Run additional tasks as required for
individual tests.
4. Enable performance monitoring on the Domino server by issuing the
Show Perf command.
5. Use Domino Designer to copy the file NAMAGENT.NSF to the
Domino Directory. This file contains agents that you use to set up
and change workloads.
6. Disable all screen savers.

To set up a client
If you use multiple clients in a test, they all must have the identical
hardware setup, and you must complete the following procedure on each.
1. Make sure that:
• The Domino Administration client and Server.Load are installed
and operational
• The client has access to the templates to use in the test
• The client has adequate RAM — approximately 512KB per
simulated user (thread)
2. Do the following to edit the Location document:
a. Choose File - Mobile - Edit Current Location.
b. Click the Mail tab, and complete these fields:
Field Action
Mail file location Choose On server
Mailfile Enter the path to the mail file — for example
mail\mailfile.nsf
c. Click the Servers tab, and in the home/mail server section, enter
Note If you edit the MailServer script variable before you run a test,
you change the location of the mail server for only that run. The next
time you run Server.Load, the mail server listed in the Location
Performance
document is used.
d. Click Save and Close.
3. Make sure that you use a Notes ID that has administration access to
the SUT.
4. Do the following to verify the connection to the SUT:
a. Start the Domino Administration client and verify that the
Home/Mail Server field in the Location document contains the
fully distinguished SUT name — for example,
MailServer1/Acme.
b. Verify connectivity by running a trace from the client to the
server. Select File - Preferences User Preferences Ports.
c. Verify that the correct communication port is enabled, and click
Trace.
d. Enter the name of the SUT in the Destination field and run the
trace to verify that the client can use the desired protocol to trace
to the server.

e. If you cannot connect over TCP/IP, verify that TCP/IP has been
enabled on the Domino server and that the port is enabled in the
Server document.
f. Verify that the port has been enabled at the operating system level.
g. Verify that TCP/IP is properly installed and enabled on the client
and that you can use the ping utility to access the Domino server
by name — for example, acme.iris.com — and by IP address.
5. Disable all screen savers.
Idle Workload script

The Idle Workload script establishes an upper limit of the number of
sessions that a Domino server can support. The test only establishes
sessions between a client and server; no Notes transactions are carried
out. No resources other than those required to start a session are used.
The resulting capacity metric is the maximum number of user sessions
that can exist concurrently. You can use this metric to help set up and
configure the test environment.
To read the code in the test script, see the appendix “Server.Load
Scripts.”
Running the Idle Workload test

1. Make sure that you already set up clients and servers for
Server.Load.
For information, see the topic “Setting up clients and servers for
Server.Load” earlier in this chapter.
SLOAD.EXE from the program directory.
3. In the Test Type field, choose Built-In, and then choose Idle
Workload from the list.
4. Click the Script Variables tab, and enter these values:
Variable Action
MailServer Enter the canonical name of the mail server — for example,
CN=MailServer1/O=Acme
MaxSessions Enter the thread capacity of the client. The maximum is 512.

7. Click Execute.
R5 IMAP Workload test

The IMAP Workload test models an active IMAP mail user logging in
once, then receiving and sending mail. The script contains an average of
15 minutes of waiting, so an average user will execute this test no more
than four times an hour. For each iteration of the script, IMAP mail
messages are retrieved, one SMTP message is sent, and a number of
LDAP lookup requests are executed based on the value of the
NumMessageRecipients script variable. The SMTP messages sent by each
Performance
test user are delivered to the mail databases of other test users on the
SUT.
The measurements obtained by this test are:
• Throughput of completed Notes operations
• Average response time at maximum capacity
• Maximum number of IMAP mail users supported
The resulting capacity metric for an IMAP server is the maximum
number of users that can be supported before the average user response
time becomes unacceptable.
Scripts.”

Hardware considerations
The following hard disk requirements apply to the SUT and, during
some tests, to the destination systems that receive mail from the SUT:
Initial Disk In Domino 6, approximately 13MB on the SUT for each

Requirement user (mail database). In Domino 5, approximately 5.5MB.
Subsequent Disk Increase of 1MB an hour for the duration of the test. (This
Requirement figure is not dependent on the number of users.)
Increase of 100KB an hour as impacted by the value of the
nthIteration setting in the NOTES.INI file.
The growth rate of each database is a function of the ratio
of the number of users and recipients sending and
receiving mail.
Tips for running the IMAP Workload test

1. Use these server commands.
Command Description
Show Task Show either the Database Server task (Notes clients) or
IMAP task (IMAP users).
Show Stat IMAP Monitor message counters
Show Stat Mail Monitor message counters
Show Stat SMTP Monitor SMTP statistics
Show Stat LDAP Monitor LDAP statistics
2. Use an IMAP client, such as Netscape or Outlook, to verify that the

IMAP and SMTP server tasks are set up correctly.
3. To minimize environment troubleshooting, put IP information — for
example, host information — in the \etc\hosts file or its equivalent
on the SUT and driver directories.
4. From the SUT console, enter this command to display additional
routing information:
Set Config Log_MailRouting=40

Running the R5 IMAP Initialization Workload
The R5 IMAP Initialization Workload creates and populates the IMAP
mail file with SMTP messages, initializes the mail file, and then converts
it to IMAP.
1. Make sure that you already set up clients and servers for Server.Load.
3. Run the “Create NotesBench Mail Person Documents” agent to
create the desired number of Person documents in the Domino
Directory. When prompted, set these variables:
Variable Setting
Mail system 6 (POP3/IMAP)
4. In the Test Type field, choose Built-In, and then choose R5 IMAP
Initialization Workload from the list.
Variable Action
MailServer Enter the canonical name of the mail server — for
example, CN=MailServer1/O=Acme.
Performance
MailTemplate Enter the name of the mail file template — for
example, MAIL6.NTF.
nb_dbdir Enter the directory used to store mail files, relative to
the data directory.
NormalMessageSize Enter the size of the body of the message.
Recommended value is 10000.
MessageLineSize Enter the number of characters per line.
RecipientDomain Enter the name of the domain containing the
intended recipients — for example, acme.com.
SMTPHost Enter the fully qualified domain name of the Domino
server that is running the SMTP Listener task — for
example, server1.acme.com
ClientHost Enter the fully qualified domain name of the client —
for example, client1.acme.com
NumMailNotes Enter the number of documents to populate the mail
PerUser file when it is created. Recommended value is 100.

6. Start the IMAP task on the server.
7. In the “Build Recipient List using Name and Address Book” field,
enter the name of the SUT and its Domino Directory in the format
servername/org!!dominodirectory.NSF — for example,
Server1/Acme!!NAMES.NSF.
8. Verify that the client and server experience no errors while creating
mail files. If a mail file has not been created, the test script creates the
mail file during the first test iteration, but this adds overhead on the
server back end. As a rule, CPU on the client and SUT should not
exceed 75%, and the percentage of Disk Time on the Domino Server
Data directory should not be a factor.
11. Click Execute.
15. Verify that the correct number of test mail files were created in the
data directory. Each mail file is named MAILn.NSF, where n is a
number.
16. Complete the procedure “Running the R5 IMAP Workload test.”
Running the R5 IMAP Workload test

1. Make sure that you already completed the procedure “Running the
R5 IMAP Initialization Workload.”
2. In the NOTES.INI file on the SUT, verify that the Server Tasks setting
includes both IMAP and LDAP.
3. On the Basics tab of the Server document for the SUT, make sure that
the SMTP Listener Task is enabled.

4. For optimal performance, create a Configuration Settings document
in the Domino Directory and do the following:
a. Set the “Optimize LDAP queries” field to Yes.
b. On the Router/SMTP Basics tab, set the “Number of mailboxes
field,” to 2 or higher.
6. In the Test Type field, choose Built-In, and then choose R5 IMAP
Workload from the list.
8. Click the Test Parameters tab, and do the following:
a. For “Thread Creation Interval,” enter the rate, in seconds, at
which simulated users are created. The recommended value is 3
to 5 seconds.
b. If you are running the test on multiple clients, increment the
value of the Starting Thread No. parameter when you run the
test on each client.
Variable Action
Performance
R5IMAPBreak Enter one:
1 — To prevent the script from quitting if errors
occur
0 — To force the script to quit if errors occur
IMAPHost Enter the fully-qualified domain name of the SUT
— for example, server1.acme.com
NumMessageRecipients Enter the number of recipients for each message.
continued

Variable Action
SMTPHost Enter the fully qualified domain name of the
Domino server that is running the SMTP Listener
task — for example, server1.acme.com
ClientHost Enter the fully qualified domain name of the
client — for example, client1.acme.com
NthIteration Enter the frequency for how often a message is
sent. Instead of the message being sent on every
script iteration, the message is sent once per n
iterations of the script. Recommended value is 6.
R5IMAP_Loop_N Enter the number of times the inner loop of the
script runs. Recommended value is 35, resulting
in approximately an 8-hour duration.
ScriptIterationLimit Enter the number of times the outer loop of the
script runs. Recommended value is 1.
11. Click Execute.
R5 Simple Mail Routing test

The R5 Simple Mail Routing test models an active Notes mail user
receiving and sending mail, composing and sending meeting invitations,
and scheduling appointments. The script contains an average of 15
minutes of waiting; therefore, an average user runs this test no more than
four times an hour.
For each iteration of the script, five documents are read, two documents
are updated, two documents are deleted, one view is opened and closed,
one view-scroll is performed, one database is opened and closed, and
several other operations are performed. One message is sent to each
active user approximately every 96 minutes; the same frequency is used
for appointments and invitations.

Because mail routing and delivery are performed on the SUT, locate the
destination addresses and the active users’ mail files on the SUT.
• Maximum number of mail users supported
The resulting capacity metric for a mail-only server is the maximum
Scripts.”
Initial Disk In Domino 6, approximately 13MB for each user (mail

Requirement database). In Domino 5, approximately 7.5MB.
Subsequent Disk Increase of 80KB for each user, per hour
Requirement
The R5 Simple Mail Routing test requires at least one client and the SUT.
If you use multiple client systems, identical hardware configurations are
recommended.
Performance
Running the R5 NRPC Mail Initialization Workload
Server.Load.
Directory. When prompted, set these variables:
Variable Setting
Message storage format 0 (NOTES)
Mail system 1 (NOTES)

4. In the Test Type field, choose Built-In, and then choose R5 NRPC
Mail Initialization Workload from the list.
5. Click the Test Parameters tab, and do the following:
a. For “Thread Creation Interval,” enter the rate, in seconds, at
which simulated users are created. The recommended value is 3
to 5 seconds.
b. If you are running the test on multiple clients, increment the
value of the Starting Thread No. parameter when you run the
test on each client.
Variable Action
nb_dbdir Enter a database directory relative to the Notes
data directory. Recommended value is mail\.
MailTemplate Enter the name of the mail file template.
NumMailNotesPerUser Number of notes used to populate the mail file
when the mail file is created (recommended
value 100)
8. Verify that no errors occur while creating mail files on the client and
SUT. If a mail file is not created, the test script creates the mail file
during the first test iteration, a process that adds overhead on the
exceed 75%, and the percentage of disk time on the server’s data
directory should not be a factor.
10. Click Execute.

number.
15. Complete the procedure “Running the R5 Simple Mail Routing test.”
Running the R5 Simple Mail Routing test

R5 NRPC Mail Initialization Workload.”
2. On the SUT, do the following:
a. Start the Calendar Connector task (Calconn).
b. In the Configuration Settings document on the Router/SMTP
Basics tab, set the field “Number of mailboxes” to 2 or higher.
3. In the Test Type field, choose Built-In, and then choose R5 Simple
Mail Routing test from the list.
Variable Action
Performance
NBTestReset Enter one to control how to handle existing
documents at the start of the test:
• 1 — To delete existing documents
• 0 — To ignore existing documents
Note The number of documents deleted is
dependent on the value set for the variable
MaxDocToDelete.
MaxDocToDelete Enter the number of documents to delete when
the test starts. After deleting documents, the
initial document count is reset.
continued

Variable Action
NumMailNotesPerUser Number of notes used to populate the mail file
when the mail file is created (recommended
value 100)
ScriptIterationLimit Enter the number of times the outer loop of the
test script runs. Recommended value is 1. This
value must match the value in the Script Loop
Count field on the Test Parameters tab.

7. Click Execute.
R5 Shared Database test

The R5 Shared Database test models active users performing shared
database operations that include performing view operations, navigating
unread documents, reading documents, and adding or updating
documents in a shared database.
• Number of maximum users supported

Scripts.”
some tests, to the destination systems that receive mail from the SUT.
Initial disk requirement 300MB to 400MB free space on the SUT
Subsequent disk requirement One-half of the mail test space requirement
Running the R5 Shared Database test

Server.Load.
3. In the Test Type field, choose Built-In, and then choose R5 Shared
Database test from the list.
Performance
Variable Action
MailServer Enter the canonical name of the mail server —
for example, CN=MailServer1/O=Acme
DiscussionDB Enter the name of the test discussion database
DiscTemplate Enter the name of the template used for the
discussion database
MaxDocToDelete.
MaxDocToDelete Enter the number of documents to delete when
the test starts. After deleting documents, the
initial document count is reset.
continued

Variable Action
NumMailNotesPerUser Enter the number of documents to create for
each user to populate the database initially.
DiscDbAddDocRate Enter the number of documents to add for each
user.

7. Click Execute.
SMTP and POP3 Workload test

The SMTP and POP3 test models an active user receiving and sending
mail over SMTP and POP3. The script contains an average of 10 minutes
of waiting, so an average user will run this test no more than six times an
hour.
During each iteration, the script checks for and retrieves POP3 messages.
When sending messages, each user sends a mail message to
NumMessageRecipients not more than once every 20 minutes. Twenty
percent of the users receive eighty percent of the send mail messages.
The SMTP messages sent by each user are delivered to the mail
databases of other users on the SUT.
• Maximum number of SMTP/POP3 mail users supported
The resulting capacity metric for an SMTP/POP3 server is the maximum
Scripts.”

Initial disk In Domino 6, approximately 11.5MB on the SUT for each

requirement user (mail database). In Domino 5, approximately 7.5MB.
Subsequent disk Increase of 100KB per hour for the duration of the test. This
requirement figure is not dependent on the number of users.
Tips for running the SMTP/POP3 test

1. To minimize environment troubleshooting, put IP information — for
example, host information — in the \etc\hosts file or its equivalent
on the SUT and driver directories.
2. If authentication errors occur on the Domino server console, verify
the password in the HTTP field of the respective user’s Person
document in the SUT’s Domino Directory; edit the Domino Directory
if necessary.
Running the SMTP and POP3 Initialization Workload

Server.Load.
Performance
2. Run the Create NotesBench Mail Person Documents agent to create
the desired number of Person documents in the Domino Directory.
When prompted, set these variables:
Variable Setting
Mail system 6 (POP3/IMAP)

4. In the Test Type field, choose Built-In, and then choose SMTP and
POP3 Initialization Workload from the list.

Variable Action
nb_dbdir Enter a database directory relative to the Notes data
directory. Recommended value is mail\.
8. Click Execute.
number.
13. Complete the procedure “Running the SMTP and POP3 Workload
test.”
Running the SMTP and POP3 Workload test

SMTP and POP3 Initialization Workload.”
Directory.
4. In the Test Type field, choose Built-In, and then choose SMTP and
POP3 Workload from the list.

Variable Action
SMTPHost Enter the fully qualified domain name of the
Domino server that is running the SMTP Listener
task — for example, server1.acme.com
ClientHost Enter the fully qualified domain name of the
client — for example, client1.acme.com
POP3Host Enter the fully qualified domain name of the
Domino server running the POP3 task, in the
Performance
format system.domainname — for example,
Server2.acme.com.

8. Click Execute.

Web Idle Workload test
The Web Idle test models a Web browser user accessing the home page
on the SUT. The script contains a one-minute wait, so an average user
runs this script approximately 60 times an hour.
• Maximum number of Web Idle users supported
The resulting capacity metric for a Web Idle server is the maximum
Scripts.”
Running the Web Idle Workload test

Server.Load.
2. On the SUT, make sure that the HTTP task is running.
4. In the Test Type field, choose Built-In, and then choose Web Idle
Workload test from the list.
5. Click the Script Variables tab, and for the “HTTPHost” variable,
enter the TCP/IP address or host name of the Domino Web server.
7. Click Execute.

Web Mail test
The Web Mail Workload test models an active Web Mail user using a
browser to send, retrieve, and delete Notes mail. The script contains an
average of 15 minutes of waiting, so an average user runs this test no
more than four times an hour. For each iteration of the script, there is a
check and retrieval of POP3 mail messages. When sending messages,
each user sends a mail message to the number of users specified by the
NumMessageRecipients variable, no more than every 15 minutes. The
messages sent by each simulated user are delivered to the mail databases
of other simulated users on the SUT.
• Maximum number of Web Mail users supported
The resulting capacity metric for a Web Mail server is the maximum
Scripts.”
Performance
Initial Disk In Domino 6, approximately 13MB on the SUT for each user
Requirement (mail database). In Domino 5, approximately 5.5MB.
Subsequent Disk Increase of 1MB an hour for the duration of the test. (This
Requirement figure is not dependent on the number of users.)
Increase of 100KB an hour as impacted by the value of the
nthIteration setting in the NOTES.INI file
The growth rate of each database is a function of the ratio of
the number of users and recipients sending and receiving
mail.

Tips for running the Web Mail test
1. Use these server commands.
Command Description
Show Tasks Show either the Database Server task
(Notes clients) or HTTP task (Web users).
Show Stat Mail Monitor message counters
Show Stat Domino.Requests.* Monitor message counters
2. If authentication errors occur on the Domino server console, verify

the password in the HTTP field of the respective user’s Person
document in the SUT’s Domino Directory; edit the Domino Directory
if necessary.
4. Check that the database properties for the mail database:

• Web access: Use JavaScript when generating pages — Must be
checked.
• Allow soft deletions — Must not be checked.
5. In the Server document on the Internet Protocols - HTTP tab,
complete these fields:
Field Action
Optimize performance based on Choose Advanced (Custom Settings) to
the following primary activity view and modify the number of HTTP
threads.
Number Active Threads Specify one active thread for every 10
Web Mail users.
6. Make sure that the administrator has Manager access to the Domino
Directory.
7. Authentication
• By default, WebMail assumes user authentication is required.
• For authenticated users, Anonymous must have No Access and
-Default- must have Manager access. Use the
WebAuthenticationOff=0 setting in the client’s NOTES.INI file.
• To run WebMail without authentication, Anonymous must have
Manager access in the ACL of all mail databases and the Domino
Directory. Use the WebAuthenticationOff=0 setting in the client’s
NOTES.INI file.

• To run Web Mail with authentication, use the
WebAuthenticationOff=0 setting in the NOTES.INI file and run
the Update ACL of MailDBs to include Owner (mail1, mail2, ...)
agent on the SUT.
Running the Web Mail Initialization Workload

Server.Load.
2. Run the Create NotesBench Mail Person Documents agent to create
the desired number of Person documents in the Domino Directory.
When prompted, set these variables:
Variable Setting
Mail system 0 (SMTP/POP3)

4. In the Test Type field, choose Built-In, and then choose Web Mail
Variable Action
Performance
MaxDocToDelete.
HTTPHost Enter the TCP/IP address or host name of the
Domino Web server
continued

Variable Action
NumMailNotesPerUser Enter the number of documents to populate the
mail file when it is created. Recommended value
is 100.
Domain Enter the name of the Notes mail domain.
6. Verify that the client and server experience no errors while creating
mail files. If a mail file has not been created, the test script creates the
mail file during the first test iteration, but this adds overhead on the
exceed 75%, and the percentage of Disk Time on the Domino Server
Data directory should not be a factor.
8. Set a Server.Load stop condition.
9. Click Execute.
number.
14. Complete the procedure “Running the Web Mail test.”
Running the Web Mail test

Web Mail Initialization Workload.”
Directory.

4. In the Test Type field, choose Built-In, and then choose Web Mail
Variable Action
HTTPHost Enter the TCP/IP address or host name of the
Domino Web server
nb_dbdir Enter a database directory relative to the Notes data
directory. Recommended value is mail\.
WebPreferencesOff Make sure this is set to Off. If it’s On, the script sets
the mail database to be its own owner.
8. Click Execute.
Performance

Chapter 63
Troubleshooting
Even with careful server maintenance, you may occasionally encounter

unexpected system problems. This chapter provides a server
maintenance checklist, describes troubleshooting techniques, and offers
suggestions for solving common problems.
For information on performance-related issues, see the chapter
“Improving Server Performance.”
Troubleshooting the Domino system

Even with careful server maintenance, you may occasionally encounter
unexpected system problems.
Domino provides a collection of tools that you can use for general
troubleshooting. The Lotus Support Services team provides additional
troubleshooting assistance. These topics describe the available
troubleshooting tools and how to contact Lotus Support Services:
• Table of troubleshooting tools
• Searching the Lotus Support Services Web site
(www.lotus.com/support)
• Contacting Lotus Support Services
There is detailed troubleshooting information for these areas of Domino:
• Administration Process
• Agent Manager and agents
• Database performance
• Directories Troubleshooting
• Mail routing
• Meeting and resource scheduling
• Modems and remote connections
• Network connections over NRPC
• Network dialup connections
• Partitioned servers
63-1
• Passthru connections
• Platform statistics
• Replication
• Server access
• Server-based certification authority
• Server crashes
• Server.Load
• Transaction logging
• Web Server, Web Navigator, and the Web Administrator
Troubleshooting tools
Domino provides several tools to help you troubleshoot problems. Most
of the tools are available through the Domino Administrator. The table
below summarizes the available tools and indicates how each is useful.
If you haven’t solved your problem after reading through the section that
applies to the problem, you may want to search the Lotus Support
Services Web site or call Lotus Support Services directly for help with
troubleshooting your problem.
Tool Problems that the tool resolves How to access the tool
Server log file All problems From the Server - Analysis tab
(LOG.NSF) in the Domino Administrator
Domino Web Web server problems From the Server - Analysis tab
server log file in the Domino Administrator
(DOMLOG.NSF)
Server’s Mail routing problems From the Messaging - Mail tab
MAIL.BOX in the Domino Administrator
Mail trace Mail routing problems From the Messaging - Mail tab
in the Domino Administrator
ISpy Slow mail; server problems Configured in the Monitoring
Configuration database on the
Configuration tab in the
Domino Administrator
Mail reports Mail user activity From the Messaging - Mail tab
continued

Tool Problems that the tool How to access the tool
resolves
Mail tracking Lost mail From the Messaging - Tracking
Center tab in the Domino
Administrator
Mail routing status Undelivered mail From the Messaging - Mail tab
Mail routing Mail routing problems From the Messaging - Mail tab
topology maps between servers in the Domino Administrator
Mail routing events Undelivered mail From the Messaging - Mail tab
view in the log file in the Domino Administrator
(LOG.NSF)
Shared Mail view Disk space usage From the Messaging - Mail tab
in the log file in the Domino Administrator
(LOG.NSF)
Network trace Connection problems In User Preferences. Choose File
- Preferences - User Preferences
TCP/IP connection Connection problems Server console on a server with
logging the setting Log_Connections=1
added to its NOTES.INI file
Replication events Replication problems for From the Replication tab in the
in the log file a particular server Domino Administrator
(LOG.NSF)
Replication history Replication problems Under Database Properties.
with a specific database Choose File - Database -
Properties; or choose File -
Replication - History
Replication Replication problems for From the Replication tab in the
schedule a particular server Domino Administrator
Replication Replication problems From the Replication tab in the
topology maps between servers Domino Administrator
Monitoring Server statistics and Configured from the
Configuration events you specifically Configuration tab of the
monitor Domino Administrator; view
Troubleshooting
statistics from the Server -
Analysis tab in the Domino
Administrator
Database analysis Database problems From the Files tab in the
Domino Administrator
Administration Administration Process From the Servers - Analysis tab
Requests database errors in the Domino Administrator
Server commands Various From the Servers - Status tab in
the Domino Administrator
Troubleshooting 63-3
Searching the Lotus Support Services Web site
(www.lotus.com/support)
You may want to search the Lotus Support Services Web site at
www.lotus.com/support for a solution to your problem. You can search
technical documents in Knowledge Base and the FTP site with one
natural language query or participate in peer-to-peer discussions. In
addition, you can make product suggestions and find information about
Lotus authorized support providers, support services, and support
phone numbers.
Contacting Lotus Support Services

If you don’t find a solution to your problem here or at the Lotus Support
Services Web site, you may want to contact Lotus Support Services. You
can find information on how to contact Lotus Support Services at the
Lotus Support Services Web site, www.lotus.com/support.
When you call Lotus Support Services, you should have the following
available to you:
1. The computer on which the problem occurred.
2. Any other people who are involved in troubleshooting the problem
— for example, server administrators, database managers, network
managers. You might want these people available when you speak
with a support representative.
3. Any pertinent information you gathered from troubleshooting the
problem yourself prior to contacting support.
4. If you have ScreenCam®, the movie or event that documents the
problem.
5. If the problem involves the network, print out the PROTOCOL.INI,
CONFIG.SYS, and STARTUP.CMD files. Print out the network file
directory, so that you can compare network file dates.
6. In addition, depending on the problem, be prepared to provide some
of this information:
Required information Your system
Domino version(s)
Operating system and version,
including any patches or fixpacks
Hardware, including the kind of
CPU(s) and modems installed, and the
amount of RAM and hard disk space
continued

Network operating system(s) and
version(s), protocols, and network
driver version(s)
Network interface card(s)
Domino server names
File names, replica IDs, and ACLs for
all databases involved
Number of users who are affected by
the problem — that is, one user,
several users, or all users
Number of servers that are affected by
the problem — that is, one server,
several servers, or all servers
Changes to the configuration that
were made before the problem
occurred — for example, network,
hardware, or NOTES.INI changes
Error message(s), including the exact
text of the message(s)
For problems that involve more than one server on a network:

Physical location of the servers — for
example, in different cities or on
FIRST DOMINO SERVERs or WANs
Number of network segments
contributing to the problem — that is,
are both machines in the same
network segment or in segments
separated by routers, bridges, or
switches
Number of Domino servers — for
Troubleshooting
example, mail hops or replication
hubs — that are between the servers
that are having a problem
Overview of server maintenance
As a Domino administrator, a major part of your job is maintaining each
server that you administer. You need to ensure that:
• The server is backed up regularly.
• Users can access the server quickly and consistently.
• Mail is routed properly.
• Administration Process requests are carried out.
• Databases are replicating correctly.
• Server hardware is functioning.
• Databases are active and maintained (a task you share with the
manager of each database).
You can use a server maintenance checklist to schedule these tasks.
Server maintenance checklist

This table lists the server maintenance tasks that you should complete
daily, weekly, or monthly to ensure that a server runs efficiently.
Task Frequency
Back up the server Daily, weekly, monthly
Monitor mail routing Daily
Run Fixup to fix any corrupted databases * At server startup and as needed
Monitor shared mail database Daily
(MAILOBJ.NSF)
Monitor Administration Requests database Weekly
(ADMIN4.NSF)
Monitor databases that need maintenance Weekly
Monitor replication Daily
Monitor modem communications Daily
Monitor memory Monthly
Monitor disk space Daily, weekly, monthly
Monitor server load Monthly
Monitor server performance Monthly
continued

Task Frequency
Monitor Web server requests Monthly
Monitor server first domino servers Daily
* If the database is in Domino 5 or later format and you are not using transaction
logging, you can use the Fixup task to repair the corrupted database.
If the database is in Domino 5 or later format and you are using transaction
logging, you cannot run the Fixup task on that database, because the Fixup task
interferes with the way transaction logging keeps track of databases. Instead,
you must restore the corrupted database from a backup. You can run the Fixup
task on databases that are in Domino 4.x and earlier format.
Backing up the Domino server

You have two choices for backup procedures. You can use the traditional
method of making backup copies of files, or you can use transaction
logging.
Logging and Recovery.”
Guidelines for backing up a Domino server

Back up all Domino server data files including databases, template files,
the NOTES.INI file, and ID files. Following your company’s standardized
backup procedures, back up files directly to tape or to a file server and
then to tape. Never rely only on replication as your method of database
backup. A damaged or accidentally changed database may replicate, and
then your only recourse is to recover the database from a server backup
tape.
Follow these guidelines to back up a Domino server:
1. Domino requires that these files be open when it runs: LOG.NSF,
NAMES.NSF, MAIL.BOX and the server ID file. If your backup
utility cannot back up open files, you must shut down the server
Troubleshooting
before you create the backup file.
2. Copy the server ID file to a disk, and store the disk in a secure place.
3. Make a replica of the Domino Directory on a workstation and keep it
up-to-date by replicating the local replica with the server replica.
Then if the Domino Directory becomes corrupted, you can quickly
restore it by creating a new replica from the local workstation replica.
Even if you do this, continue to back up the Domino Directory to
tape. Never do this when transaction logging is used.
4. If your system uses a shared mail database, back up the shared mail
database(s) along with user mail files.
Administration Process — Troubleshooting

These topics describe how to troubleshoot common problems with the
• Administration Process — Problems and error messages describes
messages that appear in the Certification Log or at the server console.
• How to troubleshoot the Administration Process provides steps for
troubleshooting the Administration process when it isn’t running as
you expect.
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Administration Process — Problems and error messages

These errors may appear in the Certification Log or at the server console.
Some of these messages require that you correct a particular condition,
while others are only status messages.
Administration Process: retrying a request that could not be

performed previously because another process was modifying the
document.
This message indicates that in processing separate requests, two threads
of the Administration Process simultaneously attempted to modify a
document in the Domino Directory. As a result, the Administration
Process is retrying one of the requests. This is a status message; no action
is required.
Administration Process: Unable to access transfer context

information.
This message indicates that the Administration Process can’t access
global information that is required to execute a specific task. Restart the
Administration Process, or, if necessary, restart the server.
Administration Process: Unable to create entry thread.

This message appears when the Administration Process can’t create a
thread to use to run Administration Process tasks. Restart the
Administration Process, or, if necessary, restart the server.
Insufficient memory - Admin’s request queue pool is full.

This message indicates that there is currently inadequate memory for the
Administration Process. To correct this, restart the server.

No Address book is present on this server; the Admin Process
cannot continue without one.
This message appears if you start the Administration Process on a server
that doesn’t store a replica of the Domino Directory. Create a replica of
the Domino Directory on the server, and then start the Administration
Process again.
Removing viewname view notes in the Address Book.

This message appears when the Administration Process deletes obsolete
monitoring configuration documents from the Domino Directory. This is
a status message; no action is required.
Reporter: Could not locate view viewname.

This message appears when the Administration Process can’t find
obsolete monitoring documents in the Domino Directory. This is a status
message; no action is required.
The Administration Process cannot delete the database

databasename at this time because it is in use by someone else; will
try again at time.
This message appears as the result of a Delete Unlinked Mail File
request. The message indicates that the Administration Process is
retrying a request to delete a mail that was initially unavailable because
someone was accessing it. This is a status message; no action is required.
The Administration Process could not change or delete the name

from the document because another process was modifying it.
This message indicates that, in processing separate delete or rename
requests, two threads of the Administration Process attempted to modify
the same document in a database. As a result, only one request was
processed, and the Administration Process is retrying the other. This is a
status message; no action is required.
The Administration Process does not have enough memory to

compute the formulas required for request processing.
This message indicates that there is currently inadequate memory for the
Troubleshooting
Administration Process. To correct this, restart the server.
The Administration Process is retrying a name change or deletion
from the document.
This message appears as the result of a rename or delete request. It
indicates that the Administration Process is retrying a request to rename
or delete a name from a document that was initially unavailable because
someone was accessing the document. This is a status message; no action
is required.
The certificate contained in the note was not issued by the selected
certifier.
This message appears if you choose Actions - Recertify Person or Actions
- Recertify Server but you don’t select the original certifier. If you don’t
specify the original certifier when you choose this action, you can submit
the request, but it isn’t posted in the Administration Requests database.
To correct this, choose the action again, and select the original certifier.
The replica of the database moved by the Administration Process

has not been initialized by the replicator.
This message appears as the result of a Monitor Moved Replica request.
It indicates that the Administration Process is waiting for the replicator to
initialize the replica at its new location before it deletes the original. This
is a status message; no action is required.
The selected certifier isn’t an ancestor of the entity to be updated.

This message appears if you attempt to choose Actions - Request Move to
new Certifier to move a person to a different hierarchy, but you don’t
select the original certifier. If you don’t specify the original certifier, you
can submit the request, but it isn’t posted in the Administration Requests
database. To correct this, choose Request Move to New Certifier again,
and select the original certifier.
The selected certifier isn’t the target certifier in the move request.
This message appears if you choose “Actions - Complete move for
selected entries” to attempt to complete moving user names to a different
hierarchy and the target certifier isn’t the one you specified when you
originally chose Actions - Rename Person - Request Move to New
Certifier. If the target certifier you specified when completing the move is
wrong, select the user names in the Name Move Requests view of the
Administration Requests database, choose “Actions - Complete move for
selected entries” again, and specify the correct target certifier. If you
specified the wrong target certifier when you originally chose Actions -
Request Move to New Certifier, repeat the action again, and specify the
correct target certifier.

How to troubleshoot the Administration Process
A variety of error conditions can prevent the Administration Process
from working properly. For example, errors can occur when there isn’t
enough memory for the Administration Process; when you rename,
delete, or recertify a user; or when you move a user to a different
hierarchy. Use these steps to troubleshoot the Administration Process:
1. Start the Administration Process on a server that does not store a
replica of the Domino Directory.
2. Ensure that the Administration Process is set up correctly.
For more information, see the chapter “Setting Up the
Administration Process.”
3. If the Administration Process worked successfully in the past but
isn’t working as expected now, try to isolate what might have
changed since it last worked successfully.
4. Check for these conditions and correct them if necessary:
a. The Administration Process (the AdminP task) must be running
on all servers. To check this, enter the Show Tasks command at
the server console. Enable AdminP on any servers where it isn’t
already running.
b. An Administration Server must be specified for the Domino
Directory. The administration server for the Domino Directory is
designated as such during first server setup in the domain.
c. Make sure that you specific an administration server for all
databases. Each database must have an administration server
specified before a request can be made to the Administration
Process.
d. The Domino Directory (NAMES.NSF) and the Administration
Requests database (ADMIN4.NSF) must replicate properly
between the affected servers. These databases must replicate
correctly between the administration server of the Domino
Directory and the servers where the databases receiving the
updates reside.
Troubleshooting
e. Each request in the Administration Requests database should
have a corresponding response document that shows that the
Administration Process has completed the request. Correct any
errors indicated by a response document.
f. The Certifier documents must have the correct public key; the
public key must match the key in each CERT.ID.
For more information about correcting errors in the Administration
Requests database, or for any other information regarding the
administration process, see the chapter “Setting Up the
Administration Process.”
Agent Manager and agents — Troubleshooting
These topics describe how to troubleshoot problems related to using
Agent Manager and running agents:
• Tools for troubleshooting Agent Manager and agents describes tools
you can use to troubleshoot Agent Manager and agent.
• Agent manager and agents — Problems and error messages
describes problems that may occur when the Agent Manager or an
agent isn’t working as you expect.
Tools for troubleshooting Agent Manager and agents

Whenever an agent won’t run, check the Agent Log to see when the
agent last ran and whether it completed. For additional information,
check the server console or the Miscellaneous events in the log file
(LOG.NSF) for messages from the Agent Manager.
Server commands
Use these server commands to troubleshoot agents:
Tell amgr schedule
Tell amgr status
Tell amgr debug
For information on these commands, see the appendix “Server

Commands.”
Log file
To enable agent logging in the log file (LOG.NSF), edit the NOTES.INI
file to include the Log_AgentManager setting, which specifies whether or
not the start of agent execution is recorded in the log file and displayed
on the server console. It’s important to monitor the server console or log
for information from the Agent Manager because error and warning
messages generated by the Agent Manager on behalf of the agent, as well
as output — for example, print statements — generated by a background
agent, appear on the console and in the Miscellaneous events view of the
log (LOG.NSF).
For more information on the Log_AgentManager setting, see the
appendix “NOTES.INI File.”

The Agent Log
The Agent Log is a view in a database that shows the last time an agent
ran and describes if the agent completed or not.
1. In the database, choose View - Agents.
2. In the Design view that lists all the agents, choose the agent.
3. Choose Agent - Log.
For more information on the Agent Log, see the book Application
Agent manager and agents — Problems and error messages

These topics present suggestions for troubleshooting certain problems
you may encounter with the Agent Manager and/or agents:
• Agent Manager isn’t working as expected
• An agent isn’t running as expected
• An agent doesn’t run to completion
• An agent isn’t running at the expected times
• The Escrow agent isn’t working
• Users can’t create agents
Agent Manager isn’t working as expected
The Agent Manager may work or may not work efficiently.
1. The Agent Manager may not be scheduled to run. If the Agent
Manager isn’t running, check the “Start time/End time” fields on the
Server Tasks - Agent Manager tab in the Server document. Any time
not specified in these fields represents downtime. If necessary, adjust
the times in these settings.
2. The demand for the Agent Manager may be too high. If the Agent
Manager takes too long to run agents, reschedule agents to run at
night when system demand is usually low.
If the server runs Domino 4.6 or earlier, you can increase the “Max %
Troubleshooting
busy before delay” field in the Server document. Domino 5 and
higher does not support this field.
Note If you allocate more resources to the Agent Manager, fewer
will be available to run other server tasks.
An agent isn’t running as expected
In addition to the possibility that there are errors in the agent code, an
agent may fail to run properly because the agent has insufficient access
or because the agent is not set to run on the given server.
1. Insufficient access in the database ACL can prevent an agent from
running properly. For example, a user may design an agent that
copies selected documents from database A to database B. If the user
— and by extension, the agent — doesn’t have Author access in the
ACL of database B, the agent runs, but it is not allowed to copy the
documents. To determine if this problem exists, examine the Agent
Log for access errors after the agent runs unsuccessfully.
2. If an agent won’t run on a particular server, check the Agent
Restrictions on the Security tab of the Server document. This section
contains the “Run personal agents,” “Run restricted
LotusScript/Java agents,” and “Run unrestricted LotusScript/Java
agents” fields that specify who has access to run agents on the server.
Although a user who has the appropriate access in the database ACL
may be able to create an agent on the server, without the appropriate
access in the Server document, the user can’t run the agent.
You should also check the Server Access section on the Security tab
of the Server document. This section contains the “Only allow server
access to users listed in this Directory,” “Access server,” and “Not
access server” fields, which allow and deny access to the server.
Because an agent inherits the access privileges of the person who
creates it, the agent can’t run on a server for which its creator does
not have access.
3. Scheduling conflicts may prevent an agent from running. In the
Server document, click the Server Tasks - Agent Manager tab and
check the “Daytime Parameters Start time/End time” and
“Nighttime Parameters Start time/End time” fields. Any time not
specified in these fields represents downtime; if a user creates a
scheduled agent and specifies that it run during the server’s Agent
Manager downtime, the agent will not run. Compare these fields in
the Server document to the time the agent is scheduled to run. If a
conflict exists, change the Agent Manager schedule on the server, or
ask the user to reschedule the agent.
4. If a LotusScript or Java agent terminates before completing its tasks,
check the “Max LotusScript/Java execution time” fields in the Server
document. If a complex agent requires more time than is scheduled,
the Agent Manager terminates the agent before completion.
Ask the user to reschedule the agent to run at night, when the default
maximum execution time is longer; or increase the value of the “Max

LotusScript/Java execution time” field in the Server document, as
needed. If neither of these solutions is practical, ask the user to
rewrite the agent as several smaller agents.
An agent doesn’t run to completion

When an agent doesn’t finish running, check the log file (LOG.NSF), the
server console, and the Agent Log for error messages.
1. If the agent runs to completion when you run it manually, but does
not run when it runs in the background, the agent code may contain
commands — such as, LotusScript user-interface methods — that
aren’t intended to run as background processes.
2. The “Max LotusScript/Java execution time” field in the Server
document specifies how much time a LotusScript/Java agent has to
complete execution. If the agent exceeds this maximum, the agent
doesn’t finish, and the Agent Log records the termination. Review
the agent code to make sure it functions correctly — for example,
make sure that the code doesn’t run an infinite loop. If the code is
correct, consider increasing the execution time limits in the Server
document. However, be aware that increasing these settings may
impact system performance because the Agent Manager will run for
a longer time to accommodate this agent.
An agent isn’t running at the expected times

If the agent is running, but not at or near the expected times, the server
may be busy with other tasks. To gather information about when the
agent last ran and if it completed successfully, check the agent log. Then
check for these conditions and correct them, if necessary.
1. Scheduling conflicts may prevent an agent from running. In the
Server document, click the Server Tasks - Agent Manager tab, and
check the “Daytime Parameters Start time/End time” and
“Nighttime Parameters Start time/End time” fields. If the values in
these fields don’t account for a portion of the day, the Agent
Manager will not run during that period. For example, if the daytime
parameters are 8 AM and 5 PM and the nighttime parameters are 8
PM and 8 AM, Agent Manager will not run any agents between 5
Troubleshooting
PM and 8 PM.
2. The NOTES.INI settings may be incorrect. Check these Agent
Manager settings in the server’s NOTES.INI file:
• Amgr_DocUpdateAgentMinInterval
• Amgr_DocUpdateEventDelay
• Amgr_NewMailAgentMinInterval
• Amgr_NewMailEventDelay
3. Edit the NOTES.INI file to include the Log_AgentManager setting
and set it to 1. You can also enable this setting in the Configuration
Settings document in the Domino Directory.
4. For servers running Domino 4.6 or earlier, the “Max % busy before
delay” setting may have been exceeded. The “Max % busy before
delay” setting on the Server Tasks - Agent Manager tab of the Server
document controls the maximum percent of time the Agent Manager
spends running agents. If the percentage of time is exceeded, a delay
occurs before Agent Manager runs the next agent. After the
percentage falls below the threshold, Agent Manager resumes
running agents.
The Escrow agent isn’t working

The Escrow agent won’t work if:
• There is no Person document containing the phrase Escrow Agent in
the User name field.
• More than one Person document contains the phrase Escrow Agent
in the User name field.
• The Escrow agent attempts to send encrypted mail to a recipient
whose Person document doesn’t contain a public key.
Users can’t create agents

If a user can’t create agents in a particular database, check the database
ACL to see if the user has the access level required to create agents in
that database. To create personal agents, a user must have at least Reader
access to the database in which the agent will be created. To create
shared agents, a user must have at least Designer access.
Database performance — Troubleshooting

The following topics suggest solutions to common performance problems
associated with databases.
You can reduce database performance problems by using:
• Domino 6 databases, which are faster than databases created with
earlier Domino releases
• Transaction-based logging and recovery
• Disk-tuning procedures, such as disk defragment and disk-space
reallocation

Some of the recommended solutions involve changing the database
design. You should always test design changes on a template or a copy of
the database before applying them to the production copy.
For more information on transaction logging, see the chapter
“Transaction Logging and Recovery.”
The topics in this section include:
• Users cannot access the database
• Users experience a delay when accessing the database
• Resolving conflicts when names are assigned to more than one access
level
• Using Groups and Roles to determine what controls user access
• Using Find Note to analyze a document reported in the log file
Users cannot access the database

Users may not be able to access databases for the following reasons:
The server storing the database is temporarily down

Check with the Domino administrator and tell users when the database is
expected to be available again.
Users don’t have the appropriate access

Check the database access control list (ACL) to make sure users have the
necessary access to the database. Check with the Domino administrator
to ensure users have access to the Domino server that stores the database.
For more information on user access, see the chapter “Controlling User
Access to Domino Databases.” For more information on server access, see
the chapter “Controlling Access to Domino Servers.”
Server backup is occurring during work hours

Users may be unable to access a server that is being backed up during
work hours because a full backup may require significant disk I/O
capacity. Ask the Domino administrator to schedule backups to occur
Troubleshooting
overnight, if possible.
Use a Domino 6-compliant backup program so users can access
databases on a server that is being backed up. Users can make changes to
databases as a backup occurs because Domino provides a point-in-time
image of the database, beginning with the time the database backup
starts.
The server is continuously updating a full-text index
If a database is large and active, database performance can be slow if the
server updates a full-text index too frequently. Change the full-text index
update frequency if necessary.
For more information on update frequency, see the chapter “Setting Up
and Managing Full-text Indexes.”
Users experience a delay when accessing the database

Users may experience a delay when accessing databases for the following
reasons:
The database is heavily used

View the user activity to see if the database is heavily used. This option is
on the Information tab of the Database Properties box. Check the server
to see if its hardware and memory are powerful enough to support the
user activity for the database. If the server is not powerful enough, you
may need to upgrade hardware or memory on the server. You can also
create an additional replica of the database so all users are not always
using the same one. If disk contention is a problem, move the database to
a less heavily used disk. For more information on the Database
Properties box, see Lotus Notes 6 Help.
There are too many views

If the database contains many views, consider consolidating some of
them. You can consolidate views by creating alternative collations in the
same view, rather than using separate views. Or, you can purge or delete
view indexes. Database performance can suffer when a database contains
many views.
For information on managing view indexes, see the chapter “Maintaining
Databases.” For more information on improving view performance, see
the book Application Development with Domino Designer.
View indexes are being refreshed too frequently

If the database is heavily used or contains many documents, refresh view
indexes less frequently, if possible.
For information on views, see the book Application Development with
Domino Designer.
Unread mark processing may cause delays

Unread mark processing may cause delays after the database is opened.
It also creates disk contention, which slows down every operation on the
database. Delays occur as the unread marks in a database are updated

while the database is opening. Disabling unread marks on the database
eliminates the delay.
For information on disabling unread marks, see the chapter “Improving
Database Performance.”
The database design is complex

A complex database design can cause performance problems. Work with
the designer to redesign or minimize performance problems.
For information on designing applications, see the book Application
Database performance properties are not being used

If feasible, set database properties to improve database performance.
For information on setting database properties, see the chapter
“Improving Database Performance.”
The database cache needs adjustment

If you are a system administrator, monitor the database cache on the
server that stores the database to see if it’s working effectively. If
necessary, increase the number of the databases the cache can hold. The
NSF buffer pool size may also need to be increased.
For more information on managing the database cache, see the chapter
“Improving Database Performance.”
Resolving conflicts when names are assigned to more than one

access level
It’s possible to assign users or servers more than one level of access to a
database. The following table describes access level conflicts and
resolutions.
Access level conflict Resolution

A name is listed in an ACL The access level assigned to the individual name
individually and as a takes precedence over the access level for the
Troubleshooting
member of a group group, even if the individual access level is
lower than the group level.
A name is included in two or The name receives the access of the group with
more groups the highest access.
A name appears in an ACL The ACL controls database access; design
and in access lists associated element access lists refine this access to a lower
with forms, views, or level. For example, if a user has Author access to
sections a database but is not listed in the access list for a
form in the database, the user cannot use the
form to create a document.
For more information on creating access lists that refine access to specific
design elements, see the book Application Development with Domino
Designer.
Using Groups and Roles to determine what controls user access

You can use the Groups and Roles dialog box to troubleshoot database
access problems. However, use this feature only on databases that have
the option “Enforce a consistent Access Control List across all replicas of
this database” selected. Otherwise, Notes does not display information in
the Groups and Roles dialog box.
For example, if a group from the database ACL that you think has a
user’s name does not appear in the Groups and Roles dialog box, then
this indicates that:
• The user name is missing from the group or spelled incorrectly
• A role that you thought was assigned to a user is not assigned
For more information on Groups and Roles, user access, and the “Enforce
a consistent ACL” option, see the chapter “Controlling User Access to
Using Find Note to analyze a document reported in the log file

You can use the Find Note dialog box in the Domino Administrator to
analyze a document reported in the log file. If the log file reports a
problem with a document, you can display the properties for the
document to help you to troubleshoot the problem. The document can be
in a single database or in a database replica. For example, you can use
Find Note to review the document properties for a document that cannot
replicate.
1. Copy the hexadecimal Note ID (for example, NT201B2) of the
reported document from the log file to the Clipboard. Or write down
the Note ID. You may also troubleshoot using the UNID, the
universal Note ID, a unique identifier used to locate the same
document across database replicas.
2. In the Server list, select the server that stores the database containing
the reported document.
3. Use the Files tab to select the database that stores the reported
document.
4. Choose Tools - Database - Find Note.
5. Select one:
• by Note ID
• by Universal Note ID (UNID)

6. Paste or enter the Note ID or UNID from Step 1 into the ID field.
7. Click Find.
8. View the document details and properties in the Fields and
Properties fields.
Directories — Troubleshooting
These topics describe how to troubleshoot problems related to:
• Directory assistance
• Directory catalogs
• LDAP service
• Extended ACL
Directory assistance — Troubleshooting

These topics describe problems you may encounter with directory
assistance.
• Internet user authentication using a secondary Domino Directory or
Extended Directory Catalog fails.
• Internet user authentication using an LDAP directory fails.
• Database authorization using groups in a secondary directory fails.
• Searches in a secondary Domino Directory configured in directory
assistance fail.
• “Directory assistance could not access Public Address Book on
Server x, error is Server Not Responding”.
Tip To record at the server console detailed information about specific
Web user authentication sessions to help troubleshoot Web user
authentication problems, use the NOTES.INI setting
Troubleshooting
WebAuth_Verbose_Trace.
Internet user authentication using a secondary Domino Directory or

Extended Directory Catalog fails
To authenticate Internet users registered in a secondary Domino
Directory, make sure you complete these steps:
1. Select “Notes” as the “Domain Type” in the Directory Assistance
document.
2. Set “Trusted for credentials” to Yes for at least one naming rule in
the Directory Assistance document. The rule or rules should
correspond to the names of the Internet users you want to
authenticate.
3. Enter the secondary directory’s Domino domain in the “Domain
Name” field. Do not enter: the name of a condensed Directory
Catalog, the name of the server’s primary domain, or a domain name
that is used in another Directory Assistance document. If you created
the secondary directory manually and it’s not associated with a
Domino domain, make up a unique domain name.
4. If you use name-and-password authentication, and you choose the
authentication option “Fewer name variations with higher security,”
make sure users provide either their hierarchical names or common
names for authentication rather than first names, last names, or short
names only.
For more information on this server authentication option, see the
Domino Servers.”
If you include groups of users in database ACLs on the server that
authenticates, store those groups in the server’s primary Domino
Directory and/or in one directory enabled for “Group authorization” in
the directory assistance database.
Internet user authentication using an LDAP directory fails

To authenticate Internet users registered in a remote LDAP directory,
make sure you complete these steps:
1. Select LDAP as the “Domain Type” in the Directory Assistance
document.
2. Specify a “Domain Name” that is not the Domino domain of the
servers that use directory assistance and that is not used in another
Directory Assistance document.
3. (Recommended) Enter “1” as the search order.
4. Set “Trusted for credentials” to Yes for at least one naming rule in
the Directory Assistance document that corresponds to the names of
the users to authenticate.
5. If the remote LDAP server requires a base DN, enter it in the field,
“Base DN for search.”
6. Select “Notes clients/Internet Authentication/Authorization” in the
“Make this domain available to” field.
7. If you enabled “Channel encryption,” make sure you’ve configured
SSL properly.

8. If the LDAP directory server doesn’t allow anonymous connections,
make sure you’ve entered a user name and password in the
“Optional Authentication Credential” section of the Directory
Assistance document.
9. If the server authentication option “More name variations with lower
security” is selected, make sure the server has access to the LDAP
directory attributes cn, uid, sn, givenName, and objectClass.
If the server authentication option, “Fewer name variations with
higher security” is selected, make sure the Web server has access to
the LDAP directory attributes cn, uid, and objectClass.
For more information on the server authentication options, see the
Domino Servers.”
Database authorization using groups in a secondary directory fails

To search a secondary directory — Domino or LDAP — for the members
of groups listed in database ACLs, make sure you complete these steps:
1. Specify a “Domain Name” that is not the Domino domain of the
servers that use directory assistance and that is not used in another
Directory Assistance document.
2. Set the “Group Authorization” field to “Yes;” enable this option in
only one Directory Assistance document.
3. Set “Trusted for credentials” to yes for at least one naming rule that
represents the names within the groups to search.
4. If the directory is a Microsoft Active Directory, choose “Active
Directory” in the “Type of search filter to use” field of the Directory
5. If the directory is a remote LDAP directory, when you add the name
of a hierarchical group from an LDAP directory to a Notes database
ACL, use the LDAP format for the name, but use forward slashes as
delimiters (/) rather than commas (,). If the name of the LDAP
directory group is not hierarchical, in a Notes database ACL enter
the value for the group name without the associated LDAP attribute.
For example, if the name of the LDAP directory group is Troubleshooting
cn=managers,ou=groups,o=acme, in the database ACL enter
cn=managers/ou=groups/o=acme. If the name of the group is
cn=managers, in the database ACL enter managers.
6. Select “Notes clients/Internet Authentication/Authorization” in the
“Make this domain available to” field.
7. If the directory is a remote LDAP directory and you’ve enabled
“Channel encryption,” make sure you’ve configured SSL correctly.
8. If the directory is on a remote LDAP directory server that doesn’t
allow anonymous connections, make sure you’ve entered a user
name and password in the “Optional Authentication Credential”
section of the Directory Assistance document.
9. If the members of groups on a remote LDAP directory server change,
stop and restart the Domino server that connects to the LDAP server.
This ensures that the Domino server flushes its group cache and
retrieves the most up-to-date group information.
Searches in a secondary Domino Directory configured in directory

assistance fail
Make sure the domain specified in the Domain Name field of the
Directory Assistance document for the secondary directory is different
from the primary Domino Directory and any other directories configured
in directory assistance. If the Domain Name specified for the secondary
Domino Directory is not unique, searches of the secondary directory fail,
and you see the message “User xxx not found in any Name and Address
Book.”
If the secondary directory is not associated with a Domino domain, be
sure to enter a unique Domain Name that is different from the primary
domain of the servers that store the secondary directory.
Don’t enter the name of a condensed Directory Catalog in a Directory
“Directory assistance could not access Public Address Book on

Server x, error is Server Not Responding”
When you restart a server that uses directory assistance, the server
attempts to access replicas of secondary Domino directories that database
links in directory assistance point to so that it can load information about
the replicas into memory. If the server can’t locate the replicas, this server
console message appears. To avoid this problem, in directory assistance
documents, enter server names and file names for replicas, rather than
paste database links to the replicas.
This message may also appear when a server that uses directory
assistance attempts to look up a name in a secondary Domino Directory
that is on an unavailable server. As a failover mechanism, you can
specify more than one replica of a secondary directory for directory
assistance to use.

Directory catalogs — Troubleshooting
These topics describe problems you may encounter with directory
catalogs:
• Names are missing from the directory catalog.
• Users can’t use type-ahead addressing to look up names in a
condensed Directory Catalog.
• Domino isn’t searching a directory catalog on a server.
• Internet user name-and-password authentication using a condensed
Directory Catalog fails.
• LDAP searches of a condensed Directory Catalog aren’t working.
• A directory catalog is not full-text indexed or the full-text index is
corrupted.
• The User Setup Profile doesn’t push Mobile Directory Catalogs to
users.
• The Router is finding the same name in multiple directories even
though “Exhaustive lookup” is disabled.
• Users can’t do full-text searches of a condensed Directory Catalog.
Names are missing from the directory catalog
If names appear to be missing from the directory catalog, take these steps
to troubleshoot the problem.
Verify that the Dircat task is building the directories as intended

1. Open the directory catalog on the server that aggregates it.
2. Select the Configuration Settings document, and then choose File -
Document Properties.
3. Click the Fields tab — the second tab — in the properties box.
4. Select the Directories field and look in the box on the right. Verify
that the Dircat task can access all the directories specified in the box.
Typically, this means making sure that the server that aggregates the
directory catalog also stores replicas of all the aggregated directories
Troubleshooting
locally.
5. Select the Since field and look in the box on the right to see the date
and time the Dircat task last ran on all of the directories specified in
the Directories field. If either of the following is true, run the Dircat
task again:
• If there are fewer time/date stamps than directories — for
example, if there are four directories in the Directories field but
only two time/date stamps — when the Dircat task last ran, it
attempted to rebuild the source directory catalog but didn’t
complete the task.
• If the time/date stamps are older than expected, the Dircat task
may not have run to completion when it last did an incremental
update of the source directory catalog.
If the “Remove duplicate users” option is enabled, see if someone

has deleted a duplicate entry from one of the full Domino directories
If the “Remove duplicate users” option is enabled, the Dircat task doesn’t
add into the directory catalog all entries associated with an identical
hierarchical name. Instead, the task adds an entry from the first directory
in which it encounters the name. Dircat searches directories in the order
that they’re specified in the “Directories to include” configuration field.
If someone removes a duplicate entry from the full Domino Directory
that has already been the entry used in the directory catalog, that name is
removed from the catalog. For example, if the Acme East and the Acme
West directories both contain an entry with the name, Phyllis
Spera/Acme, if “Remove duplicate users” is enabled, and if Acme East is
listed first in the “Directories to include” field, when Dircat runs, it
includes only the entry from Acme East. If someone then removes Phyllis
Spera/Acme from Acme East, the name is removed from the directory
catalog the next time Dircat runs.
To correct the problem, make a minor change to the remaining entry —
in the above example, the entry in Acme West. This change causes Dircat
to add the entry to the directory catalog the next time it runs. You can
also correct the problem by clicking the “Clear History” button in the
directory catalog Configuration document, although this approach
rebuilds the entire directory catalog.
Verify that the User Name fields have values

If there’s no value in the User Name (FullName) field in a Person
document, the Dircat task won’t build the entry in the directory catalog.
Notes registration adds values to User Name fields automatically, but if
you created Person entries without using the Notes registration program,
check that the entries have values in this field.

Use Log_Dircat=1
If the above steps don’t solve the problem, add the NOTES.INI setting
Log_Dircat=1, which logs information about the Dircat task in the log file
(LOG.NSF). Use the logged information to help troubleshoot the
problem.
For more information on the log file, see the chapter “Using Log Files.”
For more information on the NOTES.INI file, see the appendix
Users can’t use type-ahead addressing to look up names in a

condensed Directory Catalog
Type-ahead addressing looks up a name in a condensed Directory
Catalog only if the order in which the user types the name corresponds to
the “Sort by” format configured for the directory catalog. For example, if
the configured “Sort by” format is “Distinguished name,” type-ahead
looks up the name in a directory catalog only when a user types the first
name before the last name. Or, if the “Sort by” format is set to “Last
name,” type-ahead looks up the name in a directory catalog only when a
user types the last name before the first name.
Domino isn’t searching a directory catalog on a server

To search an Extended Directory Catalog that is not integrated into its
primary Domino Directory, a server must be set up to use a directory
assistance database that contains a Directory Assistance document for the
directory catalog.
To search a condensed Directory Catalog, a server must store a local
replica of the directory catalog. In addition, you must specify the file
name for this replica in either the Directory Profile or in the Basics
section of the Server document in the server’s primary Domino
Directory.
For more information on directory catalogs, see the chapter “Setting Up
Directory Catalogs.”
Internet user name-and-password authentication using a
Troubleshooting
condensed Directory Catalog fails
If you’re having difficulty setting up a server to use a condensed
Directory Catalog to look up names and passwords to authenticate
Internet users, take these steps to troubleshoot the problem.
Note These steps do not apply to authentication using an Extended
Directory Catalog.
1. Test that authentication using directory assistance alone is working.
• Temporarily disable the directory catalog. Remove the directory
catalog file name from the server’s primary Domino Directory.
Remove the directory catalog file name from the Directory Profile
and from the Basics tab of the Server document; the file name is
probably stored in only one of these locations but if it is in both
locations, remove the name from both.
• Restart the appropriate Internet protocol server task. For example,
for a Web server, restart the HTTP task.
• Verify that the server can authenticate to each secondary Domino
Directory configured in the directory assistance database that you
want to use for authentication. If authentication fails, go to step 2.
If authentication is successful, go to step 3.
2. If you are trusting all the aggregated directories for authentication,
make sure you’ve selected the option on the Basics tab of the Server
document: “Trust the server based condensed directory catalog for
authentication with internet protocols.”
If you are trusting for authentication only some of the aggregated
directories, make sure you’ve created a Directory Assistance
document for each of the directories to trust in which the users to
authenticate are registered. In each Directory Assistance document,
verify that you’ve done the following:
• Set “Trusted for credentials” to Yes for at least one naming rule in
the Directory Assistance document. The rule or rules should
correspond to the names of the Web users you want to
authenticate.
• Enter the secondary directory’s Notes domain in the “Domain
Name” field. Do not enter: the name of the directory catalog, the
name of the server’s primary domain, or a domain name that is
used in another Directory Assistance document. If you created the
secondary directory manually and it’s not associated with a Notes
domain, make up a unique domain name.
• In the Replicas tab of the Directory Assistance document, make
sure one of the replicas specified is the same replica of the
secondary directory specified in the “Directories to include” field
in the directory catalog Configuration document.
Do not specify a replica of the directory catalog.

3. In the “Directories to include” field of the directory catalog
Configuration document, specify a replica of each secondary Domino
Directory that contains the users you want to authenticate. Do not
include the name of an LDAP directory in the “Directories to
include” field.
4. In the “Additional fields to include” field of the directory catalog
Configuration document, add the HTTPpassword field.
5. Run the Dircat task to build the directory catalog.
6. If the server on which you ran the Dircat task is not the server doing
the authentication, make sure you’ve created a replica of the
populated directory catalog on the server, added the directory
catalog file name to either the Directory Profile or the Basics tab of
the Server document, and then restarted the server.
7. If you use name-and-password authentication, and you choose the
server authentication option “Fewer name variations with higher
security,” make sure users provide either their hierarchical names or
common names for authentication rather than first names, last
names, or short names only.
For more information on the server authentication option, see the
Domino Servers.”
8. If you include groups of users in database ACLs on the server, store
those groups in the server’s primary Domino Directory and/or in
one directory configured in the directory assistance database that is
enabled for group authorization.
LDAP searches of a condensed Directory Catalog aren’t working

If the LDAP service isn’t searching a local condensed Directory Catalog
as expected, make sure the directory catalog has a functioning, full-text
index. The LDAP service always use the directory catalog full-text index
to process searches. The LDAP service can return the error “LDAP error
’DSA is unwilling to perform’ (0x35)” when attempting to search a
directory catalog that is not full text indexed. If necessary, delete and
then re-create the full-text index.
A condensed Directory Catalog is not full-text indexed or the Troubleshooting

full-text index is corrupted
When you first create a condensed Directory Catalog, you must
manually create a full-text index for it; you are prompted to create the
index when you create the database. When you replicate the directory
catalog however, Domino automatically creates the full-text index on the
replica. If you create a copy rather than a replica, you must manually
create the full-text index on the copy.
The full-text index can become corrupted if there is not enough disk
space to build the index or if you shut down the Notes or Domino
Administrator client before the index is entirely built. To correct the
problem, delete and then recreate the full-text index.
User Setup Profile doesn’t push Mobile Directory Catalogs to users

To use a User Setup Profile to set up mobile directory catalogs on Notes
clients, you must paste a database link of a replica of the directory
catalog in the “Mobile directory catalogs” field of the User Setup Profile.
The Notes clients don’t receive a replica of the mobile directory catalog
until the User Setup Profile replicates to the users’ mail servers and the
users authenticate with the mail servers.
Router is finding the same name in multiple directories even though

the “Exhaustive lookup” setting is disabled
By default, the Router configuration option “Exhaustive lookup” —
available on the Router/SMTP - Basics tab of a Configuration Settings
document — is disabled. If you keep this default setting, once the Router
finds a name, it doesn’t continue its search to other secondary Domino
directories. Disabling exhaustive lookups is a way to improve Router
performance .
By design, disabling “Exhaustive lookup” does not apply to a directory
catalog. The Router always searches the primary Domino Directory and
the entire server directory catalog, even if the exhaustive lookup setting
is disabled. This is intended behavior since the Router can use the
directory catalog to, in effect, quickly search multiple secondary
directories rather than having to take the performance hit of searching
these directories individually. These exhaustive lookups allow the Router
to ensure there are no duplicate recipient names that might prevent the
message from getting to the right person.
The Router returns a delivery failure when it finds a name associated
with more than one directory entry and the entries do not have the same
Mail server, Mail file, or Domains specified. To avoid such delivery
failures when duplicate entries actually represent the same person (for
example, when someone’s name and directory location within the
organization have changed but you want to allow people to address mail
using the original name), make the entries in the Mail server, Mail file,
and Domain fields identical for each entry.
Users can’t do full-text searches of a condensed Directory Catalog

A condensed Directory Catalog doesn’t support direct full-text searches
by users, only indirect full-text searches via LDAP, mail addressing, and
so on.

LDAP service — Troubleshooting
These topics describe problems you may encounter with the LDAP
service:
• Name and password authentication fails for LDAP clients connecting
to the LDAP service
• LDAP searches are slow
• Anonymous LDAP users can’t search certain fields
• “LDAP Server: Initialization failure: The full text index needs to be
rebuilt”
• LDAP searches don’t return a cn attribute
• LDAP error “Insufficient Access” returned on an LDAP Add
operation
• LDAP clients can’t connect to the server over SSL when the server
uses a self-signed Domino server certificate
• “LDAP Schema: Failed exporting” error
Name and password authentication fails for LDAP clients
connecting to the LDAP service
To authenticate using name-and-password security some LDAP clients,
for example Netscape Mail, Microsoft Internet Explorer, and Notes
clients with LDAP accounts, first do an anonymous search to retrieve the
distinguished names used for the authentication, so that users don’t have
to specify the distinguished names themselves. To enable such clients to
authenticate using names and passwords, you must enable anonymous
access, as well as name and password authentication, for the LDAP
service port the clients use to connect. You must also allow anonymous
read access to the attribute(s) the clients use to search the directory
anonymously to retrieve the distinguished names. Attributes typically
searched for are cn, uid, sn, givenname, or mail.
For information on anonymous access and the LDAP service, see the
chapter “Setting Up the LDAP Service.”
Troubleshooting
LDAP searches are slow
If LDAP searches are slow, do the following on the replica of the primary
Domino Directory. If you extend LDAP searches to secondary Domino
Directories, also do the following on each replica of the secondary
directory.
1. Create a full-text index for the directory.
2. If you’ve created a full-text index for the directory and performance
is still slow, consider editing the value of these LDAP configuration
fields:
• “Maximum number of entries returned” limits the number of
entries that the LDAP server can return. By default there is no
limit, but you might set a limit of 100 entries, for example.
• “Timeout” limits the amount of time that LDAP searches can take.
By default, there is no limit, but you might set a limit of 60
seconds, for example.
• “Minimum characters for wildcard search” increases the number
of characters that users must enter before the first wildcard in a
substring search filter. The default is 1. Don’t specify 0 unless the
directory is very small; specifying 0 can result in slow searches.
For more information on improving LDAP service performance, see the
Anonymous LDAP users can’t search certain fields

Make sure you’ve enabled the fields for anonymous access, using the
domain Configuration Settings document or the database ACL/extended
ACL. Keep in mind that you configure fields for anonymous access
separately for the LDAP service’s primary Domino Directory and for
each secondary Domino directory the LDAP service serves.
For more information on anonymous LDAP search access, see the
“LDAP Server: Initialization failure: The full text index needs to be

rebuilt”
If the LDAP service setting “Automatically Full Text Index Domino
Directory” is set to Yes in a domain Configuration Settings document,
this message can appear on a server running the LDAP service if the

full-text index for the primary Domino Directory is corrupted and
requires rebuilding. The LDAP service shuts down after displaying the
message. To correct the problem:
1. Use the Exit or Quit command to shut down the Domino server.
2. At the operating system prompt, issue one of the following
commands from the Domino program directory to run the updall
task and rebuild the directory full-text index:
• On Windows NT type: nupdall directory.nsf -X
• On UNIX type: updall directory.nsf -X
where directory.nsf is the file name of the primary Domino Directory.
3. Restart the server.
LDAP searches don’t return a cn attribute

If you add a Person document to the Domino Directory without using
Notes registration, and you enter a hierarchical name in the FullName
(User name) field, the leftmost part of the distinguished name does not
automatically become the cn (common name) attribute value. You must
add the common name as a second value in the FullName field to define
a cn attribute for the entry.
Person documents created through Notes registration automatically have
a second value added to the FullName field to define the cn attribute.
LDAP error “Insufficient Access” returned on an LDAP Add

operation
If you see this error in response to an LDAP Add operation, do the
following:
1. Verify that the option “Allow LDAP users write” is set to “Yes” in
the LDAP section of the Configuration Settings document for that
Domino Directory.
2. Verify that the LDAP user has the necessary access in the Domino
Directory database ACL and extended ACL, if an extended ACL is
used.
Troubleshooting
3. If the LDAP user has Author access in the ACL, verify that the LDAP
user has the proper Creator Role ([UserCreator], [GroupCreator],
[ServerCreator] for the type of entry being added.
4. Verify that Form Properties are correctly set to allow the LDAP user
to create documents with the form used to add the entry.
LDAP clients can’t connect to the LDAP service over SSL when the
server uses a self-signed Domino server certificate
If the server that runs the LDAP service uses a self-signed Domino
certificate, non-Notes LDAP clients can only perform LDAP searches
over SSL if they first connect to the Domino server over SSL using a
different protocol (for example HTTPS or IMAP). The client software
then presents a warning dialog stating that the server’s self-signed
certificate is not issued by a trusted Certificate Authority and gives the
users the option to accept the certificate. The users must accept the
certificate before they can perform LDAP searches over SSL.
“LDAP Schema: Failed exporting” error

If you use the tell ldap exportschema command when the Domino
LDAP Schema database (SCHEMA50.NSF) is open, schema exporting
fails and the LDAP service returns this error. Close the database before
using this command.
Extended ACL — Troubleshooting

These topics describes situations you may encounter when using
extended ACLs:
• The access specified for subject is different than the subject’s actual
access.
• The Target box doesn’t show documents.
• I can’t change a subject’s access to a target.
• Notes and Web users are getting unexpected results when accessing
the directory
• “Extended access controls are enabled in this domain. You must
modify the Domino Directory on a version 6 or later Domino server.”
The access specified for subject is different than the subject’s

actual access
The access you see set for a subject at an extended ACL target may not
reflect the actual, effective access the subject has. For example, there may
be access set for another subject that takes precedence. Or the database
ACL may not actually allow the access that has been set for the subject in
the extended ACL. Click Effective Access in the “Extended access at
target” dialog box to find out more about what is controlling a particular
user’s access to an extended ACL target.

The Target box doesn’t show documents
The Target box in the “Extended Access at: target” dialog box shows
documents below the target categories only if “Show only containers” is
not selected. Using categories as targets rather than individual
documents is recommended.
Documents show under a target category only if there names are defined
through a FullName, ListName, or ServerName field. Access set at the /
(root) controls access to documents that don’t use FullName, ListName,
or ServerName fields.
I can’t change a subject’s access to a target

To modify a subject’s privileges to a selected target, you must have
Manager access in the directory database ACL, or Editor access and the
Administer privilege to the selected target. If you do not have the
required access, a subject’s privileges are grayed out.
In addition, if Show All is selected next to “People, Servers, Groups” in
the “Extended access at: target” dialog box, the list of subjects includes
those whose privileges to the selected target are inherited from a higher
target with the scope “This container and all descendants” selected.
When you select such a subject, the subject’s privileges are grayed out. In
this case you can change the subject’s privileges at the higher target and
have the current target inherit the changes. Or you can add the subject to
the current target with new privileges that override the inherited
privileges at the current target.
Notes and Web users are getting unexpected results when

accessing the directory
If you are controlling the access of Notes and Web users, be aware of the
following issues. These issues do not apply to access through other
means, such as access through LDAP operations or through the Notes
applications, except where indicated.
• If you deny a Notes or Web user access to a field in a document,
when the user opens the document, the document does not show the
Troubleshooting
field and the text (TRUNCATED) shows in the tab of the document.
In addition, the user is unable to edit the document, even if the user
has write access to the fields in it.
• If you deny a Notes or Web user access to a field in a document that
a view uses to sort the document, the name of the document is blank
in the view. The user can still select the document to open it.
• To delete a document, a Notes or Web user must be able to see the
document in a view. To see a document requires Browse access to the
document.
• To create a document, a Notes or Web user or a Notes application
must have Create access to the document as well as Write access to
the fields to which the user/application will add values.
“Extended access controls are enabled in this domain. You must

modify the Domino Directory on a version 6 or later Domino server.”
This message indicates that you have attempted to modify a Domino
Directory or Extended Directory on a server running a previous release
and the directory has the Extended Access feature enabled. When
Extended Access is enabled, changes to a replica of the directory on a
server running a previous release cannot replicate to a Lotus Domino 6
server, and so you should make the changes to a replica on a Lotus
Domino 6 server instead.
Mail routing — Troubleshooting

A variety of error conditions can prevent Domino from properly sending
and delivering mail. These topics describe solutions to common mail
routing problems and provide detailed information on troubleshooting
general mail routing problems:
• Tools for troubleshooting mail routing
• How to troubleshoot mail routing provides steps for troubleshooting
when mail routing isn’t occurring as you expect.
• Mail routing — Problems and error messages describes problems
and errors that users may experience when they try to send mail.
Tools for troubleshooting mail routing

Delivery Failure Reports
Users should always try to resend a memo for which they receive a
Delivery Failure Report. To help users troubleshoot delivery failure, ask
them to use Steps 1 - 3 below to send you a copy of their mail database.
Sending you a copy of their mail database preserves the field properties
of the reports, which you analyze as a means of troubleshooting.
1. The user creates a new mail database on the workstation. From the
menu, choose File - Database - New. Be sure to use the current
(MAIL6.NTF) mail template.
2. The user copies a Delivery Failure Report from the original mail file
and pastes it into the new database.

3. The user attaches the new mail database to a mail message and sends
it to you.
4. You open the mail database attached to the mail message and select a
Delivery Failure Report.
The Delivery Failure Report identifies the reason the delivery failed
and the routing path over which the message was sent. Use this
information to further investigate the problem.
Mail trace
To troubleshoot mail routing or test mail connections, trace a mail
delivery to test whether a message can be successfully delivered without
actually sending a test message.
1. From the Domino Administrator, click the Messaging - Mail tab.
2. If necessary, click Tools to display the tool bar.
3. From the tool bar, click Messaging - Send Mail Trace.
Field Enter
To The mail address of a particular user
Subject The subject of the trace
Send delivery Choose one:
report from Each router on path to receive a delivery report from each
router on the path
Last router only to receive a delivery report from the last
router only
Mail routing topology maps

Mail routing topology maps are useful to track mail routing problems
between servers.
1. From the Domino Administrator, click the Messaging - Mail tab.
2. Choose one:
• Mail routing topology by connections
Troubleshooting
• Mail routing topology by named networks
Undelivered mail
From the Domino Administrator, click the Messaging - Mail tab, then
select Mail routing status. You can also check for undelivered mail in the
mail routing events view in the log file (LOG.NSF).
Mail routing event generators
Using a mail routing event generator, you can test and gather statistics
on mail routes.
For more information on probes, see the chapter “Monitoring the
Domino Server.”
Mail routing — Problems and error messages

These topics describe common problems and errors related to sending
and/or receiving mail:
• User can’t receive any mail, including mail sent by users whose mail
files are on the same server
• “File is in use by another process”
• “NAMES.NSF does not contain a required view”
• “No route found to Domain x from Server y”
• “Router: Possibly no DOMAIN set...”
• “Server Error: File Does Not Exist”
• “User name is not unique”
• “User not listed in the Public Address Book”
• Users unexpectedly required to include @domainname after each
address
User can’t receive any mail, including mail sent by users whose mail
files are on the same server
If a user can’t receive any mail, including mail sent by other users whose
mail files are on the same mail server, check the Mail Routing Events
view of the workstation’s log file for deliveries. Also, check the
MAIL.BOX file on the user’s workstation to see if mail is being trapped
there. Modify the Log_MailRouting setting in the NOTES.INI file to log
more detailed mail routing information on the console and in the log file.
“File is in use by another process”

If the recipient’s mail file or the MAIL.BOX file on the sending or
receiving server is being backed up, Domino generates the message “File
is in use by another process.” Wait for the backup to complete, and then
resend the message.
“NAMES.NSF does not contain a required view” appears when

sending mail to users on the same mail server
If all users on the same mail server can’t send or receive mail and they
receive the message “NAMES.NSF does not contain a required view,”
you need to update the design of the Domino Directory. Choose File -

Database - Replace design. When you customize the design of the
Domino Directory, the design must be uniform across all replicas. Note
that there are two templates: PUBNAMES.NTF, for the Domino
Directory, and PERNAMES.NTF, for the Personal Address Book. Be sure
to use the PUBNAMES.NTF template when working with the Domino
Directory.
For more information on updating the design of the Domino Directory,
see the appendix “Customizing the Domino Directory.”
“No route found to Domain x from Server y”

If users can’t send mail to another domain and receive a message such as
“No route found to Domain x from Server y,” make sure that each
domain’s Domino Directory has a Connection document from one of its
servers to a server in the other domain. If a Connection document doesn’t
exist, create one. If there is a Connection document, make sure the
information contained in it is correct.
“Router: Possibly no DOMAIN set; use SET CONFIG DOMAIN=name

to set it; or replace the Name and Address Book design.”
If this message appears on console and then the Router shuts down, the
Server document may contain errors. In the Server document, verify that
the domain is set, and that the ServerKeyFileName (or KeyFileName)
both refer to the server ID for that server. If necessary, make corrections
to the Server document. Also check that the Location document that
you’re using refers to the correct server ID. If necessary, edit the Location
document so that it refers to the correct server ID.
“Server Error: File Does Not Exist”

This message occurs when a user tries to read a message that is linked to
an active shared mail file that has been improperly moved to a different
directory, partition, or hard drive.
For information on creating and enabling a shared mail database, see the
chapter “Setting Up Shared Mail.”
“User name is not unique” in a Delivery Failure Report
Troubleshooting
Check the Domino Directory for multiple occurrences of the recipient’s
name. There may be more than one Person document for a user, or a user
and a group may have the same name.
“User not listed in the Public Address Book” appears with returned
mail
If the recipient’s name is misspelled, mail is returned to the sender, along
with the message “User not listed in the Public Address Book.” If the
domain name is misspelled, mail is returned with the message “No route
found to domain name from server name.” Check the Domino Directory for
the correct spelling of the names, and resend the document.
Users unexpectedly required to include @domainname after each

address
If users report that they can’t send mail to another domain unless they
include @domainname after each address, configure directory assistance
and directory catalogs to include the directories from the other domains.
How to troubleshoot mail routing

When dead or pending mail indicates a problem with mail routing or
when users have problems sending or receiving mail, use these tips to
gather information, identify the problem, and then correct it.
1. Analyze any Delivery Failure Reports.
2. Trace the mail delivery route.
3. Check the Domino Directory for errors that affect mail.
4. Check the sender’s and/or recipient’s workstation(s) for errors that
affect mail.
5. Checking the server for errors that affect mail.
6. Check the shared mail setup.
Checking the Domino Directory for errors that affect mail

The Domino Directory is the source of many conditions that prevent mail
from routing properly. Check for these conditions and correct them, if
necessary.
1. Check the replication history of the Domino Directory to ensure that
changes to it are replicating properly. Make sure the Domino
Directory’s ACL provides servers with at least Editor access. Check
for messages in the Administration Requests database, and verify
that the Administration Process is set up and working properly.
Mail problems occur if replication of the Domino Directory
throughout the domain isn’t occurring correctly. For example, if you
move a user’s mail file and the change recording this move on the
Person document does not replicate, a mail message could bounce
back and forth between two servers and eventually be returned to
the sender. Alternatively, the message could become dead mail if the
maximum hop count is exceeded.

2. Look for and correct any of these problems with Person documents:
• There’s no Person document for the recipient in the Domino
Directory. If necessary, register the recipient to create one.
• The mail recipient’s name, mail server, or mail file is incorrect or is
spelled incorrectly. Correct the entries, if necessary.
• There are multiple occurrences of the recipient’s name in the
Domino Directory. There may be more than one Person document,
or a user and a group may have the same name. You can add a
middle initial to one of the user names if two users share the same
name. You can modify a group name if it’s duplicate of another.
• The recipient receives mail through a gateway. Make sure the
recipient’s Person document contains a forwarding address.
3. Check the Server documents of the sender’s and recipient’s mail
servers. Make sure that the names of the server, domain, and Notes
named network are spelled correctly.
4. Check Connection documents for mail routing. If two servers are in
different Notes named networks (or domains) or don’t have a third
server that has a Notes named network in common with both
servers, then you must create pairs of Connection documents to
enable mail routing back and forth. For servers in the same Notes
named network, mail routing is automatic so you don’t need
Connection documents.
To check mail routing connections, from the Domino Administrator,
click the Messaging - Mail tab. You can see mail routing topology by
connections or by named networks. Look for servers that can’t reach
a server in another Notes named network or domain. Then check the
Domino Directory for these problems, and edit or create the
documents as necessary:
• Missing Connection documents. Make sure that each domain’s
Domino Directory has a Connection document from one of its
servers to a server in the other domain.
• A misspelled Notes network or domain name in the Connection
Troubleshooting
document.
• An incorrect phone number (for dialup connections) in the
Connection document.
• A missing selection for “Mail Routing” in the Tasks field of the
5. If mail routing occurs through a non-adjacent or foreign domain,
check that the Domino Directory contains a correctly set up
Non-adjacent or Foreign domain document. For a non-adjacent
domain, verify that a Connection document to the intermediary, or
“middle,” domain also exists.
6. If your organization uses cascading address books, be sure that the
Names setting in the NOTES.INI file contains the correct names of
the cascading address books.
Checking the sender’s and/or recipient’s workstation for errors that

affect mail
Check for these conditions and correct them, if necessary.
1. Check the User Preferences (File - Preferences - User Preferences).
Check the settings for Mail — for example, the Mail Program field
may be set to None, which disables all mail for the user. Check the
settings under ports; the port(s) necessary to send mail may be
disabled. For more information on User Preferences, see Lotus Notes
6 Help.
2. Check the user’s Personal Address Book for a missing view. If a view
is missing, replace the design of the Personal Address Book. Choose
File - Database - Replace Design, and specify the Personal Address
Book template, PERNAMES.NTF, not the Domino Directory
template, PUBNAMES.NTF. Replacing the design deletes any
nonstandard private views but does not affect the data.
For more information on replacing the design of a template, see the
3. Check if the user is using the appropriate Location document. For
example, a mobile user who is working in the office may be
attempting to use a Location document that is for use only when the
user works at home. Another possibility is that the Location
document may contain incorrect information. To check the current
Location document, from the workstation, choose File - Preferences -
Location Preferences.
Check that the sender’s workstation is set up with the correct mail
server and mail file names. Choose File - Preferences - Location
Preferences, and verify the settings in the Home/mail server and
Mail file fields.
For more information on Location documents and on specifying a mail
server and a mail file, see Lotus Notes 6 Help.

Checking the server for errors that affect mail
1. Verify that the sending and receiving servers have a certificate in
common.
a. From the Domino Administrator, click the People & Groups tab.
b. From the tool bar, click Certification - ID file.
c. Choose the appropriate server ID file, and click Open.
d. Click Certificates to display the certificates held by the server.
e. Repeat for the second server.
f. Recertify one or both server IDs, as necessary.
2. Make sure there’s enough memory and disk space on the recipient’s
mail server. Add memory to the server, and/or increase the disk
space for swapping. Add disk space to the server.
3. Check for a corrupt mail file. On rare occasions a recipient’s mail file
may become corrupted. Do one of these:
• Run the Fixup task. Use this task if the database is in Domino 5 or
higher format and you’re not using transaction logging, or if the
database is in Domino 4 format.
• Run the Fixup task with the -J option. Use this task if the database
is in Domino 5 or higher format and you are using transaction
logging. If you use a backup utility certified for Domino 5 and you
run Fixup -J, perform a full backup of the database as soon as
Fixup finishes.
4. Check for a missing or incorrect Domain setting in the NOTES.INI
file. At server startup, the Router sends the message “Mail Router
started for domain x” to the console and to the log file. To see if the
NOTES.INI file on the sender’s and recipient’s mail server includes a
Domain setting, enter this command at the console:
Show Configuration Domain
Then verify that the domain name is correctly spelled. To add the
Troubleshooting
Domain setting or correct the spelling of the domain name, enter this
command at the console:
Set Configuration Domain = DomainName
where DomainName is the name of the mail server’s Notes domain.

5. Check for a corrupt MAIL.BOX on the server. Do one of these:
higher format and if you’re not using transaction logging, or if the
Fixup finishes.
If the corruption still persists, shut down the server and rename
MAIL.BOX — for example, rename it to BADMAIL.BOX. Then
restart the server to generate a new MAIL.BOX file, and copy any
uncorrupted documents from BADMAIL.BOX to MAIL.BOX.
6. Check for problems with modem connections.
For more information on errors that affect mail, see the topic “User can’t
receive mail, including mail sent by other users whose mail files are on
the same mail server” earlier in this chapter.
Checking the shared mail setup

1. Verify that shared mail is enabled. To determine if a mail file or
individual mail files in a directory use shared mail, enter this
Load Object Info USERMAIL.NSF
where USERMAIL.NSF is the name of a user’s mail file or the name

of a directory that contains mail files.
If you enter a directory name, the information that appears describes
each mail file in the directory.
2. Check for a corrupt shared mail file. If you suspect the shared mail
file is corrupt, you can restore the file.
3. Verify that there’s enough disk space available for the shared mail
file. If there isn’t, you can purge obsolete message from a shared mail
file.
4. Make sure the user’s mail file hasn’t been unlinked from the shared
mail file. If necessary, relink the mail file.
For more information about shared mail, see the chapter “Setting Up
Shared Mail.”

Meeting and resource scheduling — Troubleshooting
These topics describe how to troubleshoot problems with scheduling
meetings and reserving rooms.
• Meeting and resource scheduling — Problems and error messages
describes problems and errors that users may experience or that are
reported in the log file.
• How to troubleshoot Schedule Manager errors reported in the log
provides steps for troubleshooting Schedule Manager errors reported
in the log file.
Meeting and resource scheduling — Problems and error messages

These topics describe problems and errors that occur with scheduling
meetings or resources:
• Free time information isn’t available
• “No resource/room found for time and/or capacity requirements”
• “Can’t Find User in Name and Address Book”
• “Cannot perform this action locally”
Free time information isn’t available
If, while scheduling a meeting, a user can’t look up free time for a
particular invitee because the invitee’s schedule is grayed out in the Free
Time dialog box or if no users’ free time information can be accessed and
the message “No scheduling information for the requested users could be
found at this time” appears, use these tips to troubleshoot the problem.
1. Check that the invitee’s name is spelled correctly on the meeting
invitation. If the invitee belongs to a different domain, be sure to
specify the invitee’s full hierarchical name, including the domain
name.
2. Check that Domino 4.5 or higher is installed on the invitee’s mail
Troubleshooting
server.
3. Make sure that the mail server is running. Free-time lookups fail if
Domino cannot access the free time database on the invitee’s mail
server because the server is unavailable. If the server isn’t running,
the user can still complete invitation processing, including sending
and receiving meeting-related messages. Also, lookups for other
invitees with free time databases on other servers still work.
4. Check that the Schedule Manager task is running on the mail server.
5. Check that the invitee saved his or her Calendar Profile after
upgrading the design to the Domino 4.5 or higher mail template.
6. Check that the user is included in the list of users who can read the
invitee’s Free time Schedule in the Calendar Profile.
7. Check that the free-time lookup finds schedule information for users
whose mail servers are in a foreign or adjacent domain. If the
free-time lookup fails, make sure a valid Domain document exists. In
addition, check the Calendar Server field in the Domain document to
make sure a valid calendar server has been defined for the domain.
8. Check that the mail servers are running the same protocol. The mail
servers must run the same protocol so that the servers can connect to
each other to perform a free-time lookup.
“Can’t Find User in Name and Address Book”

If this message appears, the entry used in the $BusyName field in a
calendar entry for the Note ID reported in the log doesn’t exist in the
Domino Directory. This situation typically arises when a user leaves the
company and the Domino Directory no longer contains a Person
document for the user. To resolve this error, find the document
associated with the NoteID, and delete the document.
To find the note ID and the document associated with it, see the topic
“Troubleshooting Schedule Manager errors reported in the log” later in
this chapter.
“Cannot perform this action locally”

This message appears when you try to create a Site Profile in the
Resource Reservation database locally on the server. To avoid this
message, when you open the Resource Reservation database, specify the
actual server, instead of “Local.”
“No resource/room found for time and/or capacity requirements”

The message “No resource/room found for time and/or capacity
requirements” may appear when a user creates a reservation in the
Resource Reservation database. This message indicates that the Site
Profile name for that particular resource includes a comma — for
example, Acme, East. Re-create the Site Profile name without the comma
— for example, Acme East.

Troubleshooting Schedule Manager errors reported in the log
Schedule Manager errors in the log (LOG.NSF) report information about
databases that may have a mismatch among the entry used in the
$BusyName field in a calendar entry, the name listed in BUSYTIME.NSF,
and the name in the Domino Directory. Use this procedure to determine
a mismatch.
1. Open the database reported in the log.
2. Choose Create - View.
3. In the View Name field, enter a name for the view — for example,
NoteID.
4. In the View Type field, select Shared.
5. In the “Select a location for the new view” field, select where you
want the view to appear.
6. Click OK.
7. Choose View - Design.
8. Under Recent Databases, click Views.
9. Double-click the new view that you created. If you placed the view
under an existing view, the new view’s name will include the name
of the parent view — for example, Inbox\NoteID.
10. Select the first column in the view, and choose Create - Insert new
column.
11. Choose Design - Column Properties.
12. In the Title field, enter a name for the column — for example, NoteID
— and press ENTER.
13. In the formula pane, for Display, select Formula.
14. Delete anything that currently appears in the Formula pane and
enter the formula:
@NoteID
15. Click the check mark in the formula pane to accept the new formula.
Troubleshooting
16. Press ESCAPE, and click Yes to save the design.
17. Press ESCAPE to close the Designer.
18. Refresh the view so that all of the Note IDs appear in the database.
19. Find the Note ID that the Schedule Manager reported in the log, and
select that document in the view.
20. Choose File - Document Properties.
21. Click the Fields tab.
22. Scroll through the fields in the left box and search for a $BusyName
field.
23. Compare the information in the $BusyName field to the entries in the
BUSYTIME.NSF file and the Domino Directory. Make any
corrections.
Modems and remote connections — Troubleshooting

A variety of conditions can prevent a modem from providing a remote
connection that works. These topics describe common problems and
errors and provide specific suggestions for troubleshooting modems and
remote connections.
• Tools for troubleshooting modems and remote connections describes
tools that you can use to help troubleshoot modem and remote
connection problems.
• How to troubleshoot modems and remote connections describes
steps for trying to solve problems with a modem or remote
connection.
• Modems and remote connections — Problems and error messages
describes problems and errors that users or Domino servers may
encounter while using a modem and a remote connection to a
Domino server.
Tools for troubleshooting modems and remote connections

Logging modem I/O
To record modem phone call information in the log (LOG.NSF), you
must enable logging. Recording modem calls is useful when you
troubleshoot modem connections.
1. Choose File - Preferences - User Preferences and select Ports.
2. Select the port for which you want to log call information.
3. Choose COM Options, and then choose Log modem I/O.
4. Click OK twice.
Reading the message in the log file for a long setup string
When you customize a modem command file, you may include long
setup strings. If a long setup string contains an error, it may be difficult
to determine which command or parameter caused the problem.

To isolate the problematic command or parameter, split the setup string
in half, and enter a new Setup=AT command on the line immediately
following the first half of the setup string. Try to make the connection
again, and then check the log to determine which half of the setup string
is causes the error. Continue splitting the setup string in half until you
locate the command or parameter that causes the problem.
How to troubleshoot modems and remote connections

A server or workstation may not be able to connect properly through a
dialup modem connection to another server or workstation. As a result,
there may be problems transferring information — for example, mail
might not route between two servers connected by a modem. Use these
tips to troubleshoot both sides of the modem connection:
1. Restart the modem and the remote server or workstation. Doing this
usually helps when the modem is behaves erratically — for example,
if the modem dials invalid phone numbers, refuses legitimate
modem commands, flashes the LEDs in irregular patterns, or
displays other unusual behavior.
2. Make sure that the modem is the correct type and model for the
server or workstation. If you think the hardware is damaged, replace
the damaged part with one that you know is working. Make one
change at time so that you can evaluate the effect.
3. Check the modem configuration. Check the DIP switch settings, the
telephone line, and option buttons on the modem.
4. Verify that you’re dialing the correct number. If you’re dialing from
an office that requires it, be sure to precede the phone number with a
9 followed by a comma. Also, be sure to include a 1 and the area or
country code. If you’re sure of the number, contact the remote server
administrator to determine what the problem is.
5. Disable call-waiting. You can temporarily disable call-waiting for
tone dialing by entering *70 as a prefix for the number you dial. For
pulse-dialing, enter 1170 as the prefix. Alternatively, you can
permanently disable call-waiting.
Troubleshooting
6. Unplug other telephone extensions before you make an outgoing
call. You’ll lose the connection if someone attempts to use an
extension on the line you’re dialing out on.
7. Make sure that you’re using an analog line. If the phone system is
digital and your modem is analog, you won’t get a dial tone. Contact
your local phone company for an analog line.
8. Check the COM port, hang-up, dial time-out, and hardware flow
control settings. Port speed and hardware flow control settings
should be the same for modems that are trying to connect. To check
these settings, choose File - Preferences - User Preferences, select
Ports, select the COM port you want to check, and click COM
options.
9. Check the modem command file. Make sure that it’s the correct one
for your modem. Make sure it uses the correct syntax and is free of
any spelling errors, missing command parameters, and incorrect
settings or responses. Check the operating system time stamp and
last revision date of the file to make sure you’re using the correct
version of the file. To do this, use a file manager such as Windows
Explorer. Make sure you specified the correct directory for the file —
for example, the Notes\Data\Modems directory.
10. Check the Connection document in the Domino Directory. Make sure
the fields in the Connection document contain the correct
information for a dialup modem connection.
11. Check the Miscellaneous Events view in the log (LOG.NSF).
Sometimes modems that use the same modem standards can’t
connect to each other because of the way the manufacturer
implemented the standard. Contact the modem manufacturer to
resolve the problem.
12. Check the Phone Calls view in the log. Numerous CRC or
retransmission errors indicate that one or both modems detect
transmission errors. A damaged RJ-11 cord and/or poor phone line
quality may cause these errors. Try another cord and ask the phone
company to check the phone line.
Modems and remote connections — Problems and error messages

These topics provide suggestions for troubleshooting problems you may
encounter with modems and remote connections:
• Data isn’t transferring between two servers using a null modem
• The dialup server cycles through port speeds without initializing the
modem
• Valid commands in the modem command file are ignored

Data isn’t transferring between two servers using a null modem
If you connect two servers with a null modem cable and the servers
make a connection but data does not transfer between them, try these
tips to solve the problem:
1. Replace the modem cable or port with one that you know works
correctly.
2. Change the port speeds. Choose File - Preferences - User Preferences
and select Ports. Select the port you want to modify, and then select
COM Options. Select a port speed that matches the port speed of the
other modem.
The dialup server cycles through port speeds without initializing the
modem
If the log (LOG.NSF) indicates that the server continuously cycles
through port speeds without initializing the modem, the server isn’t able
to connect to or synchronize with the modem. Try these tips to solve the
problem:
1. Turn the modem on and off to reset it.
2. Check the cable connection from the server to the modem. Make sure
that the cable is attached to the correct port and isn’t damaged.
3. Make sure the communication port is correctly configured.
4. Specify a lower port speed. Choose File - Preferences - User
Preferences and select Ports. Select the port you want to modify, and
select COM Options. Select a lower port speed.
5. Replace the serial card and RS-232 interface card with one that you
know works.
Valid commands in the modem command file are ignored

You may notice this problem if you check the log and find that OK
responses are missing after one or more valid commands. Try these tips
to solve the problem:
1. Make sure letters in the AT commands in the modem command file
are either all uppercase or all lowercase. Many modems do not
Troubleshooting
recognize mixed-case commands.
2. Make sure that commands in a long setup string do not exceed the
character limit for the modem. Use the Setup=AT command at the
beginning of each line to split the setup strings into smaller sections.
Platform statistics — Troubleshooting
These topics describe common problems with monitoring statistics. You
can also search for solutions to common problems on the Lotus Support
Services Web site at www.lotus.com/support.
• Platform statistics are not fully initialized
• Setting up platform statistics on Windows NT and Windows 2000
systems
• System configuration issue for platform statistics on Windows NT
and Windows 2000 systems
Platform statistics are not fully initialized

Platform statistics take a few minutes to initialize upon Domino server
startup. If you issue a Show Stat Platform command before initialization,
you get the following message:
PLATFORM not in statistics table
Wait a few minutes and then issue the Show Stat Platform command
again.
Setting up platform statistics on Windows NT and Windows 2000

systems
On Windows NT and Windows 2000 systems, your server must be
configured properly to collect network or Logical Disk statistics. Using
software RAID is not recommended. To set up your system for platform
statistic collection:
1. Enable Logical Disk counters using the diskperf command:
Windows NT command Description
diskperf -y Enables the performance counters.
diskperf Provides status or help information.
Windows 2000 command Description

diskperf -y Enables the performance counters.
diskperf /? Provides help information.
diskperf Provides status or verifies that it has already
been enabled.

2. On Windows NT, enable network counters using the following steps:
a. Enable the SNMP service
b. During installation of the SNMP service, enable the physical
layer property for SNMP. The SNMP server enables the Network
Interface Object and begins collecting network statistics for
platform statistics.
3. Restart the system so that the settings will take effect.
Troubleshooting system setup

During system setup, you may receive one or more of the following
system messages.
SNMP is not enabled

Platform Stats Informational: Please see online help to
enable SNMP service in order to monitor network performance.
The probable cause for this message is that platform statistics detected
that the Network Interface Object was not enabled. Enable the SNMP
service.
Logical disk counters are not enabled

Platform Stats Informational: Please execute diskperf.exe -y
to enable Logical Disk performance counters.
The probable cause is that platform statistics detected that the logical
disk counters were not enabled. Enable logical disk counters.
Platform statistics do not appear to be enabled

Platform not in Statistics Table
Type the following command:

sh perf
The system now displays this message:

Server Performance Monitoring is now enabled.
When the statistics are ready to be displayed, the system displays the
Troubleshooting
following message, where n is the number of current transactions or
users.
n Transactions/Minute, n Users
You can now reissue the sh stat platform command.
nnotes.dll is set to the wrong path
Platform: Notes DLL directory is different from executable
directory. Edit the following Registry setting to conform to
the server being run
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\not
estat\\Performance\\Library.
Upon Domino startup, the path to the nnotes.dll is not set or is set
incorrectly. Multiple installations of Domino may exist on the system and
an earlier installation of Domino is being invoked. Make sure that
nnotes.dll is set to this path:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\not
estat\\Performance\\Library
Perfmon was incorrectly installed

Platform Stats Informational: MMC incorrectly installed.
Please reinstall Win2K server to enable performance data
collection.
Perfmon, the performance monitoring package was incorrectly installed

when the system was upgraded. Reinstall the Win2K server.
Note If you need additional information regarding enabling the SNMP
server, refer to your Windows NT or Windows 2000 System
Administration Reference Guide.
System configuration issue for platform statistics on Windows NT

and Windows 2000 systems
On Windows NT and Windows 2000, an error may occur when loading
certain performance dlls. If they do not function properly or take too long
to pass data, the operating system automatically adds a value to the
following Performance registry subkey where TypeOfPerfService may be
PerfProc, PerfOS, or NoteStat:
HKEY_LOCAL_MACHINE\SYSTEM\Services\CurrentControlSet\<TypeOf
PerfService>\Performance.
When the error occurs, the value for the variable “Disable Performance
Counters” is set to 1, which disables performance counters for statistics
such as CPU utilization (Platform.System.PctCombinedCpuUtil) or
Memory (Platform.Memory.PagesPerSec). These counters are found
under the services PerfOS, PerfDisk, PerfProc and PerfNet.

If these statistic counters cannot be located, you may get the following
error message, printed to both the event log and the console:
Platform Stats: _PSHandleDefaultCmd() Unable to set up
default counters error =..."
Although the system may have set the “Disable Performance Counters”
variable under a period of extreme stress on the system, once it has been
set, this variable continues to disable all performance counters relating to
its.dll, until it is manually set back to zero or deleted.
To reset the default counters, search the registry for the phrase “Disable
Performance Counters.” If it occurs under PerfOS, PerfDisk, PerfProc or
PerfNet, manually set it back to zero or delete the entire variable.
Network connections over NRPC — Troubleshooting

If you are unable to connect to a server, do the following before you refer
to any of the port-specific troubleshooting procedures in this section:
1. Trace the attempt to connect to the server by doing one of the
following:
a. From a Notes workstation:
Choose File - Preferences - User Preferences - Ports.
Click Trace.
Specify the server you want to connect to.
In the “Trace options” and “Notes Log options” fields, select
“Full trace information.”
Click Trace.
b. On a server console, enter:
Trace servername
where servername is the hierarchical name of the server you want

to connect to, for example, Mail01/Cleveland/Acme.
Troubleshooting
2. If the requesting system didn’t try to connect on a specific Notes
network port that you want to use, check that the port is enabled.
3. If the port is enabled, make sure that the server is not down.
4. If the server is running, check whether you have a local Connection
document for it, and if so, check that the port you want to use is
selected in that document.
5. If you still cannot connect, it is probably because no address can be
found for the server in the given protocol. Create or modify a local
Connection document to include the server’s protocol-specific
network address.
For more information on ports and Connection documents on Notes
workstations, see Lotus Notes 6 Help.
For more information on server ports and server name-to-address
resolution, see the chapter “Setting Up the Domino Network.”
6. If you still cannot connect, see the procedures that apply to the ports
you have enabled:
• Troubleshooting TCP/IP for NRPC
• Troubleshooting IPX/SPX
For information on preparing to call Lotus Support Services for a
network problem, see the topic “Contacting Lotus Support Services”
Troubleshooting TCP/IP problems for NRPC

These topics describe how to troubleshoot problems with TCP/IP:
• Tools for troubleshooting TCP/IP
• Common TCP/IP error messages on Domino servers
• Common TCP/IP error messages on Notes clients or Domino servers
• How to troubleshoot a TCP/IP problem
• TCP/IP frame types
If you can’t solve your problem, record all of the following information
(gathered as you performed the steps in the preceding topics) before
contacting Lotus Support Services (www.lotus.com/support):
1. Exact quoted error messages
2. TCP stack name and version number (or operating system and
version if the TCP/IP stack is included in the operating system)
3. IP configuration information
4. IP address and host name of Domino server
5. Server document
6. Host file
7. Tracert information (with number of hops)
8. Ping packet size
Note It is recommended that customers prepare a network diagram for
escalation.

Tools for troubleshooting TCP/IP
Connection logging
When connection logging is enabled on a server, the server console
displays the name of the Notes network port for TCP/IP, the IP address
of the requesting system, and the IP address of the destination server for
each connection.
To enable connection logging, add the following setting in the server’s
NOTES.INI file:
Log_Connections=1
TCP/IP error messages -- Server only

These sections describe common error messages on a Domino server
offering NRPC services over TCP/IP.
Error on Listen function: The requested TCP/IP port is in use on this
system.
This message could indicate one of the following problems:
• UNIX systems. You have failed to assign different IP addresses to
each partition on a Domino partitioned server, or you have failed to
follow the port mapping setup instructions properly, and you
attempt to start the additional partition. You may need to stop the
server currently running, so that the new server you are setting up
can finish accessing the setup server for its copy of the Domino
Directory.
For more information about setting up IP addresses or port-mapping
properly, see the chapter “Setting Up the Domino Network.”
Note Failing to configure partitions properly on Windows systems
does not generate an error on startup, but will generate operational
problems.
• Windows 2000 and XP systems. It is possible for an application or
system service to be assigned an ephemeral port number as its local
port number that conflicts with the Domino listening port. Restart the
system so that the process using TCP port number 1352 can release it.
Troubleshooting
When a system running TCP/IP makes each outbound connection,
the TCP software automatically selects a local port number and
assigns it to the connection. This is required in the TCP architecture
so that the server can return packets to the client. This same port
number cannot be used by any other outbound or listening socket
until it is freed. Port numbers in the range 1 - 1024 are called
reserved ports because they are reserved for well-known system
services. The TCP software never uses reserved ports when it must
select a client-side port number at random. Rather, it selects at
random a number from a range above 1024 called the ephemeral port
range. The Internet authority uses the low-end range above 1024 to
assign port numbers to registered applications such as Lotus
Notes/Domino’s NRPC services, which use 1352. Microsoft uses the
ephemeral port range of 1024 - 5000. Therefore, when a server on a
Windows system makes an outbound connection, the ephemeral port
number chosen might be 1352. When this happens and Domino is
started, the NRPC port fails to bind. Often, on startup, servers on
Windows systems make outbound connections to the NetBIOS
session service well-known port and keep these connections active
until the system is restarted. This is the cause of the problem.
Note Most UNIX systems use an ephemeral port range that is at the
top-end of the range of ports, such as 45000 - 65000, so that there is
not likely to be a conflict between the ephemeral port number chosen
and registered port numbers.
To determine if this is the cause of the problem, run Netstat -n -a. If
what you see is similar to one of the following examples, the system
is using port number 1352 and the Domino server cannot start. To
solve this problem, restart the system.
Example 1: Netstat -n -a output of the Domino server active on the
local system using port 1352 as a server
Proto Local Address Foreign Address
State
TCP 10.20.4.137:1352 0.0.0.0:0
LISTENING
Example 2: Netstat -n -a output of the local system accessing an
external system using port 1352 ephemerally
Proto Local Address Foreign Address
State
TCP 10.20.4.137:1352 10.30.10.1:139
ESTABLISHED
To prevent future ephemeral bind conflicts on Windows systems, use
the following instructions to add a registry value that forces TCP to
skip port 1352 when it selects an ephemeral port number:
Run Regedt32 (not Regedit — Regedit does not support the data type
required for the value) and enter the following:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcp
ip\Parameters
Value Name: ReservedPorts
Data Type: REG_MULTI_SZ
Value: 1352-1352

Tip To protect additional ports, you can enter a range (such as 1025
- 1050) or multiple ranges separated by spaces.
Note In Windows 2000 and XP, Netstat might report an additional
line showing the local and remote ports and addresses in the
established state, or a second line showing the client-side port in the
listening state. Thus when you run Netstat on Windows 2000 and XP
systems and compare the results with those on NT systems, the
output can look different. This is only a different method of reporting
listening ports — not a network bug.
Insufficient TCP sockets are available. Consult your vendor’s TCP/IP
documentation to increase the maximum number of sockets.
You have reached a TCP/IP socket limitation. To see how many active
TCP/IP sessions the server system has open, use Netatat with the -n
switch (to disable reverse DNS lookups) and output the listing to a file.
Import the listing to a spreadsheet and count the total number of
connections. Then break the connections down by their state
(Established, Time_Wait, Close_Wait, Fin_Waitn). You should be able to
support more than 2,000 concurrent connections. If not, review your
operating system and TCP/IP stack settings with the operating system
and TCP/IP stack vendor. If you have a large number of Close_Wait
sessions, you may have network-level problems. If you have a buildup of
Time_Wait sessions with HTTP services, review your TCP/IP stack’s
settings to see if the stack offers a setting to time out Time_Wait sessions
sooner.
As a temporary solution or if you can’t make any alterations to the
system or TCP/IP stack, you can limit the number of NRPC sessions the
server will support concurrently, but there will be a performance cost for
doing so. To limit the number of concurrent NRPC sessions, do one of the
following:
• Edit the portname_MaxSessions setting in the NOTES.INI file to limit
the number of sessions that can run on this port.
• Edit the Server_MaxSessions setting in the NOTES.INI file to limit
the total number of active sessions the server can have.
Troubleshooting
Listener task for port <portname> is suspending for 20 seconds due to
listen errors.
See the message “Error on Listen function” earlier in this topic.
The remote TCP/IP host is not running the Domino server, or the
server is busy.
The server is currently not running, or the server can’t accept another
TCP/IP connection or Domain session. Start the server, or verify that it is
running. Check the server to determine if its workload is unacceptably
heavy.
The TCP/IP protocol stack reported that it ran out of memory. Consult
your network documentation to increase configured memory, or
reduce Notes connections by limiting clients (see
SERVER_MAXSESSIONS parameter in Notes Admin Guide).
This error can occur when your server system’s resources are not
correctly sized for the number of inbound and outbound connections or
when events push the server into resource starvation.
• If system memory appears to be low, increase it.
• If you are using Windows NT, you may be encountering a page file
limit. Both Domino and the TCP/IP stack use shared memory. If the
page file is not large enough or the number of pages exceeds what
the operating system can provide, this error appears. Upgrade the
operating system to Windows 2000 with Service Pack 2.
• If inbound client and server connections or the server’s own
outbound connections seem to be experiencing network stability
problems, verify the health of the network by using Netstat with the
-n switch (to disable reverse DNS lookups) and output the listing to a
file. Import the listing to a spreadsheet and count the total number of
connections. Then break the connections down by their state
(Established, Time_Wait, Close_Wait, Fin_Waitn). You should be
able to support more than 2,000 concurrent connections. If not,
review your operating system and TCP/IP stack settings with the
operating system and TCP/IP stack vendor. If you have a large
number of Close_Wait sessions, you may have network-level
problems. If you have a buildup of Time_Wait sessions with HTTP
services, review your TCP/IP stack’s settings to see if the stack offers
a setting to time out Time_Wait sessions sooner.
As a temporary solution or if you can’t make any alterations to the
system or TCP/IP stack, you can limit the number of NRPC sessions the
server will support concurrently, but there will be a performance cost for
doing so. To limit the number of concurrent NRPC sessions, do one of the
following:
• Edit the Port_MaxSessions setting in the NOTES.INI file to limit the
number of sessions that can run on this port.
• Edit the Server_MaxSessions setting in the NOTES.INI file to limit
the total number of active sessions the server can have.

Unable to locate the Domain server’s TCP/IP host. The TCP/IP domain
name server may be down.
Use the “ping” command to verify that DNS is running.
Unexpected TCP error. See the Notes log file on this system for error
code.
Look in the log file to see the reported error code or codes.
KnowledgeBase lists many of the error codes. If you find an error code
that isn’t in KnowledgeBase, report it to Lotus Support Services.
TCP/IP error messages — Client or server

These sections describe common error messages on a Notes client or
Domino server using NRPC services over TCP/IP.
Network operation did not complete in the specified amount of time.
The connection pathway between the client or server system and the
target server was unable to sustain the session. This happens when a
system is accessing a remote server over a slow or very congested WAN.
Possible solutions to this problem are:
• Instead of users’ accessing server-based mail or application files on
the remote server, have them replicate the database files to their local
systems.
• Review your server-to-server replication and mail routing
architecture across the WAN. It is best to use a hub-and-spoke
design, and use Connection documents in Domino to connect the
servers, mirroring the hub-and-spoke architecture. Use Notes name
networks (NNNs) only at each isolated local site and then use
Connection documents to interconnect the sites from the hub
location.
If this error occurs over a LAN, you may be experiencing frame and/or
packet sizing problems because you have a mixed-topology network or
because your network routers’ routing tables are converging. In these
cases, the network pathway to or from the target Domino server cannot
forward the TCP/IP packet stream.
If you are using a remote VPN connection across the Internet, with some
Troubleshooting
VPN client software you can encounter packet sizing issues on the Notes
client or Domino server and/or with the firewall system’s VPN services.
The connection has timed out.
The establishment of the connection took longer than the expected
default of 5 seconds. This can happen when the connection is over a
dial-on-demand ISDN modem connection, remote bridge, or router.
From the Port Setup dialog box, increase the TCP/IP connection-time-out
interval. On a normal LAN, it is best to enter a value of no greater than
10 seconds, as the client or server won’t retry the connection until the
timer has expired.
To access the Port Setup dialog on a Notes client, use File - Preferences -
User Preferences and click Ports. To access this dialog box for a Domino
server, use the Domino Administrator’s Configuration tab and select
Server - Setup Ports from the Tools pane.
Once in the Port Setup dialog box, select the TCP/IP port and click the
port name Options button.
The server is not responding. Possible explanation.
Variations of this error can occur when name-to-address resolution has
completed on the local system, but the server would not respond to that
address. The causes of this error include:
• The Notes Name Service cache in the current Location document
contains a numeric IP address that it originally obtained from the
Server document (Net Address field) of the target Domino server,
and the Server document has since been updated with a new IP
address. Using only host names in the Net Address field makes this
error less likely to occur, as host names usually don’t change.
• The contents of the Net Address field returned by the Notes Name
Service is not the active address, either because of a typographical
error, or because there is more than one enabled Notes network port
for TCP/IP and the port listed first in the Server document is offering
a different FQDN than the second. In this case, if you are trying to
connect through the port listed second, the connection fails.
• The address returned by DNS or hosts files is not the correct address
or is not correct for this location.
To resolve problems associated with this error, follow all the steps in the
topic “How to troubleshoot TCP/IP problems in NRPC” later in this
chapter. To resolve problems involving advanced TCP/IP configurations
(more than one enabled port), see the chapter “Setting Up the Domino
Network.”

The Remote server is not a known TCP/IP host.
This message appears if the translation from server name to TCP/IP
address fails. Follow these steps to troubleshoot the problem:
1. Verify that the server name is correct.
2. If you use a local hosts file for name resolution, enter the server’s IP
address and host name in the hosts file. If the server name does not
match the TCP/IP host name, which is also known as the fully
qualified domain name, enter the server name as an alias for the host
name. For example, for the Domino server Red/Sales/Acme, enter:
130.103.40.1 red.acme.com
red
Note Insert a tab between com and red.

For TCP/IP for the Macintosh, the host name and alias definitions
should look like this:
red.acme.com A 130.103.40.1
red CN red.acme.com
Note Verify that the ordering of the name lookup services is “Host”
first and “DNS” second; otherwise, the hosts file entries may not be
used when you expect them to be (excluding the NetBIOS Name
Service).
3. If you use the Network Information Service (NIS) for name
resolution, ask the UNIX system administrator responsible for the
NIS domain to register the server’s IP address and host name. If the
server name does not match the TCP/IP host name, request that the
server name be registered as an alias for the host name.
4. If you’re using DNS for name resolution, ask the administrator
responsible for the DNS domain to register the server’s IP address
and host name. If the server name does not match the TCP/IP host
name, request that the server name be registered as an alias
(CNAME) for the host name and place the host name in the TCP/IP
port’s Net Address field in the Server document. For example, for a
Domino server named Sales/Boston/Acme with a host name of
Troubleshooting
app01 for the A record, the CNAME record would be sales. The Net
Address field contains either the simple host name, app01, or the
FQDN, app01.acme.com. In the case of port mapping, each
port-mapped server’s common name is added as a CNAME to the A
record for the base port-mapping server.
For more information on DNS resolves, see the topic “Checking TCP/IP
name resolution in NRPC” later in this chapter, as well as the chapter
“Setting Up the Domino Network.”
How to troubleshoot TCP/IP problems in NRPC
To troubleshoot a network problem when using NRPC services over
TCP/IP, do the following in the order shown:
1. Check connectivity.
2. Check name resolution.
3. Check network layout (large LAN or WAN issues).
Checking NRPC connectivity in TCP/IP

Notes connectivity relies on TCP/IP communication. The first step in
troubleshooting TCP/IP is to verify basic TCP/IP configuration and
connectivity.
For Notes and Domino to work properly with TCP/IP, the protocol stack
on each computer must already be configured properly. Ensure that the
brand and version of the protocol stack is certified for use with this
version of Lotus Notes/Domino. For more information, see the protocol
service provider’s documentation.
Use the PING executable to verify IP-level connectivity. The PING
command is available in all Windows and UNIX environments.
1. From the server, ping the server itself by numeric IP address.
For example, at a DOS prompt, type:
PING 131.103.50.159
and press ENTER.

This step confirms the following:
• TCP/IP is installed and configured with a correct address.
• If any other computer has the same IP address. A computer’s IP
address must be unique on a network segment; that is, only one
computer on a network segment can have a particular IP address.
If this fails, TCP/IP is not set up properly on the local machine.
Contact the site’s network administrators for technical assistance.
2. From the server, ping the destination computer (the Notes
workstation) by numeric IP address. This indicates if the path to the
remote host is clear and whether you can communicate with IP
through network routers. If this fails, continue to Step 3.
Tip To obtain the IP address of a Notes workstation, from the
workstation use the commands shown in the table in Step 6.
3. From the workstation, ping the workstation by its own numeric IP
address. If this fails, continue to Step 4.

4. Ping the server from the server itself by its DNS fully qualified
domain name (FQDN) to verify that it was added to the network
correctly; then ping the server from the workstation by FQDN.
For example, type:
PING iodine.lotus.com
5. Ping the server by DNS alias name from the server itself to verify it
was added to the network correctly. Then ping the server from the
workstation. Ideally the server host alias names all should be the
same as the Domino server names. Sometimes the server’s FQDN
may differ from the Domino server’s. That is when the alias name is
used, being the same as the Domino server’s name.
For example, type:
PING Iodine
If you reach this point and the connection is failing between

workstation and server, try creating a Connection document in the
Personal Address Book of the workstation. This document contains
the numeric IP address of the destination server. It is best to resolve
IP addresses by DNS or hosts files and not by Connection
documents.
Note WINSOCK.DLL is the Windows Sockets interface provided
with TCP/IP network software for Microsoft Windows. If you’re
using an incorrect (or incorrectly placed) version of WINSOCK.DLL,
Notes may exhibit problems related to WINSOCK.
6. If pinging by numeric address succeeds, but pinging by the alias
name fails, the problem’s source is in name resolution and not in
physical network connectivity. The following table list the
commands you use (depending on the operating environment the
server or workstation uses) to gather the following information about
the system’s IP configuration:
• IP address
• Host name
Troubleshooting
• If present, the default gateway
If new information appears when the computer is restarted, record
the information and call Lotus Support Services.
After you’ve gathered this information, perform the procedure
“TCP/IP name resolution in NRPC.”
Operating system Command/location to use Explanation
Macintosh Control Panel, TCP/IP, Not applicable
Load Ping, “TCPIP
Config” window
UNIX/Linux ipconfig <interface Different switches or
name> or commands may be required for
ifconfig <interface each UNIX platform; consult a
name> UNIX expert if necessary.
Windows ipconfig (or see the Issue this command at a
NT/2000/XP Network settings in prompt, or see the Network
Control Panel) settings in Control Panel.
Windows 95/98 winipcfg (or see the Issue this command at a
Network settings in prompt, or see the Network
Control Panel) settings in Control Panel.
Checking TCP/IP name resolution in NRPC

If checking connectivity using an IP address appears to work, you need
to check name-to-IP-address resolution. Name-to-IP address resolution
within an organization’s private network space usually takes one of two
forms: locally stored hosts files or the Domain Name System (DNS).
WINS Name Resolution or LMHOSTS resolution are not supported by
Lotus Notes/Domino.
1. Check for illegal characters in the hosts file.
• Make sure there are no illegal characters (such as a space or a
letter) in the numeric IP address; only numbers should appear.
Each section of a dotted decimal numeric IP address should be no
longer than three numbers, and there should be four sections to an
address (for example, 19.99.21.217).
• Make sure there are no illegal characters in the Names fields; only
alphabetic characters, numbers and dashes (-) should appear.
Spaces are not allowed. Underscores (_) are mapped as spaces
within Notes, and should be avoided.
• Some IP stacks will not accept underscore characters.
• Make sure there is only one correctly named hosts file being used.
Rename any other hosts files on the computer (except the current
one).

• Note any recent changes made to the hosts file. Confirm that the
information in the hosts file is correct. The target machines that a
computer may contact must be defined in the local hosts file.
Operating System Location Explanation
Macintosh Macintosh System Folder Not applicable
UNIX/Linux /etc/ Not applicable
Windows 2000 system32 directory Root directory might
vary
Windows XP windows\system32\drivers The OS directory
\etc\ might be renamed
Windows NT wnnt40\system32\drivers The OS directory
\etc\ might be renamed
Windows 95/98 windows\ The OS directory
might be renamed
2. Look at the Server document and determine if the first part of the
server’s fully qualified domain name (FQDN) in the TCP/IP port’s
Net Address field is the same as the server’s common name. For
example:
FQDN = mailhub1.lotus.com
Server common name = Mailhub1
If this is not the case, a name resolution alias is required in the hosts
file or DNS table.
Note If the first part of the FQDN is the same as the server common
name, the problem may be within DNS. For more information, see
the vendor’s documentation for the DNS server.
3. If the Server document has changed recently, restart the server in
order for the changes to take effect.
After you finish checking name resolution, see the topic “Checking a
TCP/IP network pathway” later in this section.
Checking a TCP/IP network pathway
Troubleshooting
If checking name resolution did not solve the problem, check each
network pathway. Be sure to record the information you gather.
Using the Trace Route utility
Use the TRACERT command to determine what network pathway lies
between the source and destination systems. This command determines
the route from one host to another through the network, and displays an
ordered list of the routers in the path with the IP addresses of the
near-side interface of the routers.
Note A dedicated Trace Route utility may not be available on all
platforms, and your firewalls are most likely blocking the ICMP
sub-protocol of IP. Consult the site administrator to see if there is an
equivalent for your platform.
To use TRACERT, type the following at the prompt:
TRACERT servername -d
Where -d tells the command not to resolve addresses to host names.

For example, the results of the TRACERT command might look like this:
C:\>tracert paran -d
Tracing route to santa.north.com [118.111.90.204]
1 10 ms 10 ms 10 ms elves.north.com
[118.111.200.211]
2 <10 ms 10 ms <10 ms rdeer.north.com
[118.111.29.2]
3 <10 ms 10 ms 10 ms santa.north.com
[118.111.90.204]
Trace complete.
In this example, there are two IP routers between the workstation and the
server (three, minus the first one which reported itself, leaving two).
Checking the Maximum Transmission Unit (MTU)
Each end-node system and router port on the network has the ability to
control the size of the TCP/IP packet. Each NIC (port) can have its MTU
set to a different value, and each topology has a different default value.
The network administrator can increase or decrease this setting to meet
the requirements of the network. MTU traffic issues are handled at the
TCP/IP level and not within Notes workstations or Domino servers.
If any of the following situations exist, suspect an MTU problem, and
contact your network administrator:
• There is a mixture of Ethernet and Token-Ring or FDDI network
topologies on the LAN/WAN.
• There are routers between the source and destination of traffic that
could be set up with an incorrect MTU size.
• You are using VPN services across the Internet.
• ATM is being used with emulation [LANE].
TCP/IP frame types
Most UNIX, AS/400, or S/390 systems offer both frame types for 802.3
(Ethernet) to Ethernet V2 (DIX) and SNAP by default. You can remove

the SNAP frame support if you have a routed network with Token-Ring
or FDDI topologies where the router will translate the frame types (free
up non-needed resources).
With Windows-based TCP/IP protocol services, the default frame type
for 802.3 (Ethernet) network topology is v2 DIX and for Token-Ring and
FDDI it is SNAP over LLC.
With Novell ODI-based TCP/IP protocol services, all systems using the
TCP/IP protocol on 802.3 Ethernet should be using the same frame type.
The table below lists the frame types compatible across the different LAN
topologies.
LAN topology and Novell frame types Novell compatible Comments

frame services frame types *
Ethernet v2 (DIX) Ethernet_II Not applicable Recommended for
TCP/IP
IEEE 802.3 (Ethernet) Not applicable Not applicable Not applicable
SNAP Ethernet_SNAP Token-Ring_SN Not applicable
AP and
FDDI_SNAP
IEEE 802.5 Not applicable Not applicable Not applicable
(Token-Ring) and
FDDI
SNAP Token-Ring_SNA Ethernet_SNAP Required for
P & FDDI_SNAP TCP/IP for
Token-Ring and
FDDI networks
* If the bridge or router offers frame translation, other combinations may be

possible.
Note If using a NetWare server as a TCP/IP router, make sure that the
NetWare and Domino server systems are using the same common frame
type for TCP/IP and that only one frame type is being used to support
the TCP/IP protocol in a flat or bridged network.
Troubleshooting
Troubleshooting IPX/SPX network problems
All Domino server access is through the sub-protocol SPX or SPXII. Both
Notes clients and Domino servers use IPX’s NetWare Core Protocol
(NCP) service for name-to-address resolution.
Protocol limitations in the following areas may affect your ability to use
the Domino NRPC protocol over SPX:
• Frame types in the IPX/SPX network
• Source-routing bridges in Token-Ring networks
• IPX name resolution services (Bindery and NDS)
For common error messages in IPX/SPX, see the topic “IPX/SPX error
messages” later in this chapter.
Frame types in the IPX/SPX network

All Domino server and Notes client systems using the IPX protocol need
to use the same IPX frame type across all network segments and
topologies.
Note Make sure that the NetWare and Domino server systems are
manually locked to the same frame type and that only one frame type is
used to support the IPX protocol in the network. Otherwise, you may
have connectivity problems or IPX wrapper errors because of the
different IPX packet sizes the frame types impose.
Note On Notes client systems running Windows, it is best to use the
Control Panel to select a specific frame type for the IPX/SPX network
rather than to detect which type is being used with “Auto Detect” (the
default).

The following table lists the possible frame types across different LAN
topologies:
LAN topology and Novell frame types Novell compatible Comments
frame services frame types*
• Ethernet V2 Ethernet_II Not applicable Recommended for
(DIX) TCP/IP(Used in
very old IPX
networks, not
recommended)
IEEE 802.3
(Ethernet)
• RAW Ethernet_802.3 Not applicable Not applicable
• LLC Ethernet_802.2 Token-Ring and Recommended for
FDDI the IPX protocol
suite
(Recommended
by Novell)
• SNAP Ethernet_SNAP Token-Ring_SNAP For TCP/IP use
and FDDI_SNAP only
IEEE 802.5
(Token-Ring)
• LLC Token-Ring Ethernet_802.2 and Recommended for
FDDI the IPX protocol
suite
(Recommended
by Novell)
• SNAP Token-Ring_SNAP Ethernet_SNAP For TCP/IP use
andFDDI_SNAP only
* If the bridge or router offers frame translation, other combinations may

be possible, but are not recommended.
Source-routing bridges in Token-Ring networks

In addition to the frame type problem, a Token-Ring network has the
problem that Domino servers on another Token-Ring network connected
Troubleshooting
by a source-routing bridge can’t be seen. You may need to apply
source-routing services to the IPX/SPX protocol to pass across a
source-routing bridge network.
Note You must assign the Token-Ring bridge a unique number. If the
bridge connecting two token rings does not have a unique number, the
IPX/SPX connection fails. The NetWare servers, Domino servers, and
other switches or bridges on the given Token-Ring network all share a
common IPX network number within the bridged domain.
1. Make sure that the IPX/SPX network frame types are correctly
configured.
2. Make sure that you have the latest versions of the IPX/SPX protocol
services installed on the all of the Notes clients, Domino servers, and
NetWare servers.
3. Make sure that the Domino server located on the Token-Ring
network that is using source routing can access a local NetWare
server that has source routing enabled, so that either the Bindery or
NDS name resolver service can be established. You must implement
Novell’s source-routing NetWare Loadable Module (NLM) in an
IPX/SPX network.
4. Check that the switch or bridge configuration can support the frame
sizes that the IPX/SPX protocol is using. Many units limit the buffers
to 4096 or 4500 octets (bytes). The IPX/SPX protocol stack settings on
Notes clients or Domino servers may also need to be altered so that
they don’t exceed the switch’s or bridge’s frame size limit.
IPX name resolution services (Bindery and NDS)

Domino servers can use either Bindery, NDS, or both for IPX system
name-to-IPX net/node address resolution (IPXs NCP protocol services).
Bindery services are dynamic in nature. As such, any loss of
communication between the Domino server and the NetWare server or
other NetWare server can cause loss of access. NDS objects once
initialized are static in nature, so as long as the system can access the
NDS tree, it can locate the Domino server.
Note An IPX node address is often the same as the MAC address of the
network adapter card. When crossing bridges between Token-Ring and
Ethernet or between Token-Ring and FDDI there may be issues where
the MAC address and the IPX node numbers are not consistent with the
NDS tree objects of the Domino servers. When Notes clients or Domino
servers are accessing a Domino server on the other side of the bridge via
NDS, they must have consistent MAC and node addresses from their
network segment ({Least/Most Significant Bit order} LSB/LSB or
MSB/MSB, not MSB/LSB or LSB/MSB).

The following table offers some basic guidelines in using Bindery and
NDS services:
Novell server network Bindery NDS Best protocol usage

NetWare 3.12 X Local IPX LANs.
(Bindery only) IPX WAN links not reliable with
Bindery services (not recommended).
NetWare 3.12 X Local IPX LANs, use TCP/IP for WAN
(Bindery only) link access. WAN routers don’t
forward IPX over WAN links or filter
all IPX SAP services over the WAN
links.
NetWare 4.1,4.11 or 5.0 X Local IPX LANs.
(Bindery emulation) * IPX WAN links not reliable with
Bindery services (not recommended).
NetWare 4.1, 4.11 or 5.0 X Local IPX LANs, use TCP/IP for WAN
(Bindery emulation) * link access. WAN Routers don’t
forward IPX over WAN links or filter
all IPX SAP services over the WAN
links.
NetWare 4.1, 4.11 or 5.0 X IPX for both LANs and WAN links.**
(NDS only)
NetWare 4.1, 4.11 or 5.0 X X
(Bindery and NDS)*
*Domino servers can support only one Bindery context entry that the Notes
client and/or Domino server systems can access.
** Recommend filtering Bindery service advertising protocol (SAP) services over
WAN links if there are any Bindery-only devices present on the network.
IPX/SPX error messages

This section describes common error messages for the IPX/SPX protocol.
Error getting connection ID.
This message may appear when you start the Domino server after
Troubleshooting
installing the SPX port driver. This error occurs when a Novell file server,
to which you need to register the Domino server’s name, is unavailable
or the Domino server can’t reach it over the frame type it is using.
If an attempt to log into a Novell server from the Domino server fails or
an SLIST shows no Novell servers are available, the network
administrator must analyze the network to find out why the Domino
server can’t access a Novell file server so that either the Bindery or NDS
name resolve service can be invoked.
NetWare IPX/SPX could not be initialized: Packet size is too large.
This message appears when you have a mix of frame types in use for the
IPX/SPX protocol. Review the frame type the NetWare server and
Domino server are using to make sure that only one common IPX/SPX
frame type is enabled across all of the server systems and network
routers.
NetWare service advertising (SAP) failed to start. Internal error in
Notes NetWare port driver.
Depending on which IPX/SPX stack you are using, you might need to
start the SAP service so the Domino server can register its name with
either the Bindery or NDS name resolve service.
Unable to get default NetWare file server connection.
The server or workstation is unable to read the Domino server network
address from NetWare bindery. The default NetWare file server isn’t
responding to requests. Check that a NetWare file server is available on
the network and that all required NetWare client software is installed
and running.
Unexpected NetWare error. See the log file on this system for error
code.
Contact Lotus Support Services.
Unexpected NetWare IPX or SPX error. See log file for error code.
Contact Lotus Support Services.
Network dialup connections — Troubleshooting

This topic describes how to troubleshoot a network dialup connection
problem. You can also search for solutions to common problems on the
Lotus Support Services Web site at www.lotus.com/support.
If a user installed, set up, and created Connection documents for a
network dialup connection, but the user can’t connect to it, check for
these conditions and correct them, if necessary.
1. Make sure the workstation and/or server has been set up with the
remote access client software — Dial up Networking for Windows 95
and NT or Apple Remote Access for the MacIntosh. If the software
hasn’t been set up, users will get the message “Error initializing
remote LAN service.” Install the network dialup client software on
the server and/or workstation, and then try connecting.
2. Make sure the remote server is accessible. If the modem is busy or
the server is unavailable, the server can’t answer calls.

3. Make sure that the user has the necessary privilege to use a network
dialup connection to dial into the server. If necessary, modify the
user’s privileges. Also, make sure that the user is using the correct
user ID password.
4. Trace the connection to the server. Check the resulting information
for indications that the Connection document isn’t properly
configured. For example, common mistakes in the Connection
document include not listing the current location or failing to enable
the specified port(s).
Note Information from a trace is recorded in the Miscellaneous
Events view of the log. In the Trace Connections Log Options field,
you can set the level of detail to record. For maximum information,
choose Full Trace Information.
5. Use the dialing method provided by the network dialup client to
make the network dialup connection. If the connection fails, check
for the correct configuration and check the modem for problems.
6. If the connection is successful, while the connection is still active,
switch to the Notes workstation or Domino server and attempt to
connect to the destination server. At this point, the workstation or
server should be connected to the LAN. You can temporarily set the
Usage priority field of the network dialup Connection document to
Low to force the connection over the LAN before using the
7. If the previous step succeeds, drop the connection, switch to the
Notes workstation, and choose File - Mobile - Call Server to call the
remote access server. If you previously set the Usage priority field of
the network dialup Connection document to Low, reset the priority
to Normal.
8. Make sure you’re using the correct Connection document. Then,
make sure the information in the Connection document is correct.
After a successful modem connection, cannot establish session

with server
The server is down.
The port is not configured on the Domino server. Troubleshooting
The modem file on the server does not contain the correct connect string.
RAS is currently using the port that the Notes Direct Dialup connection is
attempting to call on the destination server.
Modem does not respond
The modem is not turned on or is not connected.
The modem software is not configured properly.
COM device is in use

You try to access a server using Notes Direct Dialup and your server has
RAS running and only one COM port.
You cannot create a RAS connection

RAS is not configured and/or started on the destination server.
Dial Up Networking is not configured properly on the client.
The modem software is not configured properly.
Error messages
This section lists common error messages displayed on the server console
or at the Notes client, and provides information on what caused the error
and how to recover from it.
Modem command files contains illegal character

You selected the wrong modem.
Select the correct modem file from the COM options - Modem type drop
down box.
The selected modem command file only allows speeds as high as

XXX
The configured modem speed exceeds the supported speed.
Check the maximum modem speed for your modem and configure it in
the COM options - Maximum Port Speed.
Excessive Port or CRC errors on the last connection. Try enabling

hardware flow control on the port or reducing the maximum speed
settings
The configured modem speed exceeds the supported speed.
Enable flow control on the Notes client and Domino Server.
Reduce modem speed on the machine with Port and/or CRC errors.
Communications port unit number is not within valid range.

You have too many ports configured.
Set the valid number of ports on your system. Notes and Domino accept
up to 64 ports.

No dialtone
The modem is not receiving a dial tone.
Check the phone line. Make sure that line is active and plugged into the
modem properly.
If you are in Europe, make sure that you have disabled “wait for dial
tone before dialing” in the COM options box.
Testing network connections using the ping utility

After you establish an Internet connection, you should ensure that the
connection works properly. Run this test before you actually connect the
Domino server to the Internet.
If you have a direct connection to the Internet, the easiest way to test the
connection is to use the ping utility, which asks another computer if it is
running and confirms that the protocol software can respond.
Even if you can use the ping utility successfully, the Domino server
might not be running. When you use the ping utility to contact another
computer, make sure you attempt to contact a computer that is not in
your immediate domain. If you can use the ping command to
successfully contact a computer in another domain, you verify that your
router is working properly.
If you connect to the Internet through a proxy server, try to use the ping
utility on your proxy to test the network connection.
To use the ping utility, type ping at the CONSOLE prompt, followed by
the domain name. For example, type:
ping xyz.com
If successful, the ping utility returns a message in a format similar to the

following:
64 bytes from 130.000.00.00: 1cmp_seq=4, time=0, ms
Tracing a network connection
Troubleshooting
To test a connection to a server, use the Trace command, which provides
detailed information about each step in a server connection. Using the
results of a trace command, you can troubleshoot network connection
problems.
When you attempt to connect to a server, network trace information
automatically appears on the status bar of a Notes workstation or on the
server console, depending on where you initiated the connection attempt.
You can use the NOTES.INI Console_LogLevel setting to control the
level of detail that messages on the status bar contain.
To trace a connection, you can enter this command at the console:
Trace servername
To test whether you can connect to a server through a specific port:

Trace port!!! servername
For more information about the Trace command, see the appendix
Partitioned servers — Troubleshooting

These topics describe solutions to common problems and errors that may
occur with partitioned servers.
• “Server exiting: partition number xx is already in use”
• “Server not responding”
“Server exiting: partition number xx is already in use”

This message appears when you try to start more than one server in a
partition. To correct this, stop all processes associated with the partition.
If that fails, restart the system.
“Server not responding” connecting to a partitioned server

This message may appear if a partitioned server uses TCP/IP port
mapping.
1. If the destination server is sharing a network interface card with a
port-mapping server, check that the port-mapping server is running.
Domino can’t establish a connection to a server sharing the
port-mapping server’s IP address unless the port-mapping server
can redirect the traffic to the port the destination server is listening
on.
2. Make sure that the port-mapping information in the NOTES.INI file
is in the correct order. In the port-mapping server’s NOTES.INI file,
there are entries that reference the other partitioned servers on the
computer. If the lines containing the port-mapping information are
out-of-order, Domino displays the message “Server not responding”
or “Server’s name changed.” Edit the port-mapping server’s

NOTES.INI file, and make sure that the partitioned servers are listed
in numerical order, as in this example:
TCPIP_PortMapping00=
After modifying the NOTES.INI, stop and restart the server so that
the changes take effect.
3. Make sure that the port number appended to the destination server’s
IP address matches the port number in the NOTES.INI file on the
destination server. Also, verify that the server name and
organization are correct.
For example, this setting in the port-mapping server’s NOTES.INI
file assigns the destination server’s IP address and port number:
TCPIP_PortMapping00=CN=Server1/O=Org1,198.114.89.123:135
20
The destination server’s NOTES.INI file contains:

TCPIP_TcpIpAddress=0,198.114.89.123:13520
Passthru connections — Troubleshooting

If passthru isn’t working as expected, check these conditions and correct
them, if necessary. You can also search for solutions to common
problems on the Lotus Support Services Web site at
www.lotus.com/support.
Tip To record connection problems in the log, set the Log Options field
(in the Trace Connections dialog from the Domino Administrator) to Full
Trace Information.
1. Verify that the passthru server is running Domino 4.x or higher. The
destination server can run Notes 3 or Domino 4.x or higher.
2. Check the Server document to ensure that the server is enabled for Troubleshooting
passthru. The “Route through field” on the Security tab in the Server
document restricts who may use a server as a passthru server. By
default, this field is blank, which prevents use of the server as a
passthru server. You can also create a new passthru Connection
document that names a different server that allows passthru to the
destination server.
You can also use the “Access this server” field in the Server
document to restrict who can use passthru to access a server. If this
field is blank on the destination server, the server does not allow
passthru access. Only the users, groups, and servers explicitly named
in this field have passthru access. Note that this field does not restrict
general access to the server, which is controlled by fields on the
Security tab of the Server document.
3. Make sure that the Connection document is properly configured.
Check the log for the message “Unable to find any path to
ServerName,” which indicates that there may not be enough
information in the Domino Directory to determine how to reach the
destination server or that the information in the Domino Directory is
incorrect — for example, server names might be misspelled.
For more information on setting up and tracing connections, see the topic
“Tracing a network connection” earlier in this chapter, as well as the
chapter “Setting Up Server-to-Server Connections.”
Replication — Troubleshooting
These topics describe how to troubleshoot replication.
• Tools for troubleshooting replication describes tools you can use for
troubleshooting replication problems.
• Replication - Problems and error messages describes problems and
errors that users or Domino servers may experience during
replication.
Tools for troubleshooting replication

Database access control list problems, server crashes, protocol problems,
and incorrectly configured Connection documents are common causes of
replication errors. Use these tools to troubleshoot replication.
Cluster replication
The log file (LOG.NSF) provides helpful information for troubleshooting
replication problems within a cluster.

Log file
To access the log, from the Domino Administrator, click the Servers -
Analysis tab and select the log file for the server you want to check. Then
check for replication problems in these views:
• Miscellaneous events
• Phone calls
• Replication events
Tip You can also check replication events from the Replication tab in
the Domino Administrator.
Edit the NOTES.INI file to include the Log_Replication setting, which
allows you to display detailed replication information in the log.
Monitoring Configuration
The Monitoring Results database (STATREP.NSF) is a repository for
pre-configured and custom statistics. It is created when you load the
Collect task, if it doesn’t already exist. You can set alarms for some of
these statistics. For example, you might set an alarm to generate a Failure
report when more than three attempted replications generate an error.
You can also report statistics to any database designed for this purpose,
although typically the database is the Monitoring Results database
(STATREP.NSF).
Note that you can edit the NOTES.INI file to include the
Repl_Error_Tolerance setting, which increases the number of identical
replication errors between two databases that a server tolerates before it
terminates replication. The default tolerance is 2 errors. The higher the
value, the more often messages such as “Out of disk space” appear.
If you run the Event task on a server, you can set up an Event Monitor
document to report replication problems. You can also create a
Replication Monitor document that notifies you if a specific database fails
to replicate within a certain time. To view events from the Domino
Administrator, click the Server - Analysis tab, click Statistics - Events,
and then view the desired report.
Troubleshooting
Replication history
The replication history for a database describes each successful
replication of a database. To view the replication history of a database,
select a database icon and choose File - Database - Properties (or File -
Database - Replication - History).
Replication schedules
You can see a graphical representation of the replication schedules of the
servers in your Domino system. To view replication schedules, from the
Domino Administrator, click the Replication tab.
For more information on viewing replication schedules, see the chapter
“Creating Replicas and Scheduling Replication.”
Replication topology maps

Create a replication topology map to display the replication topology and
identify connections between servers. To view replication topology
maps, from the Domino Administrator, click the Replication tab. You
must load the Topology maps task before you can view a replication
topology map.
For more information on viewing replication topology maps, see the
chapter “Creating Replicas and Scheduling Replication.”
Replication — Problems and error messages

These topics describe how to troubleshoot replication problems.
• Replication isn’t occurring between two servers
• Scheduled replication isn’t occurring between two servers
• One database isn’t replicating between two servers
• Database replica does not contain all the documents it should
• Database replica is not receiving design changes
• Changes to the database title do not replicate
• Database replicas are different sizes
• The database stops replicating and the option Enforce a consistent
ACL is selected
• The database replica has not received ACL changes
• The new replica contains the ACL of the source server but you did
not copy the ACL
• You see the message “Database is not fully initialized yet”
• Deletions are not replicating
• Unexpected deletions occur in a replica
• Deleted documents reappear

Replication isn’t occurring between two servers
When two servers can’t replicate any of the databases between them,
these messages may appear in the log:
• “Unable to replicate with server x: Server Not Responding”
• “Unable to replicate with server x: The Notes server is not a known
TCP/IP Host”
• “Unable to replicate with server x: Your address book does not
contain any cross certificates capable of authenticating the server”
• “Unable to replicate with server x: The server’s address book does
not contain any cross certificates capable of authenticating you”
• “Unable to replicate with server x: You are not authorized to use the
server or remote server”
Check for the following conditions and correct them, if necessary:
1. Create Connection documents that list Replication in the Tasks field.
Unless you enable multiple replicators on the server, make sure that
replication schedules don’t overlap.
2. Verify that the servers have a certificate in common. To verify
certificates, check the server ID files.
a. From the Domino Administrator, click the People and Groups
tab.
c. Choose the appropriate server ID file and click Open.
e. Repeat Steps a through d for the second server.
f. Recertify one or both server IDs, as necessary. If the servers don’t
have a certificate in common, you can also cross-certify them.
3. Make sure the server is available. Check the log for the message
“Unable to replicate with server x : Server not responding,” which
indicates that one server can’t connect to another server for
replication or that server x is unavailable.
Troubleshooting
4. Check the Miscellaneous Events view of the log to see if a network
error message occurred when the server attempted to connect to the
other server.
5. Check the Phone Calls view of the log to see if two servers are unable
to use dialup connections.
Scheduled replication isn’t occurring between two servers
1. Check that the server names are spelled correctly in the Connection
documents.
2. Make sure that multiple Connection documents don’t have
overlapping schedules for the same task in the same direction. If
multiple Connection documents have overlapping schedules, correct
the schedules or enable multiple replicators on the server.
3. If many users access a server or if a server performs many tasks, it
takes longer for Domino to build a list of the databases that two
servers have in common, a task that occurs just prior to replication. If
building the list takes a long time, a scheduled replication may be
delayed. Check server load statistics and, if necessary, replicate only
specific databases, remove obsolete databases from the servers,
and/or move some databases to another server. You can also reduce
the number of users who access the server or reduce the number of
tasks the server performs.
4. Make sure that the server has adequate disk space. If it doesn’t,
remove obsolete databases and/or move some databases to another
server.
One database isn’t replicating between two servers

When replication occurs correctly between two servers but one database
doesn’t replicate correctly, these symptoms might occur:
• The message “Unable to replicate xxx.nsf” appears in the log file.
• Users report that documents are different on each replica.
To correct this problem, try these tips.
1. Check if the database ACL is set up incorrectly. The message “Access
control is set to not allow replication” in the log file indicates that the
servers do not have the correct access to perform replication. Give
the servers enough access in the database ACL to replicate changes.
A server must have:
• Editor access to replicate changes to documents
• Designer access to replicate changes to views and forms
• Manager access to replicate ACL changes
If replication occurs through a passthru server, the passthru server
must also have the necessary access to pass along changes.

2. Check the log file for an “Unable to copy document” or similar
message. This message indicates a corrupted database. To correct the
problem, do one of the following:
Fixup finishes.
3. Check the log file for a “Replication is disabled” message, which
indicates that the database is not enabled for replication. To enable
replication of the source database, choose File - Replication - Settings
- Other and deselect “Temporarily disable replication.”
4. Check if the “Enforce a consistent Access Control List” option has
been set on a replica. Sometimes replication cannot occur because
this option has been set, but the server storing the replica lacks the
appropriate access to replicate the ACL. If this is the case, give the
server Manager access in the database ACL.
5. Make sure there have been recent changes to the database.
Replication occurs only when there are changes to replicate.
Database replica does not contain all the documents it should

If none of the following explanations apply, try clearing the replication
history. Clear replication history using the File - Replication - History
dialog box in the Notes client.
For more information on replication history, see the chapter
“Maintaining Databases.”
Replicas are different sizes

If changes made to one replica have not yet replicated, the content of
replicas may be different until replication occurs.
The source server has insufficient access Troubleshooting

The source server access in a destination replica ACL determines what
the destination replica can receive from the source server. Give the
source server higher access in the destination replica ACL if necessary.
The following message in the server log file (LOG.NSF) indicates
insufficient server access:
Access control is set to not allow replication
There is no destination server in an access list
Access lists allow only a subset of people and servers in the ACL to
access documents. If such access lists exist, add the destination server to
them in the source server replica. If the access list uses a role to define
access, add the destination server to the role on the source server replica.
For more information on server access, see the chapter “Creating
Replicas and Scheduling Replication.”
An intermediate server has insufficient access

If replication between a source and destination server occurs through an
intermediate server, make sure the source and destination server replica
ACLs give the intermediate server high enough access to replicate all
changes.
Replication settings are filtering documents

Some replication settings act as filters that screen out documents and
features. Check the replication settings.
For more information on replication settings, see the chapter “Creating
The server is out of disk space

Check to see if the database is a Domino 4 database and has exceeded the
maximum database size. Ask your Domino administrator to resolve disk
space problems and if necessary, consider moving a replica to another
server or deleting databases on the server.
Older documents weren’t replicated to a new replica

When the replica was created, the date specified for the replication
setting option “Only replicate incoming documents saved or modified
after” is later than it should have been. This option is on the Other panel
of the File - Replication - Settings dialog box in the Notes client. Create a
new replica with an earlier date specified.
Database replica is not receiving design changes

To receive design changes from a source server, the database replica on
the destination server must give the source server at least Designer
access and the source server replica must give the destination server at
least Reader access.

Changes to the database title do not replicate
If the replication setting “Do not send changes in database title & catalog
info to other replicas” is set on the source server replica, the title won’t
replicate. Deselect this setting to replicate a database title. This setting is
on the Send panel in the File - Replication - Settings dialog box in the
Notes client.
For more information on this replication setting, see the chapter
“Creating Replicas and Scheduling Replication.”
Database replicas are different sizes

Database replicas may be different sizes for the following reasons:
Replication settings
Some replication settings cause one replica to receive only a subset of
documents and features from another replica.
Access control list

The ACL prevents a replica from receiving all documents or design
elements from a source replica.
Read ACLs or reader names fields

A destination server isn’t included in a Read ACL or Reader Names field
and therefore doesn’t receive all documents from a source server replica.
View indexes
A view is used in one replica but not in another, and the replica
containing the unused view is smaller because no index is built for the
unused view.
Personal agents, views, or folders

These features used on one replica, but not another, can cause a size
disparity between the replicas.
Deletions are not replicated

Check these replication settings in File - Replication - Settings in the
Troubleshooting
Notes client:
• On the Advanced panel, the Deletions option under “Replicate
incoming” is not selected.
• On the Send panel, the “Do not send deletions made in this replica to
other replicas” option is selected.
Unused space
One replica has been compacted while another has not been compacted.
The database stops replicating and the option Enforce a consistent
ACL is selected
If a user changes a local or remote server database replica’s ACL when
the “Enforce a consistent access control list across all replicas of this
database” option is selected, the database stops replicating. This option is
found on the Advanced panel of the Access Control List dialog box. The
message in the log file is:
Replication cannot proceed because cannot maintain uniform
access control list on replicas
The database replica has not received ACL changes

To receive ACL changes from a source server, the database replica on the
destination server must give the source server Manager access and the
source server must give the destination server at least Reader access.
The new replica contains the ACL of the source server but you did
not copy the ACL
A replica stub is an empty replica that has not yet been populated with
documents. When you select File - Replication - New Replica, Notes
creates a replica stub and populates it with documents, either
immediately or at the next scheduled replication, depending on the
option you select.
Somebody modified the access control list on the source server

before initial replication occurred
If you create a replica stub and somebody modifies the ACL on the
source server before initial replication occurs, the ACL on the source
server becomes the most recent one and replicates to the replica stub.
Simply opening the Access Control List dialog box on the source server
replica and then closing it can cause this problem.
The server times are not synchronized

If you create a complete replica immediately (rather than creating a
replica stub) and the time on the source server is later than the time on
the destination server, the new replica contains the ACL from the source
server.

You see the message “Database is not fully initialized yet”
A replica stub on a workstation hasn’t been manually replicated
If users create replica stubs on their workstations and don’t populate
them with documents according to a schedule, they must manually
replicate to populate the database replica with documents.
The server storing the replica stub doesn’t have adequate access to
pull information
If you rely on scheduled replication to populate a replica stub, the server
storing the replica stub must have at least Reader access in the source
server replica ACL to pull the documents from the source server.
An appropriate Connection document between two servers isn’t in

place
If you rely on scheduled replication to populate a replica stub on a server
with documents from a replica on another server, a correctly-configured
Connection document must exist between the two servers storing the
replica and the replica stub. Confirm with your Domino administrator
that an appropriate Connection document exists.
Replication is disabled
Notes cannot populate a replica stub if replication is disabled on the
source or destination server replica. To check if replication is disabled for
the database, see if the “Temporarily disable replication” option is
deselected. This option is found on the Other panel of File - Replication -
Settings in the Notes client.
Deletions are not replicating

Servers don’t have adequate access to the database
To receive document deletions, the ACL on a destination server replica
must give the source server Editor access or higher and have the access
Troubleshooting
level privilege “Delete documents” selected.
A replication setting is preventing deletions from replicating
Notes client:
• On the Send panel, the option “Do not send deletions made in this
replica to other replicas.” A source server doesn’t send deletions to
another replica if this setting is selected.
• On the Advanced panel, the Deletions option under “Replicate
incoming.” A replica doesn’t receive deletions if this setting is not
selected.
Unexpected deletions occur in a replica

Notes client:
• On the Advanced panel, deselect “Replicate incoming: Deletions” to
prevent a database from receiving deletions made in other replicas.
• On the Other panel, select “Do not send deletions made in this
replica to other replicas” to prevent a database from sending
deletions
Unexpected deletions may also occur for any of the following reasons:
There is a new replication formula in place

A new replication formula overrides previous formulas and removes
documents that don’t match the formula.
A replication setting is automatically removing older, unmodified

documents
The replication setting “Remove documents not modified in the last [ ]
days” removes older, unmodified documents. If the specified number of
days is low, consider increasing the value. This option is on the Space
Saver panel of the File - Replication - Settings dialog box in the Notes
client.
Deleted documents reappear

A purge interval prevents replication of deletions
When a document is deleted, it leaves behind a deletion stub. When the
database replicates, Notes uses the deletion stub to identify and delete
the same document in the replica.
To save disk space, Notes purges deletion stubs that remain from
document deletions according to the replication setting “Remove
documents not modified in the last [ ] days.” If Notes purges the deletion
stubs before they have a chance to replicate, deleted documents can

reappear after the next replication. This option is on the Space Saver
panel of the File - Replication - Settings dialog box in the Notes client.
A document edit writes over a document deletion

• When the same document is modified on different servers between
replication sessions, the document that was modified most
frequently takes precedence, or if both documents are modified only
once, the one modified most recently takes precedence.
• If a document is edited multiple times on one server and deleted on
another server between replication sessions, the edited document
takes precedence because it underwent the greatest number of
changes, even if the deletion was the most recent change.
• If somebody deletes a document on one server and then someone
else updates the document on another server once between
replication sessions, the edit overrides the deletion because both
documents were updated once and the edit occurred after the
deletion.
Server access — Troubleshooting

These topics describe how to troubleshoot server access problems and
errors:
• The administrator can’t enter commands at the server
• Users can’t see a new server in the list of servers
• “Server not responding”
• “You are not authorized to access the server” or similar problems
The administrator can’t enter commands at the server

If an administrator can’t run the workstation program on the server, run
stand-alone server programs, or use the Load, Tell, or Set Configuration
Troubleshooting
commands, the console has been password-protected.
Use the Set Secure command at the console or use the Domino
Administrator to clear the password.
For information on using the Set Secure command, see the appendix
Users can’t see a new server in the list of servers
If users can’t see a new server when they try to add, create, copy, or
replicate a database, make sure that the Domino Directory contains a
Server document for the new server and that the information in the
document is accurate and correctly spelled. If no Server document exists,
create one and then make sure that the new Server document replicates
to all servers in the domain. If a Server document exists and contains
accurate information for the new server, check the log file on both the
user’s home server and the inaccessible server to see if there are network
problems.
“Server not responding”

The message “Server not responding” may appear when you install a
client or try to open any database on a particular server.
1. Check that the Domino server and the network are running.
2. Check if the server has been renamed or recertified. When a user
tries to open a database on a server that has been recertified or
renamed, the message “Server not responding” may appear. Users
should use the new server name to open the database.
3. Check the Server document for an invalid or nonexistent host name
as the Notes RPC proxy. From the Domino Administrator, click the
Configuration tab and open the appropriate Server document. Click
the Ports - Proxies tab. A Domino server that is configured to use
TCP/IP can’t transfer mail or initiate replication with another server
in the local domain if the host name is invalid or nonexistent. In
addition to “Server not responding, ” “No Path Found to Server” and
“Proxy Reports that the Connection Request Failed” messages may
appear.
A Domino server configured to use a Notes RPC proxy attempts to
route all outbound connection requests through the listed proxy,
whether or not the proxy exists. Because most Domino systems don’t
use an RPC proxy, this field should generally be left empty.
Note If full trace logging is enabled in the NOTES.INI file, the log
file records detailed information about failed attempts to connect to a
remote server. The PassThru_LogLevel is typically set 0 to minimize
unnecessary logging.
4. If you’re using NetBIOS, make sure it’s configured properly and that
it’s running on the workstation or server. The workstation and the
server must use the same version of NetBIOS, and the server must be
enabled for sufficient NetBIOS sessions.

Also, filters might prevent broadcast traffic from Notes from crossing
a bridge or router. Bridges and routers are often configured to
suppress broadcast traffic by default, and NetBIOS uses broadcasts
to communicate on networks.
“You are not authorized to access the server” or similar problems

When users or servers get a “not authorized to access the server”
message, try these tips to identify and then fix the problem.
1. Check the Domino Directory.
2. Check the server ID.
3. Check that the user has the proper certification to access the server.
4. Check for network or hardware problems.
Checking the Domino Directory for errors that affect server access
Many conditions that prevent proper access to servers can be traced to
1. Verify that these fields in the Server document contain the correct
information and spelling. For each change you make, be sure to save
the Server document before attempting to access the server again.
Field on the Check this
Network
Configuration tab
Server name Make sure that the full hierarchical server name is
spelled correctly.
Domain name Make sure that the name is spelled correctly.
Port If a COM port is listed, remove it. X.PC COM ports are
only handled in the ports configuration section.
Notes Network Make sure that at least one Notes Network is enabled.
Each port requires a unique Notes network name.
Field on the Check this

Restrictions tab
Troubleshooting
Access server Delete the contents of this field if it contains any
information. Only those names or groups listed in the
field are allowed to access the server.
Not access server Delete the contents of this field if it contains any
information. The users or groups listed in the field are
not allowed to access the server.
2. Make sure the Server document isn’t corrupted. To determine if it is
corrupted, create a new Server document and use it instead of the
old one. If the new Server document resolves the problem, it’s likely
that the original Server document is corrupted. Be sure to create a
backup of the original Server document by either copying and
pasting the original into another Server document or by backing up
the database.
After you create the new Server document, copy the public key into it.
3. Verify that the Certified public key in the server ID file is the same as
the Public key. To do this, copy the certified key and paste it into a
text file, and then compare the two key values, which should be the
same. If the values differ, the server ID was probably created with
the same name based on a different Certifier key. Before altering the
key, create a backup of the Domino Directory.
4. Check Group documents in the Domino Directory for correct user
and server names. In particular, check the Group documents for
groups listed in the “Access server” and “Not access server” fields in
the Server document. In addition, be sure to check the Group Type
setting of these Group documents. The Group type assigned to a
group can affect server access.
5. Resolve any replication or save conflicts in the Groups and People
views.
6. Make sure that all views in the Domino Directory are updated and
not damaged. To rebuild all of the views in that database, enter this
Load updall names.nsf -r
If you suspect that the Domino Directory is corrupted, do one of the

following:
Fixup finishes.
In addition, if you suspect a corrupted Domino Directory, try using a
backup of the Domino Directory (if one is available), or create a new
replica of the Domino Directory.

7. Replace the design of the Domino Directory. Select File - Database -
Replace Design. This ensures that the Domino Directory is using the
correct template file (PUBNAMES.NTF).
8. Check Server document form in the Domino Directory for
customizations that are not supported.
For information about supported customizations, see the appendix
“Customizing the Domino Directory.”
9. Make sure that passthru is properly enabled on the Server document.
For information about enabling passthru, see the topic “Passthru —
Troubleshooting” earlier in this chapter.
Checking the server ID for a problem that affects server access

When the message “You are not authorized to access that server”
appears, the problem can sometimes be the server ID.
1. Check for a damaged server ID. If a server ID is damaged, the
Domino server may start, but users won’t be able to access it. Also,
the message “Server Error: Damaged ID” appears when you start the
Domino server.
If the server ID was recently recertified, the ID may have been
damaged if the Domino server wasn’t shut down before the server
ID was recertified or merged.
If you suspect that the server ID is damaged, you can replace the
server ID with a new ID.
2. Verify that the server has all of the required certificates.
a. From the Domino Administrator, click the People and Groups
tab.
c. Choose the appropriate server ID file and click Open.
e. Recertify the server ID, if necessary.
Troubleshooting
3. Check for a “Public Key...” message that appears when the server
starts. Verify that the public key stored in the Server document
matches the public key stored in the server ID. To do this, copy the
ID’s public key to the clipboard, and then paste it to another
application — for example, into Windows Notepad — so that you
can compare it with the public key in the Server document. Be sure
to perform a full backup of the Domino Directory before altering the
key.
Replacing the server ID
If you suspect that the server ID is damaged, replace it with a backup of
the ID. If you don’t have a backup of the server ID available, create a new
server ID. Be sure to use the same name on the new ID as you used on
the old ID.
1. Shut down the Domino server.
2. Rename the old server ID — for example, Server.OLD. You must
rename the ID to force the ID file to a new location on the hard disk.
3. Copy the backup (or new) server ID to the correct location on hard
drive. ID files are typically located in the Notes\Data directory.
Copying the public key

1. From the Domino Administrator, click the People and Groups tab.
2. From the tool bar, click Certification - ID File.
3. Select the ID file you want and click Open.
4. Click More Options.
5. Click Copy Public Key to copy the entire public key to the clipboard.
6. Paste the public key into the associated document — for example,
into a new Server document.
Server crashes — Troubleshooting

When a server crashes, the simplest solution is to restart it; however, you
might want to find out why it crashed so that you can avoid future
crashes. These topics describe how to troubleshoot a server crash.
• How to troubleshoot server crashes provides steps for collecting
information about and troubleshooting server crashes.
• Server crashes — Problems and error messages describes problems
and errors that relate to server crashes.
How to troubleshoot server crashes

The most common causes of server crashes are the following:
• Low or depleted system resources
• High server workload

• Software problems
• Network problems
• Changes to network or operating system environments
• Changes in hardware configuration — for example, upgraded NICs
— or software configuration
Use these steps to troubleshoot a server crash. If, after completing these
steps, you haven’t resolved the problem, consult your technical support
representative.
1. Collect system information:
• Domino server version
• Operating system version (SYSLEVEL information if the operating
system is OS/2, by typing SYSLEVEL at an OS/2 prompt).
• Network type and version; network protocol(s) and version(s)
(including file dates)
• System level patches
• Server hardware
• Names of API programs and tasks, gateways, backup programs,
executable scripts, third-party programs, and so on.
2. Note any changes to these elements of the Domino environment. If
possible, revert to the previous configuration to determine if the
problem still occurs.
• Operating system changes — for example, did you upgrade the
operating system or apply a new patch?
• Network changes — for example, did you add a new router or
upgrade the network software or firmware?
• Network interface card (NIC) changes — for example, is the NIC
new, or is the NIC software driver old and the operating system
new?
• Domino changes — for example, did you upgrade to a new release
of Domino or migrate new users?
• Other hardware or software changes. Troubleshooting
3. For an OS/2 server crash, check for a crash screen. Collect all codes
that are displayed and check them against the table of OS/2 server
error codes.
For information on these codes, see the topic “Domino OS/2 server
crashes” later in this chapter.
4. If the last message on the console starts with the word “Panic,”
record the entire message.
5. If possible, capture the last screen displayed on the console or save
the Console Log file.
6. Stop all tasks running on the Domino server, and then stop the
Domino server.
7. If an NSD log file was created, verify the time and date of the file,
which should coincide with the time and date of the crash. If
necessary, Lotus Support Services will use this file to identify where
the crash occurred.
Note If a crash doesn’t produce an NSD log file, the server may be
out of disk space or memory.
9. Check the Miscellaneous Events view in the log. Record all entries
that occurred immediately before and after the crash. To do this,
double-click the appropriate entry to open it. In particular, look for
an NSF file in the entry, which may indicate where the crash
occurred. If a particular database appears to have caused the crash,
check the replication history of that database for additional
information.
10. Collect these configuration files:
• CONFIG.SYS — For OS/2
• NOTES.INI — All platforms
• STARTUP.CMD — For OS/2
• PROTOCOL.INI — For OS/2
• NET.CFG — For OS/2 and NetWare
• AUTOEXEC.NCF — For NetWare
• STARTUP.NCF — For NetWare
• Windows diagnostics file — Windows NT
Server crashes — Problems and error messages

These topics describe problems and errors that may cause a server crash:
• Corrupt database causes a server to crash
• Corrupt view causes a server to crash
• Server crashes while updating a database index
• The Router task causes the server to crash
• Domino OS/2 server crashes

Corrupt database causes a server to crash
If an “Unable to copy database,” “Unable to copy document,” or similar
message appears in the Miscellaneous Events view of the log, a database
is corrupted. Do one of the following to correct the problem:
• Run the Fixup task with the -J option. Use this task if the database is
in Domino 5 or higher format and you are using transaction logging.
If you use a backup utility certified for Domino 5 and you run Fixup
-J, perform a full backup of the database as soon as Fixup finishes.
Note The Fixup task can take a significant amount of time to run on a
large database or on the entire server.
For more information on using Fixup to repair corrupted databases, see
the chapter “Maintaining Databases.”
Corrupt view causes a server to crash

If a server crash seems related to a corrupt database view, run the Updall
task on the database with the -r option:
Load updall databasename -r
Note The Updall task can take a significant amount of time to run on a
large database. It will also take a significant amount of time if you run
Updall without specifying the database name, which forces the task to
run on all databases on the server.
Server crashes while updating a database index

If a server crashes while updating a database index, do the following:
1. Run the Updall task on the database with the -r option to fix a
damaged database index:
Load updall databasename -r
Note The Updall task can take a significant amount of time to run
on a large database. It will also take a significant amount of time if
Troubleshooting
you run Updall without specifying the database name, which forces
the task to run on all databases on the server.
2. If Updall does not fix the problem, use this procedure:
a. Make a replica of the corrupted database. Be sure to give the
replica a new file name.
b. Delete the original corrupted database.
c. Use the original database file name to rename the new replica.
d. Restart the server.
The Router task causes the server to crash
In many cases, a crash occurs while a particular task is running. You can
often determine the task from the crash screen or from the NSD log file. If
the crash is related to the Router task, there could be a problem with
MAIL.BOX.
1. Rename MAIL.BOX.
2. Restart the server. The server will automatically create a new
MAIL.BOX.
3. Copy and paste the messages from the old MAIL.BOX to the new
MAIL.BOX.
Domino OS/2 server crashes

If an OS/2 server crashes, a message resembling the following appears:
Trap 000C Internal Processing error at Location #nnn:nnn
Trap 000D CS=nnnn IP=nn xxxxx
CSLIM = nnnn
where nnnn represents error locations and addresses.

Crashed network drivers or an OS/2 problem may cause this error.
Record the addresses and report them to your network administrator.
Then restart the server.
Codes that display when an OS/2 server crashes
When an OS/2 server crashes, the console displays an error code. Record
the code.
Code Meaning Cause

0 Divide error The software is bad.
1.00 Debug exceptions The software is bad. Record all addresses.
2.00 NMI interrupt Stands for non-maskable interrupt. The software is
bad. Record all addresses.
3.00 Breakpoint There is a software problem. Record all addresses.
4.00 Overflow The software is bad. Record all addresses.
5.00 Bound range There is a software problem. Record all addresses.
exceeded
6.00 Invalid opcode There is a software problem. Record all addresses.
7.00 Coprocessor not The software is expecting a math coprocessor, and
available one isn’t installed.
8.00 Double fault Two traps occurred at the same time. Record all
addresses.
continued

Code Meaning Cause
9.00 Coprocessor There is a software problem. Record all addresses.
segment overrun
A/10 Invalid task state There is a software problem. Record all addresses.
segment
B/11 Segment not There is a software problem. Record all addresses.
present
C/12 Stack exception There is a software problem. Ignore this code if it
follows a code D/13.
D/13 General protection There is a software problem or a corrupted database.
F/15 Coprocessor error There is a bad coprocessor chip.
NSD log files

NSD log files can help determine the cause of a server or workstation
crash. A program called NSD (nsd.exe for W32 platforms, nsd.sh for
Unix platforms) creates these files in the Domino data directory (for a
server) or in the Notes data directory (for a workstation). The files
contain information about the tasks which were running when it crashed
as well as general system information.
Server-based certification authority — Troubleshooting

These topics describe common problems with the server-based
certification authority and the CA process. You can also search for
solutions to common problems on the Lotus Support Services Web site at
www.lotus.com/support.
Problems when you create or modify a certifier

If you have problems creating or modifying a server-based CA — for
example, the CA process doesn’t load when you issue the Tell Load CA
command, or returns an error — check the following:
• The administrator’s location document must point to the server on
which the CA process is running.
•
Troubleshooting
The mail file location on the Mail tab of the administrator’s location
document must point to the server on which the CA process is
running.
• The administrator’s public key must be in the Domino Directory for
the server specified in the location document.
• CA administrators must have at least Editor access to the master
Domino Directory for the domain.
CA process takes a long time to make changes to a certifier
When you create a new certifier, make changes to an existing one, or
revoke a certificate, the changes usually take place by the time the CA
process refreshes itself. Sometimes the process takes longer, because:
• The CA process has to create or update the CA configuration
documents, and, in the case of Internet certifiers, post a CRL.
• The CA process may be running on a server other than the one that
hosts the master Domino Directory, adding replication delays to the
process.
• Replication of the Administration Requests database can add delays.
A request or change may be approved on one replica, but the change
has to be replicated to other servers in the domain.
To see the results of any CA process operation immediately, at the server
console type:
Then
tell ca refresh
Then
tell ca stat
to see if the changes have been processed. You may need to repeat the
process more than once.
For more information about configuring and using a server-based CA,
see the chapter “Setting Up a Domino Server-Based Certification
Authority.”
Transaction logging — Troubleshooting

These topics describe common problems with transaction logging. You
can also search for solutions to common problems on the Lotus Support
Services Web site at www.lotus.com/support.
Invalid transaction log path

If Domino cannot access the transaction log path, the server console
displays error messages indicating: the invalid log path, databases
requiring media recovery or Fixup, and a panic.
1. Check the log path to make sure it exists.
2. Check that the server has write access to the log path.

3. If the log path is correct and the device is good, restart the server. The
problem should be fixed and you do not need to continue to step 4.
4. If log path is correct but the device is bad, replace the device on the
log path, or edit the TRANSLOG_Path setting in NOTES.INI to point
to a different log path.
Note If you edit the TRANSLOG_Path setting when you restart the
server, be sure to make the same edit to the “Log path” field in the
Server document. Otherwise, Domino reverts to the old path upon
the next server restart.
5. Restart the server. Domino creates new log files and a control file,
and assigns new DBIIDs to all Domino 5 or higher databases.
6. If “Automatic fixup of corrupt databases” is set to Yes in the Server
document, the Fixup task runs on the databases that require media
recovery or Fixup. Otherwise, you must run the Fixup task manually.
7. Perform full database backups.
Transaction log damaged or corrupted

If the transaction log appears to be damaged or corrupted, the server
console displays error messages indicating: the log is damaged,
databases requiring media recovery or Fixup, and a panic.
The error may occur because of a failed read from or write to the
transaction log.
1. Restart the server to correct the error. If the damaged log error does
not appear again, the log is not damaged.
2. Stop the server again so it shuts down cleanly.
If you continue to received the damaged log error, the active
transaction log is damaged or corrupted.
5. Delete the transaction log files and the control file.
Troubleshooting
6. Restart the server. Domino creates new log files and a control file and
assigns new DBIIDs to all Domino 5 or higher databases.
7. If “Automatic fixup of corrupt databases” is set to Yes in the Server
document, the Fixup task runs on the databases that require media
recovery or Fixup. Otherwise, you must run the Fixup task manually.
If the error occurred during media recovery, an archived log file may
be corrupted.
9. Restart the server to correct the problem, and then stop the server so
it shuts down cleanly.
10. While the server is down, use the third-party backup utility to
perform media recovery. If the archived log still cannot be used,
allow database backups to be restored without the transactions in the
corrupted log.
Web server, Web Navigator, and the Web Administrator —

Troubleshooting
There are a variety of Web server, Web Navigator, and Web
Administrator problems you may encounter.
• Web server — Problems and error messages describes problems and
errors that may occur with the Web server.
• Web Navigator — Problems and error messages describes problems
and errors that may occur with the Web Navigator.
• Web Administrator — Problems and error messages describes
problems and errors that may occur with the Web Administrator.
Web server — Problems and error messages

These topics describe how to troubleshoot some common Web server
problems and errors:
• Users can’t see a list of files on a Web server or access a database
• Users can’t access a Domino Web server via the Internet
• Users are prompted multiple times for their name and password
• The browser displays “Error 403 - Directory Browsing error - Access
forbidden”
Users are prompted multiple times for their name and password
You can configure Domino Web sites so that Domino authenticates and
asks Web users for their credentials only once when they access different
locations. Like other Web servers, Domino adheres to the HTTP
authentication model. When a user accesses a page on a Domino Web
site, the browser keeps track of user credentials, based on the realm that

the Domino server sends to the browser. A realm is a string, which is
typically a URL path, that the server sends to indicate the location, or
path, for which the user has been authenticated.
For example, if your server name is www.acme.com, then
www.acme.com is the top-level realm and www.acme.com/doc,
www.acme.com/hr, and www.acme.com/marketing are the lower-level
realms. If a user authenticates with the server when accessing the home
page for www.acme.com, then the user is authenticated for
www.acme.com and all lower-level realms.
However, if the user accesses www.acme.com/doc first, enters a name
and password and is authenticated, and then accesses
www.acme.com/hr, Domino prompts the user for credentials again. This
second prompt occurs because the browser examines the list of realms
for which Domino has successfully authenticated the user and finds
www.acme.com/doc in the browser realm list. Since www.acme.com/hr
is not a subdirectory of www.acme.com/doc, Domino requires the user
to enter credentials again.
To prevent users from being prompted multiple times for their names
and passwords, direct them to access and authenticate with the highest
level realm that they need to access. This way, Domino asks users for
their credentials only once during the browser session.
If a Web site includes a link to a site on another server and that site
requires authentication, users will be prompted again for their
credentials.
Users can’t access a Domino Web server via the Internet

A firewall server often prevents users from accessing a Domino Web
server via the Internet. If you have a direct Internet connection, you can
ping the Domino server to see if you can access it. If you can ping the
server but still can’t access it, telnet to the server on port 1352 (see your
telnet documentation for details on how to do this). If connecting with
telnet fails, the firewall server may be blocking the TCP port.
Troubleshooting
Users can’t see a list of files on a Web server or access a database
When users try to use the OpenServer command to display a list of files
on a Web server and the message “Database browsing not allowed”
appears, make sure the option “Allow HTTP clients to browser
databases” is enabled in Server document for that server.
If users try to access a database and the message “Unauthorized
exception” appears, make sure they have the appropriate access in the
database ACL.
Browser receives error message “Single Sign-on not Configured”
when accessing an SSO enabled server
Verify that a Web SSO Configuration document exists for either a Web
Site or for the Server document and is enabled in the Session
Authentication field. If using Web Site documents, the Web SSO
Configuration documents appear in the Internet Sites view for the
specified web site. Otherwise, the Web SSO Configuration documents
appear in the Web Configurations view. You should also verify that the
Web SSO Configuration document is encrypted for the server to which
the browser is connecting, by checking the document to see that the
server is listed in the participating server field.
If the Server document’s public key does not match the public key in the
server ID file, then the decryption of the Web SSO document will fail.
This could happen if the ID file was created multiple times and didn’t
update the Server document correctly. Usually there is an error on the
server console indicating that the public key does not match the server
ID. If this happens, then SSO fails because the document could be
encrypted with a public key for which the server does not possess the
corresponding private key necessary for decryption. The way to correct
this is to copy the public key out of the server ID, paste it into the Server
document, and then recreate the Web SSO document.
Debugging session-based authentication problems

In session-based authentication, a cookie is created on the Web server.
Sometimes when the browser returns the cookie it doesn’t work and
authentication fails. Administrators need to be able to see the calls that
the Web server is making to deny the cookie, or to see whether the server
even received it.
The NOTES.INI variable WebSess_Verbose_Trace should be used for
troubleshooting both single server and multi-server (as in single sign-on)
session-based authentication problems. Setting
WebSess_Verbose_Trace=1 enables a Domino Web server to record, at
the server console, detailed information about specific Web session-based
authentication sessions, such as unauthorized, unauthenticated, or
session expiration information.
After you correct the problem, make sure to disable this setting —
remove it or set it to 0 — because using it slows Web server performance.
“Error 403 - Directory Browsing error — Access forbidden”

Check the Server document for an entry in the Home URL or Default
Home page fields. To display a home page on the Web server, one or
both of these fields must contain an entry.

Web Navigator — Problems and error messages
These topics describe how to troubleshoot some common Web Navigator
problems and errors:
• Users can’t send mail to the Internet from a mailto URL
• “TCP/IP host unknown” and “Remote system not responding”.
• “URL Access Denied” message trying to open certain Web pages.
• “The Web Navigator Retrieval process is not running” trying to open
a Web page.
Users can’t send mail to the Internet from a mailto URL

For users to send e-mail to the Internet, you must set up mail routing to
the Internet.
“TCP/IP host unknown” and “Remote system not responding”

Messages such as “TCP/IP host unknown” and “Remote system not
responding” usually indicate problems with the TCP/IP setup. If you
have a direct Internet connection and are able to use the IP address to
ping the remote host successfully, the Web Navigator may not be
running. If you use host names instead of actual IP addresses in
Connection documents, there may be a problem with name resolution.
To fix this problem, check the hosts file to verify that your domain name
system (DNS) can resolve the name to the IP address. If you do not have
a DNS, add the entry to the server’s local hosts file, which maps host
names to IP addresses. The hosts file is usually located in the same
directory as the protocol software. It has a format similar to:
Domino server name IP Host IP Fully Qualified IP Address Comment

name Domain Name
Salt/Sales/Acme salt salt.usa.com 123.3.12.24.5 #Salt server
Pepper/Support/Acme pepper pepper.usa.com 123.3.12.678 #Pepper
server
Troubleshooting
If the host name is the Domino server’s common name, then the hosts file
or DNS will require an alias link as shown here:
Domino server IP Host IP Fully IP Alias name IP Address Comment

name name Qualified entry
Domain Name
Red/Marketing/ ruby ruby.usa.com red within the 123.3.12.212 #Red
Acme host file or red server
CNAME ruby
for the DNS
Purple/IS/Acme violet pepper.usa.com purple within 123.3.12.83 #Purple
the host file or server
purple
CNAME violet
for the DNS
“URL Access Denied” message trying to open certain Web pages

If users try to open a Web page and a “URL Access Denied” message
appears, check the “Internet Site Access Control” section under Server
Tasks - Web Retriever in the Server document for the Web Navigator
server to see if you prevented access to that Internet server.
“The Web Navigator Retrieval process is not running”

When users try to open a Web page within the database, they will get
this message if:
• The Web task stopped running or hasn’t been started on that server.
To resolve this problem, start the Web task on the server the runs the
Web Navigator.
• The server specified in the InterNotes field in either their current
Location document or the Server document for their mail server is
not a server running the Web task. To resolve this problem, specify
the correct server name.
Web Administrator — Problems and error messages

These topics describe how to troubleshoot some common Web
Administrator problems and errors:
• Web Administrator initializes itself when resizing the window
• Unable to log in to the Web Administrator
• New policies do not appear as an option when registering users

Web Administrator initializes itself when resizing the window
If you’re using the Web Administrator with a Netscape 4.x browser and
you resize the browser window, the Web Administrator will reinitialize.
To avoid this problem, resize windows before using the Web
Administrator.
Unable to log in to the Web Administrator

Make sure you have the proper access level and roles in the ACL for the
Web Administrator database.
For information on access to the Web Administrator, see the chapter
“Setting Up and Using Domino Administration Tools.”
When you start the Web Administrator, Domino asks you for your name
and Internet password, which are stored in your Person document. You
must enter that name and password to access the database. If the Internet
Access security setting in the Server document is set to “less name
variations, more security.”
You may need to re-create the database. The Web Administrator must be
created and configured by the HTTP server to work properly. Do not
attempt to use File - Database - Replace Design or Refresh Design.
To re-create the database
Domino creates the Web Administrator database the first time that the
HTTP task runs on a server. Keep in mind that deleting the database
deletes existing administrator preferences.
1. Enter this command at the console:
tell http quit
2. Delete WEBADMIN.NSF.
3. Enter this command at the console:
load http
Note Do not try to refresh the database from the File menu using File -
Database - Replace Design or Refresh Design.
Troubleshooting
New policies do not appear as an option when registering users
If a policy that has been recently created does not appear as an option
during user registration, reload the Web Administrator so that the new
policy is available.
Server.Load — Troubleshooting
The dynamic link library NNOTES.DLL could not be found in the
specified path
Check to see if SLOAD.EXE was copied to the Notes program directory.
Copying SLOAD.EXE to the Notes program directory should resolve the
issue.
“Error detected on ‘changeto’: ‘No such port known’ (0x0A25)”

This message appears when you use a custom script. Enable the port by
choosing File - Preferences - User Preferences and selecting Ports.
“Error in NIFFindView” messages

Adding documents to a folder that does not exist returns the following:
Error in NIFFindView
add 10 -f $ABC
Error in NIFFindView: 0x0404--Entry not found in index
'add' summary: Added 10 notes
Although it states that 10 notes (documents) were added, no documents

were actually added. Create a folder before adding documents.
“Error in NSFItemAppend: 0x013B — Memory allocation request

exceeded 65,000 bytes”
This message appears when you attempt to add a document containing a
non-summary text item that is larger than 65KB. Do not create
non-summary items that exceed 64KB.
“Cannot create greater than 512 sessions, sessions count reduced

to 512.”
The value supplied for Server_MaxSessions was greater than the limit of
512 for the NT platform. The session count will be reduced to 512, and
the built-in Idle Workload will continue to open 512 sessions to the
Domino server.

Reference
Appendix A
Server Commands
You can use server commands to perform all administration tasks. This
appendix describes how to enter server commands and provides
complete information on using each server command.
Using a console to send commands to a server

Use a server console to see server events as they happen and to send
commands to a server. Server events are also logged to a server’s log file
(LOG.NSF). You can view the log file from the Server - Analysis tab in
There is a server console available directly at a server. There are also
remote consoles available through the Domino Administrator and the
Web Administrator. The types of commands you can send to a server
using a remote console depends on the level of administrator access you
have in the Server document.
For more information on restricting administrator access to a server, see
the chapter “Controlling Access to Domino Servers.” For information on
setting console attributes for a remote console, see the chapter
“Monitoring the Domino Server.”
Some tabs in the Domino Administrator and Web Administrator
automatically display information you would normally see as the result
of entering a server command at a console. For example, when you click
the Server - Status tab, and click Server Tasks you see the equivalent of
the Show Tasks command. In addition, several tabs have tool bars that let
you enter a command via a dialog box. For example, you can enter Tell
commands from the tool bar on the Server - Status tab.
A-1
Capturing server command output in a file
Certain server commands display information that you might want to
capture in a file. Type the server command and on the same line, type a
space and then the following:
> filename.ext
where filename.ext is the name of the file to which you want to save
output. Enter a space after the server command but not after the
redirection symbol (>). For example, this command writes the output of
the Show Tasks command to the file TASKS.OUT in the Notes directory:
Show Tasks > TASKS.OUT
To store output in a file outside the data directory, specify the complete
path to the file.
Entering commands at the console at the server

You can enter commands directly at the console at a server. If a server is
running under a Controller, you must use a remote console instead.
Note Most server commands support the arguments “-?” and “/?” to
display online help. For example, you could enter one of these to obtain
help for the server command Tell Amgr:
Tell Amgr -?
Tell Amgr /?
1. Double-click the Domino server icon if the server isn’t running, or

switch to the console.
Note On a UNIX server, log into the server account, change to the
server’s Notes directory, and enter server.
2. Press ENTER to display the console prompt (>).
3. Enter a server command.
If a command parameter contains a space, enclose it in quotation
marks — for example:
Pull "Acme Server"
Tip To save time and space at the command line, enter the
abbreviation for the server command. You can also press the Up
arrow to display a command that you previously entered.
4. (Optional) Use these key combinations, as necessary:
• Press CTRL+Q or PAUSE to stop the screen display and suspend
access to the server and events in process.
• Press CTRL+R to resume display and access to the server.
A-2 Administering the Domino System, Volume 2

Reference
• Press CTRL+R (or ENTER) to restore a command line. For
example, you might restore a command line if an on-screen event
splits it or if it disappears while you’re typing.
Sending Controller and shell commands from a remote console

A server can run under a Java-based Controller — you start the server by
starting the Controller. You can use remote consoles in the Domino
Administrator or Web Administrator to send commands to a server that
runs under a Controller. You can send Controller commands and shell
(operating system) commands, as well as Domino server commands.
There is also a Java-based remote console available called the Domino
Console that you can use to connect to a Controller.
For information on the Server Controller and Domino Console, see the
To send a shell command to a Controller from a remote console, use the
prefix $, for example:
$Dir c:\tmp
To send a Controller command, use the prefix #, for example:

#Start Domino
If you are sending several shell or Controller commands, you can change
to Shell or Controller command mode in a remote console by entering the
appropriate prefix in the Command box and pressing enter. Then you do
not have to specify the prefix each time you send a command. To exit the
specified command mode, enter the prefix again.
For example, to enter the Controller command mode, enter # in the
Command box. When you are done sending Controller commands, enter
# again to exit Controller command mode.
The following table describes the available Controller commands.
Controller command Description

Broadcast message Broadcasts a specified message to all administrators
connected to the Controller
Disable username(s) Disables a specified administrator’s connection to the
Controller. Connection remains disabled until you use the
Enable User command or until you quit and restart the
Controller. To disable more than one administrator’s
connection, specify multiple names, separated by
commas, for example:
#Disable user1,user2
continued
Server Commands A-3

Controller command Description
Enable username(s) Enables an administrator’s connection that you
previously disabled using the Disable User command. To
enable more than one administrator’s connection, specify
multiple names, separated by commas, for example:
#Enable user1,user2
Kill Domino Stops the processes on a server that is not responding

Quit Stops the Domino server and the Server Controller
Refresh Admins Refreshes the Controller’s information about
administrators from the Domino Directory
Restart Domino Stops the processes on a server that is not responding and
then restarts the server
Set ControllerLog Specifies the number of days worth of log files to keep on
Expiration=days the server. Default is 7 days. Change takes effect at
midnight or when you restart the Server Controller.
Set Specifies the name and path of log files created on a
ControllerLogFile server. By default, log files are stored in the server’s data
Name=path filename directory with filenames that begin with the text dcntrlr,
followed by the creation date, a sequence number and the
file extension .log or .meta. You can specify a different
path, and can specify text to replace the dcntrlr portion of
the log file names.
Change takes effect at midnight or when you restart the
Server Controller.
Set Specifies which type(s) of log file(s) to create on a server
or prevents the creation of log files.
ControllerLogType= • 0 — Do not create log files
value
• 1 — Create .log files that log only data normally seen
at a console
• 2 — Create .meta files that log data normally seen at a
console as well as additional details, such as color,
font, and event filter settings
• 3 — Create both .log files and .meta files
simultaneously
• Setting takes effect immediately.
Show Users Shows the administrators currently connected to the
Controller
Show Processes Shows the tasks running on the Domino server
Start Domino Starts the Domino server if it is down

Reference
Sending commands from the Domino Administrator console
A Domino command can contain up to 255 characters. If an argument for
a command contains a space, enclose it in quotation marks. For example:
PULL “Acme Server.”
Tell Amgr -?
Tell Amgr /?
To send a command from the Domino Administrator console:

1. Make sure you have the administrator access to the server required
for the command you are sending.
For more information, see the chapter “Controlling Access to
Domino Servers.”
2. From the Domino Administrator, connect to the server.
3. Click Server - Status.
4. Click Server Console.
5. Do one of the following to add the command to the Command box:
• Enter the command with any arguments directly in the Command
box.
• Click Commands, select the command from the list, and click OK.
Enter any necessary arguments.
• If you’ve added the command to the Commands menu, select the
Commands menu and select the command from the list.
• If you are sending a Tell command to the Certificate Authority
(CA) process that requires a password as an argument, click the
Commands menu, and select Password Commands to display a
box in which to enter the password. The password box masks the
characters in the password with asterisks.
6. (Optional) To prevent the console from displaying the server output,
click the Send menu and select Quiet Commands.
7. To send the command only to the connected server, click Send. To
send the command to more than one server:
a. Click the Send menu and select Select Servers.
b. In the Domain box, select the Domino Domain of a server to
which you want to send the command.
c. In the Server box, select a server from the selected domain.
Server Commands A-5

d. Click Add.
e. Repeat Steps b - d for each server to which you want to send the
command.
f. (Optional) Select or deselect Quiet Commands to optionally
change the option specified in Step 6.
g. (Optional) Click Create Group, enter a name for the group, and
click OK to save the group of selected servers.
h. Click Send.
Tip You can also select a group you’ve added to the Send menu.
8. If you entered a Controller command or shell command, enter the
following in the Login dialog box that opens:
• In the Server’s Internet Address box, specify the TCP/IP host
name of the server.
• In the User ID box, specify a name in your Person document in the
Domino Directory on the server to which you are connecting.
• In the Password box, specify the password in the “Internet
password” field of your Person document.
• Click OK.
9. (Optional) Do any of the following, as necessary:
• Click Live to display events as they happen on the remote server.
• Click Pause to pause output from the remote server.
• Click Stop to stop events as they happen on the screen.
Adding commands to the Commands menu
If you frequently use the Domino Administrator console to send a
specific command, add it to the Commands menu so it’s easy to select.
For example, if you frequently send a command with a particular
argument, add it to the Commands menu so you don’t have to type the
argument each time you send the command.
1. From the Domino Administrator, click Server - Status.
3. Click the Commands menu and select Custom Commands.
4. Add the command and any arguments.
5. Click Add.
6. Click Save. The Commands menu lists the command.

Reference
Adding a group of servers to the Send menu
If you frequently use the Domino Administrator console to send a
command to a particular group of servers, add the group to the Send
menu:
1. From the Domino Administrator, click Server - Status.
3. Click the Send menu and select Server Groups.
4. To add a group you created previously during the process of sending
a command, click Add Private, select the group, and click Add.
5. To add a group from the Domino Directory, click Add Public, select
the group, and click Add. You can add only groups in the Domino
Directory that are defined as the group type “Servers only.”
6. Click Save. The group now shows in the Send menu.
Sending commands from a Web Administrator console

There are two remote consoles available from the Web Administrator: the
Quick Console and the Live Console. Use the Live Console to send
commands to a Web server running under a Controller. Using the Live
Console you can send Controller and operating system (shell) commands
as well as Domino server commands. To use the Live Console, you must
install Java Plug-in 1.4 or higher and enable it in your Web browser.
Use the Quick Console to send commands to a Web server that does not
run under a Controller. Or use it if you are unable to install or use the
Java Plug-in in your browser.
A Domino command can contain up to 255 characters. If an argument for
a command contains a space, enclose it in quotation marks. For example:
PULL “Acme Server.”
To send a command from a Web Administrator remote console:
1. Make sure you have the administrator access to the server required
for the command you are sending.
For more information, see the chapter “Controlling Access to
Domino Servers.”
2. From the Web Administrator, connect to the server.
3. Click Server - Status.
4. Select Quick Console or Live Console.
Server Commands A-7

5. Do one of the following to add the command to the Command box:
• Enter the command with any arguments directly in the Command
box.
• (Live Console only) Click Commands, select the command from
the list, and click OK. Add any arguments as necessary.
6. Click Send.
Using the Domino Character Console to access the server console

The Domino Character Console (the cconsole program) provides a way
to access the server console from the command line. This feature is
supported only for UNIX platforms.
You can invoke the cconsole program multiple times. You can also run
the cconsole program when there is already an operational Domino
server console; however, the cconsole input and output may also reflect
commands launched from other console processes.
Note The cconsole program is installed into your Notes bin directory.
To start the cconsole program

1. To use cconsole, you must be listed as an Administrator in the name
and address book server document.
2. Change the active directory to your data directory. For example,
enter:
cd ~/notes/data
3. Enter the cconsole command. For example, enter:

/opt/lotus/bin/cconsole
4. Enter the path and file name of your Notes user ID.
5. Enter the password for your Notes user ID.
6. To exit cconsole, type:
done
Remote cconsole
The cconsole program doesn’t start if the Domino server isn’t running on
the same machine as the cconsole program. If the server fails while
cconsole is running, cconsole may not automatically shut down. In this
case, enter the “done” command to exit the cconsole program.
To run cconsole from a remote machine, first telnet to the machine
running the Domino server.

Reference
Note There is a security risk when running the cconsole program from a
remote machine or from a remote X display. The cconsole program
warns you of this security risk before proceeding. Deploy a secure
remote protocol — such as encrypted telnet. To address this security risk,
if you don’t deploy a secure remote protocol, run the cconsole program
only from the local Domino server machine.
Additional console commands

In addition to the current set of Domino server console commands,
cconsole also supports these commands:
Command Result
done Exits cconsole while the Domino server continues to run
live on Enables cconsole as a live console so that you see messages sent to
the server console from other sources
live off Disables the live console so that you see only the commands
entered and the responses to these commands
Command line switches

There are several command line switches that streamline using cconsole.
You type the switches when you start cconsole.
Switch Result
-f Lets you enter the path and file name for the Notes user ID when you
start cconsole so that you aren’t required to respond to the prompts
-i Lets you ignore warnings; warnings continue to appear on the console,
but you won’t be required to respond to them
-l Lets you automatically start that console live when you start cconsole
For example, if you don’t want to wait for the prompt to enter the path
and file name for the Notes user ID, enter this command:
/opt/lotus/bin/cconsole -f notes/data/rrutherford.id
Server Commands A-9

Domino server commands
This list briefly describes the Domino server commands that are
available.
Command Description
Broadcast Sends a message to specified users or to all users of this server.
Dbcache Flush Closes all databases that are currently open in the database
cache.
Drop Closes one or more server sessions.
Exit Stops the server. This command is identical to Quit.
Help Displays a list of server commands with a brief description,
arguments (if any), and the proper syntax for each.
Load Loads and runs a specified server task or program on the
server.
Platform Controls the platform statistics data at the console.
Pull Forces a one-way replication from the specified server to your
server.
Push Forces a one-way replication from your server to specified
server.
Quit Stops the server. This command is identical to the Exit server
command.
Replicate Forces replication between two servers (the server where you
enter this command and the server you specify).
Restart Port Disables transactions (or messages) on the specified port and
then re-enables the port after a brief delay.
Restart Server Stops the server and then restarts the server after a brief delay.
Restart Task Shuts down and then restarts a specified server task.
Route Initiates mail routing with a specific server.
Set Adds or changes a setting in the NOTES.INI file.
Configuration
Set Rules Reloads the server’s mail rules.
Set SCOS Activates or deactivates a shared mail database.
Set Secure Password-protects the console.
Set Statistics Resets a statistic that is cumulative.
Show Agents Displays the name of agents in the database you specify.
Show Allports Displays the configuration for all enabled and disabled ports
on the server.
continued

Reference
Command Description
Show Cluster Displays the local server’s cluster name cache.
Show Displays the current value for a NOTES.INI setting.
Configuration
Show Directory Lists all database files in the data directory and identifies
multiple replicas of a database.
Show Displays the amount of space, in bytes, available on the disk
Diskspace drive (Windows NT or OS/2) or file system (UNIX).
Show Indicates whether the server is responding.
Heartbeat
Show Memory Used for OS/2.
Show Displays a list of open databases on the server and detail
Opendatabases information for the databases.
Show Displays the per minute user/transaction values when the
Performance Domino Server is running.
Show Port Displays traffic and error statistics, and resources used on the
network adapter card or communications port.
Show Schedule Shows the next time that a server task will run.
Show SCOS Displays information about shared mail databases and reloads
the shared mail configuration.
Show Server Shows server status information.
Show Stat Displays Domino server statistics for one or more of the
following: disk space, memory, mail, replication, and network
activity.
Show Stat Displays individual and cumulative platform statistics for all
Platform servers including one or more of the following: logical disk,
paging file, memory, individual network, process, and system.
Show Tasks Displays the server name, the Domino program directory
path, and the status of the active server tasks.
Show For each type of transaction, displays the total number of
Transactions NRPC transactions, the minimum and maximum duration of
the transaction, the total time to perform all transactions, and
the average time to perform the transaction.
Show Users Displays a list of all users who have established sessions with
the server.
Show Xdir Provides information about each directory a server uses for
name resolution.
Start Enables console logging.
Consolelog
continued
Server Commands A-11

Command Description
Start Port Enables transactions (or messages) on the specified port.
Stop Disables console logging.
Consolelog
Stop Port Disables transactions (or messages) on the specified port.
Tell Issues a command to a server program or task.
Trace Tests a connection to a server.
Broadcast
Syntax: Broadcast “message” [usernames or database]
Broadcast “(!) message” [usernames or database]
Description: Sends a message to specified users, users of the specified
database or to all users of this server. Use this command to warn users
when a server is brought down for maintenance. By default, the message
you enter appears in the user’s status bar. To display the message in the
middle of the user’s screen, precede the message with (!).
Examples:
Broadcast “Server ACME will be down in 10 minutes” — Sends a
warning message about impending maintenance on server ACME to all
users on this server.
Broadcast “(!) Server ACME will be down in 10 minutes” — Sends the
same warning message as shown in the example above, but this message
displays in the center of the user’s screen. Note that parentheses () are
entered as part of the command string.
To broadcast a message from the Domino Administrator

You can send messages directly from the Server - Status tab in the
2. In the left pane, select “Server Users” to display the list of current
users in the middle pane.
3. (Optional) In the middle pane, select the users to whom you want to
send the message.
4. If necessary, click Tools to display the tool bar, and then click User -
Broadcast Message.

Reference
Field Action
Broadcast a Choose one:
message to • “Selected user” to send the message to the users you
selected in the middle pane of the Server - Status tab.
• “All connected users” to send the message to all
users with active sessions on the Domino server.
• “All users of a database” to send the message to all
users of a particular database. Enter the directory
string for the database in the field.
Broadcast this Enter the text of the message you want to send.
Message
Show as dialog Click this check box to display the broadcast message in
box on users’ a dialog box on the users’ workstation.
workstation
Dbcache Flush
Syntax: Dbcache flush
Description: Closes all databases that are currently open in the database
cache. Use this command before maintaining databases to flush
databases from the cache.
For more information on the database cache, see the chapter “Improving
Database Performance.”
Drop
Syntax: Drop username
Description: Closes one or more server sessions. To visually confirm
which sessions are dropped, you must enter the Log_Sessions=1 setting
in the server’s NOTES.INI file.
For information on Log_Sessions, see the appendix “NOTES.INI File.”

Examples:
Drop “Sandy” — Closes the current session running under the user name
Sandy.
Drop “Lee” “Fran” — Closes the sessions running under the user names
Lee and Fran.
Drop All — Closes all server sessions.
To drop sessions from the Domino Administrator

You can drop sessions directly from the Server - Status tab in the Domino
Administrator.
2. In the left pane, select “Notes Users” to display the list of current
users in the middle pane.
3. (Optional) In the middle pane, select the user sessions you want to
drop.
4. If necessary, click Tools to display the tool bar, and then click User -
Drop.
5. When prompted as to whether you want to drop the user, click OK.
Exit
Syntax: Exit
Description: Stops the server. This command is identical to Server -
Shutdown.
Before you use Exit to stop the server, use the Broadcast server command
to warn users so they can finish their current tasks before you stop the
server.
If you stop a server while it’s replicating databases or routing mail, these
tasks resume at the next scheduled interval after you restart the server.
Replication or mail routing continues until the databases are fully
replicated and until the complete mail message is transferred or returned
to sender.
Tip You can also stop the server from the Domino Administrator. From
the Domino Administrator, click the Server - Status tab, and then click
Server - Shutdown.

Reference
Help
Syntax: Help
Description: Displays a list of server commands with a brief description,
arguments (if any), and the proper syntax for each.
Load
Syntax: Load programname
Description: Loads and starts a specified server task or program on the
server. You can start a server add-in program or one that takes a
command line for additional data, such as a backup program. The
program you run must be on the server’s search path.
Use the Load command to run a program until it completes or, if the
program runs continually, until you stop the server. Where applicable,
you can include arguments that determine how the program runs.
help for the server command Load Compact:
Load Compact -?
Load Compact /?
Examples:
Load Fixup — Loads and runs the Fixup server task.
Load Object Info OBJECT.NSF — Loads and runs the Shared Mail
Manager and passes along arguments that execute the Info task.
For more information, see the appendix “Server Tasks.”
To load a task from the Domino Administrator

You can load a task directly from the Server - Status tab in the Domino
Administrator.
2. If necessary, click Tools to display the tool bar, and then click Task -
Start.
3. Under “Start new server tasks,” select the task you want to load.
4. (Optional) Uncheck “Show advanced options” if you do not want to
specify advanced options. The box is checked by default for tasks
which do have additional options.
5. Click OK.

Platform
Syntax: Platform <main argument> [<optional arguments>]
Description: Controls the platform statistic feature at the console.
Platform statistics that are affected by the reset command are:
• Fixed — These statistic values do not change. They include
information such as number of disks, or an assigned name. For
example, in the statistic Platform.LogicalDisk.<identifying
number>.PctUtil, the identifying number is a variable that identifies
the disk. This information does not change when a platform reset
command is issued.
• Primary — These are the individual statistic metrics on which
secondary statistics are derived. For example, a total paging file
utilization statistic (Platform.PagingFile.TotalPctUtil) forms the basis
for the secondary average and peak statistics values
(Platform.PagingFile.TotalPctUtil.Avg and
Platform.PagingFile.TotalPctUtil.Peak).
• Secondary — Statistic values that are a combination of, or are
derived from primary statistics.
Arguments:
Arguments Description
Time [<sampling period>] Used with an optional argument, changes the
sampling period to the specified value in minutes. If
not used, displays the current sampling rate. Default
is 1 minute.
Reset Resets the value of primary statistics to zero, and
gathers new set of metrics.
Reset Interval Enable Resets all values each time a new sampling period
begins. Uses the sampling period defined using the
Time argument.
Reset Interval Disable Disables the Reset Interval Enable command.
Pause Pauses the collection and update of performance data.
Resume Resumes the collection and update of performance
data.
For more information on monitoring platform statistics, see the chapter


Reference
Examples:
Use Platform Time <n> to start a new performance data monitoring
session with a sampling period of n minutes. This means that the statistic
value can change every n minutes. For example:
platform time 5
Use the Platform Reset command so that prior existing values are not
used in calculating minimum, average, or maximum values. You may
want to use this command when platform statistics have been
accumulating overnight and you want to clear out the accumulation. For
example:
platform reset
Use the Platform Reset Interval Enable command to reset all values each
time you begin a new sampling period. For example:
Platform Reset Interval Enable
Pull
Syntax: Pull servername [databasename]
Description: Forces a one-way replication from the specified server to
your server. You can also replicate a single database from the specified
server to your server by including the database name on the command
line. The initiating server receives data from the named server, but
doesn’t request that the other server pull data from it. This forces a server
to replicate immediately with the initiating server, overriding any
replication scheduled in the Domino Directory. Enter the server’s full
hierarchical name, if applicable.
You can pull changes immediately if an important database, such as the
Domino Directory, has changed or if a database on your server is
corrupted or has been deleted.
For replication to succeed, make sure that:
• The Domino Directory contains a Server document for each server in
the domain.
• The Domino Directory contains a Connection document to connect to
a remote server.
• Each server’s ID file contains a certificate that the other server
recognizes and trusts.

• Database ACLs allow replication, and the source server has sufficient
access in the ACLs to replicate changes. If you’re using server access
lists, servers must have proper access in the Server document.
If the server is currently replicating, Domino queues the Pull server
command until the current task completes.
To check the status of the Replicator before using Pull, enter this
Show Tasks
The server displays one of the following messages:

• If the server isn’t replicating, the word “Idle” appears next to the
Replicator task.
• If the server is replicating, a message such as “Replicating
CONTRACT.NSF from MARKETING\CONTRACT.NSF” appears.
Examples:
Pull Marketing\Acme — Forces one-way replication with the server
Marketing.
Pull Marketing\Acme NAMES.NSF — Forces one-way replication of the
NAMES.NSF file from the server Marketing.
To replicate from the Domino Administrator

You can replicate directly from the Server - Status tab in the Domino
Administrator.
2. If necessary, click Tools to display the tool bar, and then click Server
- Replicate.
3. Under “Which server do you want to replicate with,” enter the name
of the server to replicate with, or select the server name from the list.
4. For “Replication style,” choose Pull.
5. Choose one:
• Selected database — to select a specific database to replicate. Click
the database button and select a database from the list.
• All databases in common — to replicate all databases that both
servers have in common. This is the default setting.
6. Click Replicate.

Reference
Push
Syntax: Push servername [databasename]
Description: Forces a one-way replication from your server to the
specified server. You can also replicate a single database from your
server to the specified server by including the database name on the
command line. The initiating server sends data to the named server, but
doesn’t request data in return. This forces a server to replicate
immediately with the initiating server, overriding any replication
scheduled in the Domino Directory. Specify the server’s full hierarchical
name, if applicable.
In effect, the Push server command is the functional opposite of the Pull
server command.
Examples:
Push Marketing\Acme — Forces one-way replication with the server
Marketing.
Push Marketing\Acme NAMES.NSF — Forces one-way replication of
the NAMES.NSF file to the server Marketing.

Administrator.
- Replicate.
3. Under “Which server do you want to replicate with?,” enter the
name of the server to replicate with, or select the server name from
the list.
4. For “Replication style,” choose Push.
5. Choose one:
6. Click Replicate.

Quit
Syntax: Quit
Description: Stops the server. This command is identical to the Server -
Shutdown command. However, the Quit server command differs from
the Tell server command, which you use to stop a particular server task
without stopping the server.
to the sender.
Before you use the Quit server command to stop the server, use the
Broadcast server command to warn users to finish their current tasks
before you stop the server.
Tip You can also stop the server from the Domino Administrator. From
the Domino Administrator, click the Server - Status tab. From the tool
bar, click Servers - Shutdown.
Replicate
Syntax: Replicate servername [databasename]
Description: Forces replication between two servers (the server where
you enter this command and the server you specify). Use the server’s full
hierarchical name. If the server name is more than one word, enclose the
entire name in quotes. To force replication of a particular database that
the servers have in common, specify the database name after the server
name. The initiating server (where you’re currently working) first pulls
changes from the other server, and then gives the other server the
opportunity to pull changes from it. You can use this command to
distribute changes quickly or to troubleshoot a replication or
communication problem.
Note The existing replication schedule between the servers determines
how the second server responds to this command. If this replication falls
within the timeframe that the second server replicates with the initiating
server (based on calling schedules and the repeat interval), the second
server pulls changes. Otherwise, it waits for the next scheduled
replication time.

Reference
If the server is already replicating when you issue the command, Domino
queues the command until the current replication ends. To check the
status of the Replicator, enter this command at the console:
Show Tasks
The server displays one of the following messages:

• If the server isn’t replicating, the word “Idle” appears next to the
Replicator program.
• If the server is replicating, a status line, such as “Replicating
CONTRACT.NSF from MARKETING\CONTRACT.NSF,” appears.
To optimize resources Domino only replicates what is necessary. For
example, if the servers recently replicated and no changes have since
been made to any databases on either server, the servers don’t replicate
when you enter a Replicate command. Also, the replication is two-way
only if databases on both servers changed since the last replication. If
databases on only one of the servers changed, the replication is one-way.
To force replication in only one direction, use the Pull or Push server
commands.
Examples:
Replicate Marketing\Acme — Initiates replication between your server
and the Marketing/Acme server. The server console displays messages
indicating when replication begins.
Replicate Marketing\Acme NAMES.NSF — Initiates replication of
NAMES.NSF between your server and the Marketing\Acme.

Administrator.
2. If necessary, click Tools to display the tool bar, and then click Servers
- Replicate.
3. Under “Which server do you want to replicate with?,” enter the
server you want to replicate with, or select the server you want from
the drop-down list.
4. For “Replication style,” choose Push Pull.

5. Choose one:
6. Click Replicate.
Restart Port
Syntax: Restart Port portname
Description: Disables transactions (or messages) on the specified port
and then re-enables the port after a brief delay. The command lets you
stop and start a port without stopping the Domino server.
When you are supporting Internet servers that rely on TCP/IP, you can
restart the TCP/IP port and the Internet ports enter a waiting state. The
Internet ports suspend and keep checking for the TCP/IP port. You will
see the following when using restart port TCPIP:
>restart port tcpip
06/28/2002 12:34:08 PM LDAP Server: Listener failure:
Request failed because the requested port is inactive
06/28/2002 12:34:08 PM LDAP Server: Suspended, waiting 20
seconds for Notes Port Driver [TCPIP] to be restarted
06/28/2002 12:34:11 PM POP3 Server: Listener failure:
06/28/2002 12:34:11 PM POP3 Server: Suspended, waiting 20
06/28/2002 12:34:11 PM SMTP Server: Listener failure:
06/28/2002 12:34:11 PM IMAP Server: Listener failure:
06/28/2002 12:34:11 PM SMTP Server: Suspended, waiting 20
06/28/2002 12:34:11 PM IMAP Server: Suspended, waiting 20
06/28/2002 12:34:28 PM LDAP Server: Suspended, waiting 20
06/28/2002 12:34:29 PM Port TCPIP was successfully disabled

Reference
06/28/2002 12:34:31 PM POP3 Server: Suspended, waiting 20
06/28/2002 12:34:31 PM SMTP Server: Suspended, waiting 20
06/28/2002 12:34:31 PM IMAP Server: Suspended, waiting 20
To see a list of ports you can restart, issue the console command Show
Configuration.
Example:
Restart Port TCP — Disables and re-enables the port named TCP.
Restart Server
Syntax: Restart Server
Description: Stops the server and then restarts the server after a brief
delay.
to the sender.
Before you use Restart Server to stop the server, use the Broadcast server
command to warn users to finish their current tasks before you stop the
server.
Tip You can also use the Domino Administrator to restart the server.
From the Domino Administrator, click the Server - Status tab and use the
tool Server - Restart.
Restart Task
Syntax: Restart Task taskname
Description: Shuts down and restarts a specified server task.
Example: The following command shuts down and restarts the LDAP task:
Restart Task LDAP
Tip You can also use the Domino Administrator to restart a task. From
the Domino Administrator, click the Server - Status tab and use the tool
Task - Restart.

Route
Syntax: Route servername
Description: Initiates mail routing with a specific server. The Route
command overrides any mail routing schedules that you create in the
Connection documents in the Domino Directory. Use the Route
command for servers that are configured for Pull, Pull Push, Push, or
Push Wait routing in the Connection document. Use the server’s full
hierarchical name, if applicable. If the server name is more than one
word, enclose the entire name in quotes. To route to all pending
destinations, use Route *.
Use the Route command to troubleshoot mail problems and to send mail
to or request mail from a server immediately.
If no mail is queued for routing, Domino ignores the Route command.
Use the Tell Router Show command to check for messages pending for
local delivery or to check for messages held because a mail file is over
quota. To check which servers have mail queued, use this command at
the console:
Tell Router show
Examples:
Route Marketing\Acme — Sends mail to the Marketing server in the
Acme domain. The server console displays messages indicating when
routing begins.
Route * — Sends mail to all pending destinations.
Route [$LocalDelivery] — Overrides the next scheduled retry time and
attempts local delivery immediately.
To route mail from the Domino Administrator

You can route mail directly from the Server - Status tab in the Domino
Administrator.
- Route Mail.
3. Under “Route mail with server,” enter the name of the server you
want to route mail to, or select the name of the server from the list.
4. Click Route.

Reference
Set Configuration
Syntax: Set Configuration setting
Description: Adds or changes a setting in the NOTES.INI file.
Tip You can also use the Domino Administrator to add or change many
settings in the NOTES.INI file using the Configuration Settings
document.
Example:
Set Configuration Names = Names,Westnames — Sets the NOTES.INI
Names setting to specify that Domino search both the Names and the
Westnames Domino Directories.
For more information about using the Configuration Settings document
to set NOTES.INI settings, see the appendix “NOTES.INI File.”
Set Rules
Syntax: Set Rules
Description: Reloads the server’s mail rules, enabling new rules to take
effect immediately.
Server mail rules enable administrators to filter messages based on
content in the message headers or body. At startup, the server retrieves
these rules from the Configuration document and registers them as
monitors on each MAIL.BOX database in use. The Server task checks to
see if the server’s mail rules need to be reloaded every 5 minutes. New
rules take effect only after the server reloads the mail rules.
Set SCOS
Syntax: Set SCOS Databasename [Active | Inactive]
where Databasename is the full pathname to a shared mail database.
Description: Activates or deactivates a shared mail database. The Shared
Mail tab of the Server document lets you specify the delivery status and
availability for all shared mail databases in the directory. Using the Set
SCOS command, you can change the availability of an individual shared
mail database.

Example:
Set SCOS C:\LOTUS\DOMINO\DATA\SCOS1\SM000004.NSF
INACTIVE
Prevents new messages from being deposited in the shared mail
database SM000004.NSF. Users still have access to previously-delivered
messages in the database.
Set Secure
Syntax: Set Secure currentpassword
Description: Password-protects the console.
After you password-protect the console, you can’t use the Load, Tell,
Exit, Quit, and Set Configuration server commands or other programs
that aren’t run automatically through Program documents in the Domino
Directory or through the NOTES.INI file until you enter the password.
Console security remains in effect until you clear the password by
entering a second Set Secure command with the same password.
Even if the console is password-protected, keep the server physically
secure to prevent breaches of security at the operating system level.
Examples:
Set Secure abracadabra — Password-protects the console if no password
is currently in effect. In this case, the new password is “abracadabra.”
Set Secure abracadabra sesame — Changes the existing password
“abracadabra” to “sesame.”
Set Secure abracadabra — If the console is already protected by a
password — in this case “abracadabra” — entering a second Set Secure
command with the same password clears the password.
To secure the console from the Domino Administrator

You can secure the console directly from the Server - Status tab in the
2. If necessary, click Tools to display the tool bar, and click Server -
Secure console.

Reference
• To set a password, select “Set” at the bottom of the box, then
complete these fields, and click OK:
Field Enter
Console Password The password you want to set
Verify The same password, again
• To clear a password, select “Clear” at the bottom of the box, then

under “Password,” enter the password and click OK.
• To change a password, select “Change” at the bottom of the box,
then under “Password,” enter the old password and click OK.
Then complete these fields, and click OK:
Field Enter
Password The new password you want to set
Verify The same, new password, again
Set Statistics
Syntax: Set Statistics statisticname
Description: Resets a statistic that is cumulative. Statisticname is a
required parameter that names the statistic to be reset. You can’t use
wildcards (*) with this argument.
For more information on monitoring statistics, see the chapter
Example:
Set Stat Server.Trans.Total — Resets the Server.Trans.Total statistic to 0
Show Agents
Syntax: Show Agents database name [-v]
Description: The Show Agents server command shows all agents
available in the database. The verbose mode ([-v]) shows all agents and
script libraries in the database as well as detail information on both.
Examples:
Show Agents DatabaseName.nsf
Show Agents -v DatabaseName.nsf

Show Allports
Syntax: Show Allports
Description: Displays the configuration for all enabled and disabled
ports on the server.
Example:
The following example shows the output that appears on the server
console when you issue the Show Allports command.
Show Allports
Enabled Ports:
TCPIP=TCP,0,15,0,,12320,
SPX=NWSPX,0,15,0,,12320,
LAN0tcpip=NETBIOS,0,15,0,,12322,
LAN1nb=NETBIOS,3,15,0,,12322,
LAN2ipx=NETBIOS,7,15,0,,12322,
Disabled Ports:
LAN6=NETBIOS,6,15,0,,12320,
LAN8=NETBIOS,8,15,0,,12320,
COM1=XPC,1,15,0,,12326,38400,,hyaccv34.mdm,60,15
LAN1=NETBIOS, 1, 15, 0
COM2=XPC,2,15,0,
COM3=XPC,3,15,0,
COM4=XPC,4,15,0,
COM5=XPC,5,15,0,

Reference
Show Cluster
Syntax: Show Cluster
Description: Displays the local server’s cluster name cache, which
includes a list of all cluster members and their status, based on
information received during the server’s cluster probes.
For more information on server clusters, see Administering Domino
Clusters.
Example:
This example displays the cluster name cache of the Mars server, which
is in the Planets cluster, which is in the Solarsys domain.
Show Cluster
Cluster Information
Cluster name: planets/solarsys, Server name: mars/solarsys
Server cluster probe timeout: 1 minute(s)
Server cluster probe count: 2604
Server cluster probe port: NetBEUI
Server availability threshold: 10
Server availability index: 98 (state: AVAILABLE)
Server availability default minimum transaction time:
3000
Cluster members (2)...
server: mars/solarsys, availability index: 98
server: saturn/solarsys, availability index: BUSY
Show Configuration
Syntax: Show Configuration setting
Description: Displays the current value for a NOTES.INI setting. Use the
Show Configuration and Set Configuration server commands together to
ensure that you correctly set the NOTES.INI settings.
Wildcards are allowed.

Examples:
Show Configuration Domain — Displays the server’s domain
Show Configuration * — Displays all the configuration information for
the server
Show Configuration ???? — Displays any variable that is exactly 4
characters long
Show Directory
Syntax: Show Directory
Description: Lists all database files (for example, NSF and NTF) in the
data directory and specifies whether the data directory contains multiple
replicas of a database. This command works only for the data directory;
you can’t specify another directory.
Tip From the Domino Administrator, click the Files tab to view a list of
all database files in the data directory.
You can also use the Show Directory command to check which databases
have transactional logging enabled.
To see only logged databases, enter this command at the console:
show dir *log
To see only unlogged databases, enter this command at the console:

show dir *nolog
For more information, see the chapter “Transaction Logging.”
Show Diskspace
Syntax: Show Diskspace location
Description: Displays the amount of space, in bytes, available on the disk
drive (Windows NT), or file system (UNIX). If you do not specify a
location, Domino displays the space available on the disk or file system
containing the Domino program directory. If available disk space is low
— for example, under 10MB — free up disk space by deleting
documents, databases, and other files that you don’t need.

Reference
Domino servers installed on Windows NT 3.51 servers and using TCP/IP
and Netbios can’t see mapped drives on another NT server using the
Show Diskspace command at the Domino server prompt. In order for the
Show Diskspace command to work, one of the following conditions must
be met:
• Run the Domino server as an application
• Run the Domino server as an NT server task
Note The Domino server starts before drives are mapped. Therefore,
when you use the command, the drives aren’t visible. To see the mapped
drivers, stop and restart the Domino server or put the Domino server in
the Startup group.
Domino makes calls to the network “redirector” on the system it’s on. In
this environment, NT will provide this service (there is no Netware
redirector). In a NetWare environment, a Domino server can see the disk
space on a network mounted drive if it is logged onto a NetWare file
server.
Tip You can also display the amount of available space by using the
Domino Administrator. From the Domino Administrator, click the Files
tab. If necessary, click Tools, and then from the tool bar, click Disk
Information.
Examples:
How you enter the Show Diskspace command depends on the server’s
operating system.
On a Windows 2000 or Windows NT server, enter this command to
display available space on Drive C:
Show Diskspace C
On a UNIX server, enter this command to display available space in the

/USR directory of a file system:
Show Diskspace /USR
On a UNIX server, enter this command to display available space in the

current directory:
Show Diskspace

Show Heartbeat
Syntax: Show Heartbeat
Description:
The Show Heartbeat server command indicates whether the server is
responding.
Example:
Show Heartbeat
The server responds with a message such as:
elapsed time: #### seconds
Show Memory
Syntax: Show Memory
Description: The Show Memory server command displays the amount of
RAM available on a server, plus the amount of swap memory available
on the boot drive of the Domino server. If the number shown here and
the number shown when you enter a Show Diskspace command are
almost equal, the server may need more RAM.
Examples:
Show Memory — The server responds with a message such as:
Memory Available (including virtual): 5776K bytes
Show Opendatabases
Syntax: Show Opendatabases
Description: The Show Opendatabases server command displays a list of
the open databases on the server as well as the statistics shown in the
example below.
Example: Show Opendatabases
Returns a list of databases in the format shown below:
Database Name Opens|Modi-| File | Sem |Avg
Wait|Wait-| Max
|fied |Handles|Waits|
(ms) | ers |Waiters

Reference
C:\Lotus\Domino\Data\statrep.nsf 1 Y 1 0
0 0 0
C:\Lotus\Domino\Data\events4.nsf 10 N 2 0
0 0 1
C:\Lotus\Domino\Data\mail.box 1 N 1 0
0 0 0
C:\Lotus\Domino\Data\busytime.nsf 1 N 1 0
0 0 0
C:\Lotus\Domino\Data\log.nsf 1 Y 1 0
0 0 0
C:\Lotus\Domino\Data\names.nsf 91 N 16 0
0 0 8
Show Performance
Syntax: Show Performance
Description: Displays the per minute user/transaction values when the
Domino Server is running. To stop showing performance, enter Show
Performance a second time.
Show Port
Syntax: Show Port portname
Description: Displays traffic and error statistics and the resources used
on the network adapter card or communications port. portname can be
any configured port — for example, LAN0tcpip, SPX, LAN1nb,
LAN2ipx, TCPIP, COM1, or COM2..
Tip To check port status from the Notes workstation program, choose
File - Preferences - Notes Preferences - Ports. Highlight the port and
select Show Status. To check the port status from the Domino
Administrator, click the Server - Status tab, and then click Servers - Port
Information. Highlight the port, and select Show Status.
Example:
Show Port LAN0tcpip — Displays the status of LAN0tcpip. As
information appears, press PAUSE to stop the scrolling, and press ENTER
to resume scrolling. Note that using PAUSE at the console stops server
operation. Users can’t access the server until you resume the display.

Show Schedule
Syntax:
Show Schedule servername/taskname/destination
Show Schedule -argument
Description: Shows the next time that a server task runs. Output
includes the type of task and the time it next runs. If you enter a location
as an argument, the workstation replication schedule for that destination
appears.
Arguments:
-Agents — Show which agents are scheduled to run next
-Replication — Shows the next scheduled replication time and the
replication type
-Mailrouting — Shows the next scheduled mail routing time
-Programs — Show which programs are scheduled to run
Examples:
Show Schedule — Displays a list of all scheduled tasks
Show Schedule Fixup — Shows when the Fixup task is scheduled to run
next
Show Schedule -Mailrouting
> sh sched -mail
Scheduled Type Next
schedule
CN=Masterlock/OU=Server/O=Web Mail Routing
CN=MServer0/OU=Server/O=Webadmi Mail Routing
xTest1 Mail Routing
08/02/2002 02:00:00 PM

Reference
Show SCOS
Syntax: Show SCOS [All]
Description: Shows single copy object store (shared mail) information
and reloads the shared mail configuration.
Examples:
SHOW SCOS — displays summary information about the configured
shared mail directories.
Sample output:
Shared mail: Enabled for delivery and transfer
Directory Availability Requested Actual Max Size
c:\lotus\domino\data\scos1
open for delivery 5 5 2048
c:\lotus\domino\data\shared
open for delivery 3 6 9000
Totals 8 11 11048
SHOW SCOS ALL — Displays information about each shared mail

database within a configured directory, as well as summary information
about each shared mail directory.
Sample output:
Directory: c:\lotus\domino\data\scos1 - open for delivery
Number of delivery databases requested: 5.
Number of databases: 5
Maximum Directory Size: 2048 MB
Database Availability State Size
sm000001.nsf Active Enabled 14.68 MB
Total Database Disk Size in Directory: 30.50 MB
Total Database Disk Available in Directory: 2017.50 MB
Total Database Internal Free Space for Directory: 0.33 MB

Show Server
Syntax: Show Server
Description: Shows server status information including the server name,
data directory on the server, time elapsed since server startup,
transaction statistics, and the status of shared, pending, and dead mail.
Tip To view server information from the Domino Administrator, open
the Domain bookmark in the bookmark bar on the left, right click on a
server, and then choose Server Properties.
Output Description
Server name Name you gave to the server during the setup
procedure.
Server directory Directory where the Domino data files are stored.
Elapsed time Days, hours, minutes, and seconds since the server was
started.
Transactions Total number of times the server was used since the
server started. Transactions include: opening a database,
closing a database, writing to a database, routing mail to
a database, and reading from a database.
Transactions/minute Total number of transactions on this server in the past
minute and the past hour. “Peak” is the highest number
of transactions per minute since the server started.
Peak # of sessions Maximum number of sessions (users and servers
connected at one time) since the server started.
Pending mail Number of mail documents waiting to be routed to other
servers and users.
Dead mail Number of undeliverable mail documents that have been
returned to the server. If there are any dead mail
documents, check MAIL.BOX to release them.
continued

Reference
Output Description
Database server The database server performs remote database
operations and all client transactions, such as opening,
closing, reading, and writing to Notes databases;
performing console commands; and listening on serial
and network ports for user requests to connect to a
specific database.
Replicator The Replicator performs database replication between
this server and other servers and workstations. The
Replica task runs the Replicator.
Router The Router routes mail between users on this server and
on other servers. The Router task runs the Router.
Indexer The Indexer builds indexes, or views, of all databases
and keeps track of changes to databases. The Update
task runs the Indexer.
Show Stat
Syntax: Show Stat statisticname
Description: Used without the optional statisticname argument, displays
a list of server statistics for disk space, memory, mail, replication, and
network activity. To display a single statistic, enter the name of the
statistic as the optional argument. To display only a subset of statistics,
add a group of statistics as an optional argument by using an asterisk (*)
as a wildcard.
You can enter this command at the server console to display statistics for
the local server or at the remote server console to display statistics for a
remote server.
For more information on statistics, see the chapter “Monitoring the
Domino Server.”
Tip To view server statistics from the Domino Administrator, click the
Server - Statistics tab.
Examples:
Show Stat — Displays a complete list of statistics
Show Stat Database — Displays statistics for all statistics of the type
Database.x.x
Show Stat Disk.C.* — Displays all disk statistics for drive C
For a list of statistics, see the Advanced - Names & Messages - Statistic
Names view of the Monitoring Configuration database (EVENTS4.NSF).

Show Stat Platform
Syntax: Show Stat Platform statisticgroup
Description: Used without the optional statisticgroup argument, displays
a list of platform statistics for logical disk, paging file, memory, network
activity, processes running, and system activity. To display only a subset
of statistics, add a group of statistics as an optional argument by using
one of the qualifiers. You can enter this command at the server console to
display statistics for the local server or at the remote server console to
display statistics for a remote server.
Statistic Group Qualifier

Network network
Logical disk logicaldisk
Memory memory
Paging file pagingfile
Platform platform
Process process
System system
For more information on platform statistics, see the chapter “Monitoring

Examples:
Show Stat Platform — Displays a complete list of platform statistics
Show Stat platform.logicaldisk.* — Displays all the platform statistics in
the logical disk group
To display a single statistic, enter the name of the statistic as the optional
argument instead of the wildcard (*).
For a list of all platform statistics, see the Advanced - Names & Messages
- Platform Statistic Names view of the Monitoring Configuration
database (EVENTS4.NSF).

Reference
Show Tasks
Syntax: Show Tasks
Description: Displays the tasks on the server, and describes the activity
of the task. Idle tasks are indicated.
Example: Show Tasks displays the task activity or idle, such as the
following sample output.
Agent Manager Executive '1': Idle
HTTP Server Listen for connect requests on TCP Port:80
SMTP Server Control task
Schedule Manager Idle
LDAP Server Control task
Directory Indexer Idle
Tip You can also use the Domino Administrator to view a list of active
tasks. From the Domino Administrator, click the Server - Status tab.
Show Transactions
Syntax: Show Transactions
Description: When the Domino Server is running, displays the following
for each type of transaction: the total number of NRPC transactions
(Count), the minimal duration of the transaction (Min), the maximum
duration of the transaction (Max), the total time to perform all
transactions (Total), and the average time to perform the transaction
(Avg). All times are reported in milliseconds. This command identifies
transactions that require excessive amounts of time.
Note For Internet Protocol Servers — for example, SMTP, POP3, IMAP,
HTTP — use the Show Stat command to monitor statistics. For example,
enter these commands at the server console:
SH STAT SMTP
SH STAT POP3
SH STAT IMAP
SH STAT LDAP
SH STAT Domino (for HTTP Server stats)
SH STAT DIIOP

Example: Show Transactions displays transaction information
Show Trans
Function Count Min Max Total Average
ILLEGAL 600 0 313 2029 3
OPEN_DB 997 0 1410 212142 212
CREATE_DB 200 15 516 15266 76
GET_SPECIAL_NOTE_ID 600 0 562 3684 6
OPEN_NOTE 604 0 781 2710 4
UPDATE_NOTE 59818 0 9280 8501055 142
SET_SPECIAL_NOTE_ID 200 15 328 5825 29
DB_INFO_GET 4 0 16 32 8
DB_MODIFIED_TIME 4 0 0 0 0
DB_REPLINFO_SET 207 0 188 3391 16
DB_REPLINFO_GET 58352 0 1270 62246 1
ALLOC_OBJECT 200 0 391 7172 35
REALLOC_OBJECT 200 0 672 7158 35
READ_OBJECT 600 0 453 1436 2
WRITE_OBJECT 9946 0 1500 274834 27
ALLOC_UPDATE_OBJECT 9359 0 1750 529877 56
FREE_UPDATE_OBJECT 184 0 16 95 0
REMOTE_CONSOLE 3211 500 4000 1620479 504
CLOSE_DB 3 0 31 31 10
CLOSE_COLLECTION 604 0 500 8744 14
OPEN_COLLECTION 605 0 17410 2258889 3733
READ_ENTRIES 3 188 1110 1892 630
NAME_LOOKUP 2 32 47 79 39
NAME_GET_AB 2 0 0 0 0
GET_NAMED_OBJECT_ID 3 0 31 46 15
POLL_DEL_SEQNUM 1 0 0 0 0
SERVER_AVAILABLE_LITE 1 16 16 16 16
START_SERVER 982 15 2500 82666 84

Reference
GET_UNREAD_NOTE_TABLE 601 0 1250 143566 238
SET_DBOPTIONS 400 0 609 3448 8
FINDDESIGN_NOTES 600 0 531 1424 2
Show Users
Syntax: Show Users
Description: Displays a list of all users who have established sessions
with the server, whether the users are actively working in databases or
not, the names of databases that each user has open, and the elapsed
time, in minutes, since the databases were last used.
Tip You can also use the Domino Administrator to view the status of
active users. From the Domino Administrator, click Server - Status. Then
select Database Users. A list of users displays in the middle panel.
Example:
Show Users — Displays user information — for example:
User name Databases open Minutes since last used

Susan Salani MAIL\SSALANI.NSF 6
Alan Jones NAMES.NSF 4
Derek Malone MAIL\DMALONE.NSF 11
Show Xdir
Syntax: Show Xdir
Description: Provides information about each directory a server last
used for name resolution. The output displays the following columns of
information.
DomainName The DomainName columns displays the name of the
domain in which a directory resides. If a directory is configured in the
directory assistance database, the “Domain Name” field in the Directory
Assistance document for the directory determines the directory’s domain
name.

DirectoryType
The DirectoryType column shows the type of directory. A directory can
be one of these types:
• Primary — Primary Domino Directory stored locally
• Configuration — Configuration Directory stored locally
• Remote Primary — Primary Domino Directory stored remotely used
by a server with a Configuration Directory
• Secondary — Extended Directory Catalog, secondary Domino
Directory, or remote LDAP directory configured in the directory
assistance database.
The DirectoryType column also shows the type of domain a directory is
within (Notes or LDAP). If a directory is a remote LDAP directory
configured in the directory assistance database, the directory type is
“LDAP.” Any Domino Directory or Extended Directory Catalog is the
directory type “Notes.”
ClientProtocol
The ClientProtocol column displays the client protocol, Notes and/or
LDAP, for which the directory is enabled. For a directory configured in a
directory assistance database, the value of the “Make this domain
available to” field in the Directory Assistance document for the directory
determines what appears in this column.
This column always shows “Notes” for a Configuration Directory.
Usually a Primary or Remote Primary directory show “Notes & LDAP”
as the client protocols. An exception is if the primary directory is
configured through directory assistance and is disabled for LDAP clients;
in this case only “Notes” shows as the enabled client protocol.
Replica/LDAP Server
The Replica/LDAP Server column shows:
• The file name of a local Domino Directory
• Server path and file name of a Domino Directory accessed over the
network
• The host name of a remote LDAP directory server and the port used
Note If a server uses a condensed Directory Catalog, Show Xdir also
displays the text “Directory Catalog ‘filename’ in use,” where filename is
the file name of the local directory catalog.
Following are examples of the output that appears on the server console
when you issue the Show Xdir command.

Reference
Example 1
This example shows output on a server that uses a local primary Domino
Directory, two secondary Domino Directories (one of which is a local
Extended Directory Catalog), and one remote LDAP directory.
Example 2
This example shows output on a server that uses a Configuration
Directory, a remote primary Domino Directory, and an Extended
Directory Catalog accessed over the network.
Start Consolelog
Syntax: Start Consolelog
Description: Enables output to the console log file.
Example:
Start Consolelog
The Start Consolelog and the Stop Consolelog server commands enable
and disable console logging just as the NOTES.INI variable
CONSOLE_LOG_ENABLED does. The difference between the server
console commands and the NOTES.INI settings is that the console
commands are in effect for the current server session only, whereas the
NOTES.INI settings are “permanent” and take effect each time the server
is started.
For more information on CONSOLE_LOG_ENABLED, see the appendix

Start Port
Syntax: Start Port portname
Description: Enables transactions (or messages) on the specified port.
Use this command after you disable the port with the Stop Port
command.
Example:
Start Port TCP — Enables the port named TCP.
Stop Consolelog
Syntax: Stop Consolelog
Description: Disables output to the console log file.
Example:
Stop Consolelog
The Start Consolelog and the Stop Consolelog server commands enable
and disable console logging just as the NOTES.INI variable
CONSOLE_LOG_ENABLED does. The difference between the server
console commands and the NOTES.INI settings is that the console
commands are in effect for the current server session only, whereas the
NOTES.INI settings are “permanent” and take effect each time the server
is started.
For more information on CONSOLE_LOG_ENABLED, see the appendix
Stop Port
Syntax: Stop Port portname
Description: Disables transactions (or messages) on the specified port.
This command allows you to make changes to the port that take effect
immediately without stopping the Domino server. When you’re finished
making changes to the port, use the Start Port command to re-enable it.
To see a list of ports you can disable, issue the console command Show
Configuration.
Example:
Stop Port TCP — Disables the port named TCP.

Reference
Tell
Syntax: Tell serverprogram
Description: Issues a command to a server program or task. The
command is especially useful for stopping a server task without stopping
the server.
Tell Amgr -?
Tell Amgr /?
Example:
Tell Router Quit — Stops only the Router task. All other tasks on the
server continue to run.
Specialized Tell commands

Some Tell commands are common to all server tasks — for example, Tell
task Quit. Other Tell commands are unique to a particular task. These
tasks have unique Tell commands:
• Administration Process
• Agent Manager
• Certificate Authority Process
• Change Manager
• Cluster Replicator
• DIIOP
• Directory Cataloger
• LDAP
• Router
• Schedule Manager
• SMTP Server
• Statistic Collector
• Web Navigator
• Web Server
For more information on these Tell commands, see the appropriate
sections below.

To enter a Tell command from the Domino Administrator
You can enter a Tell command directly from the Server - Status tab in the
2. Select a task in the top pane.
Tell.
4. Select the options you want and click OK.
5. (Optional) Click Console to see the response to the Tell command.
To stop a task from the Domino Administrator

You can stop a server task from the Domino Administrator. This is the
same as using the Tell command to quit a task.
2. Select the task(s) you want to stop from the top pane of the Server -
Status tab.
Quit.
Administration Process Tell Commands

This table describes additional Tell commands you can use with the
Command Result
Tell Adminp Process All Processes all new and modified immediate,
interval, daily, and delayed requests.
This command doesn’t override timed requests
execution time.
Tell Adminp Process Daily Processes these requests:
• All new and modified daily requests to update
Person documents in the Domino Directory.
• Any outstanding “Rename Person in Unread
List” requests.
Tell Adminp Process Processes all new and modified delayed requests.
Delayed These are requests that are usually carried out
according to the “Start executing on” and “Start
executing at” settings in the Server document.
continued

Reference
Command Result
Tell Adminp Process Processes all immediate requests and all requests
Interval that are usually processed according to the Interval
setting in the Server document.
Tell Adminp Process New Processes all new requests.
Tell Adminp Process Processes all new and modified requests to update
People Person documents in the Domino Directory.
Tell Adminp Process Time Processes all new and modified requests to delete
unlinked mail files.
Tell Adminp Show Displays (and records in the server’s log file) this
Databases information:
• The databases that a particular administration
server updates
• The locations in the database where it updates
Reader and Author fields in the databases it
updates
• The databases that don’t have an administration
server assigned to them
Tell Adminp Quit Stops the Administration Process on a server.
Agent Manager Tell commands

This table describes additional Tell commands you can use with Agent
Manager.
Command Result
Tell Amgr Cancel Cancels the scheduled agent that is currently running.
Specify the agent to be cancelled by entering these
arguments:
“db name” ’agent name’
Example: Tell Amgr Cancel “DatabaseName.nsf”
’AgentName’
Note You can use the Tell Amgr Schedule command to
determine which agents can be cancelled.
Tell Amgr Debug Displays either the current debug settings for the Agent
Manager or lets you set new ones. When using this
command to set debug values, you can use the same flags
used by the Debug_AMgr command in the NOTES.INI file.
These settings take effect immediately; you do not need to
restart the Agent Manager or the server.
continued

Command Result
Tell Amgr Run Runs the agents that you designate with these arguments:
“db name” ’agent name’
Example: Tell Amgr Run “DatabaseName.nsf”
’AgentName’
Tell Amgr Pause Pauses scheduling of agents
Tell Amgr Quit Stops the Agent Manager on a server.
Tell Amgr Resume Resumes scheduling of agents.
Tell Amgr Shows the schedule for all agents scheduled to run for the
Schedule current day. In addition, the command shows the agent
trigger type, the time the agent is scheduled to run, the
name of the agent, and the name of the database on which
the database runs. Checking the Agent Manager schedule
lets you see if an agent is waiting in one of the Agent
Manager queues.
Agent Manager queues:
E - Agents eligible to run
S - Agents scheduled to run
V - Event-triggered agents waiting for their events to occur
Trigger types:
S - Agent is scheduled to run
M - Agent is a new mail-triggered agent
U - Agent is a new/updated document-triggered agent
Tell Amgr Status This command shows a snapshot of the Agent Manager
queues and displays the Agent Manager settings in the
Server document.
Certificate Authority process tell commands

Domino CA process.
Command Result
tell ca quit Stops CA process.
tell ca stat Displays summary information for the certifiers using the
CA process; this includes the certifier’s number, its
hierarchical name, certifier type (Notes or Internet), whether
it is active, and name of the ICL database.
continued

Reference
Command Result
tell ca show Display a list of pending certificate requests, revocation
queue certifier requests, and configuration modification requests for a
number specific certifier, using its number from the results of the “tell
ca status” command. You can also use * to show this
information for all certifiers that are using the CA process.
tell ca activate Activate a certifier if the certifier is created with “Require
certifier number password to activate certifier,” or use this for any certifier
password that has been deactivated. Activation is enabled during CA
setup and creation. Activate a specific certifier by entering its
number from the results of the ’tell ca status’ command. Or
you can actually unlock all server ID/password-protected
certifiers at one time with this command, if you specify “*”
for the certifier number. The CA process then prompts you
for the password for each certifier.
tell ca deactivate Deactivate a certifier. You will need to activate it again in
certifier number order for it to process any request. Use * to deactivate
everything, or deactivate a specific certifier by entering its
number from the results of the ’tell ca status’ command.
tell ca lock idfile Lock all certifiers that were set up with a lock ID, as specified
during CA setup.
tell ca unlock Unlock all certifiers using the ID and password that
idfile password comprise the lock ID. The lock ID is specified during CA
setup.
tell ca CRL issue Issue a non-regular CRL for a specific certifier, where
certifier number certifier number is the number of the certifier specified in the
results of the “tell ca status” command.
tell ca CRL push Push a certifier’s latest regularly scheduled CRL to the
certifier number Domino Directory, where certifier number is the number of
the certifier specified in the results of the “tell ca status”
command.
tell ca CRL info Display CRL information for a specified certifier, where
certifier number certifier number is the number of the certifier specified by the
[s/S/n/N] ’tell ca status’ command. Use s or S for regularly scheduled
CRLs, and n or N for non-regularly scheduled CRLs.
tell ca refresh Force the CA process to refresh its list of certifiers. As a result:
• newly configured certifiers will be added to the CA process
• previously unlocked certifiers will need to be unlocked again
• previously activated certifiers may need to be activated
again, if the activation password has changed
• the Notes certifier ID file in idstorage will be updated
with the latest certificate information
tell ca help List tell ca options

Change Manager tell commands
You can use the Tell Change Man command at the console to control the
Domino Change Manager. The following options are available.
Option Action
quit Stops the Change Manager and all plug-ins.
stop Stops the Change Manager and all plug-ins. Same as Quit.
exit Stops the Change Manager and all plug-ins. Same as Quit.
help Refers you to documentation.
? Refers you to documentation. Same as Help.
restart Stops and then restarts the Change Manager and all plug-in
subsystems.
start plug-in Starts the plug-in. Currently, Control and Monitor are the
defined plug-ins.
stop plug-in Stops the plug-in. Currently, Control and Monitor are the
defined plug-ins.
Note Alternatively, you can also use the forms plug-in stop,
plug-in quit and plug-in kill.
restart plug-in Stops and then starts the plug-in. Currently, Control and
Monitor are the defined plug-ins.
Note Alternatively, you can also use the form plug-in
restart.
plug-in command Attempts to issue the command to the named plug-in, if it
exists and is running.
reset Resets the internal lookup caches.
control process Requests the “PlanControl ” (control) plug-in to process and
check all plans.

Reference
Cluster Replicator Tell commands
Cluster Replicator.
Command Result
Tell Clrepl Log Records information in the server log (LOG.NSF)
immediately, instead of waiting for the next log interval.
The log includes information about all cluster replications
waiting for retry. Use this command when the
Replica.Cluster.Retry.Waiting statistic is non-zero, indicating
that some replications could not be completed and are
awaiting a retry.
After you correct the errors — for example, by restarting the
server that was unavailable — the Cluster Replicator will
succeed on its next retry and the
Replica.Cluster.Retry.Waiting statistic will return to zero.
Tell Clrepl Quit Stops all instances of the Cluster Replicator on a server.
To prevent the Clrepl task from running in future sessions,
remove all instances of the Clrepl task from the ServerTasks
setting in the NOTES.INI file. Disabling the Clrepl task on
one server only prevents replication from that server to other
servers; it doesn’t prevent replication to the server from other
cluster servers.
DIIOP Tell commands

This table describes additional Tell commands you can use with Domino
IIOP.
Command Result
Tell DIIOP Dump Provide a list of the configuration data that DIIOP is
Config using from the Domino Directory. Using dump the
configuration is written to the file diiopcfg.txt in the
server’s data directory.
Tell DIIOP Show Provide a list of the configuration data that DIIOP is
Config using from the Domino Directory. Using show the
configuration is displayed on the server console.
continued

Command Result
Tell DIIOP Log=n This command determines the amount of information the
DIIOP will log about it’s operation. Valid values for n are
as follows:
0 Show Errors & Warnings only
1 Also show informational messages
2 Also show session init/term messages
3 Also show session statistics
4 Also show transaction messages
The setting of this command is saved in the NOTES.INI
variable DIIOPLogLevel. Any change that is made to the
DIIOP log level will be used the next time the server is
restarted.
Tell DIIOP Refresh Use this command to reload the configuration data that
DIIOP is using from the Domino Directory and from
notes.ini. By default DIIOP incorporates changes from the
Domino Directory every 3 minutes or as often as specified
in the NOTES.INI parameter:
DIIOPConfigUpdateInterval
The Refresh command will force DIIOP to look for
changes in the configuration and apply them
immediately.
Tell DIIOP Show Show all the current active users known to the DIIOP
Users task. This list is similar to the server console command
Or “show tasks” but it includes more information.
Tell DIIOP Show Appending “D” to this tell command the list of current
Users D users will also include the databases the user has open
and along with a count of objects that are in use.
Example:
tell diiop show users d
UserName ClientHost
IdleTime ConnectTime SessionId
Anonymous 9.95.74.178
0:00 0:00 SN00048DE22
perf/user1.nsf
Objects in use: Databases: 1 Views: 0
Documents:0 Items: 0 Others: 0
Users: 1, Network Connections: 1

Reference
Directory Cataloger Tell commands
Directory Cataloger (Dircat task).
Command Result
Tell Dircat Pause The Dircat task finishes aggregating the directory catalog it
is currently processing, and then goes idle. Use this
command before shutting down a server that is in the
middle of Dircat processing.
Tell Dircat Resume Resumes a Dircat task that is paused.
LDAP Tell commands

LDAP server task.
Command Result
Tell LDAP Quit Stops the LDAP task on a server.
Tell LDAP When run on the Domino Directory administration
ReloadSchema server, the schema daemon updates the LDAP
service in-memory schema with any new schema
changes defined with Domino Directory forms or
with the Domino LDAP Schema database. The
schema daemon then publishes the updated schema
into the Schema database, and then replicates the
Schema database to others servers in the domain
that run the LDAP service.
When run on a subordinate server in the domain
that runs the LDAP service, the schema daemon
replicates the Schema database from the
administration server, if it detects changes on the
administration server replica. The schema daemon
then loads the updated schema now published in its
local Schema database into memory.
Tell LDAP Showconfig Shows:
• LDAP service settings from the LDAP tab of the
Configuration Settings document.
• LDAP service port settings
• Status of LDAP Activity Logging (enabled or
disabled.)
Tell LDAP Showconfig Shows current NOTES.INI settings related to the
Debug LDAP service, as well as the information shown by
Tell LDAP Showconfig.
continued

Command Result
Tell LDAP VerifyDIT Verifies that each component of a distinguished
name in a directory that is visible through Notes has
an entry in the directory that represents the
component as an object class. If the LDAP service
finds a component of a distinguished name without
a corresponding object class entry, it creates an
appropriate entry for the object class in the hidden
view ($LDAPRDNHIER). Creating such entries
ensures that LDAP clients can successfully use an
object class in a search filter to search for any entry
in the directory.
Also purges duplicate entries in the directory.
Runs on any primary, central, or secondary Domino
Directory or Extended Server Directory Catalog for
which the server running the LDAP service is the
administration server.
Router Tell commands

The table below describes other Tell commands you can use with the
Router task.
Command Result
Tell Router Delivery Stats Shows Router delivery statistics.
Tell Router Compact Compacts MAIL.BOX and cleans up open Router
queues. You can use this command to compact
MAIL.BOX at any time. If more than one
MAIL.BOX is configured for the server, each
MAIL.BOX database will be compacted in sequence.
By default, MAIL.BOX is automatically compacted
at 4 AM.
Tell Router Show Queues Shows mail held in transfer queues to specific
servers and mail held in the local delivery queue.
Tell Router Exit Stops the Router task on a server.
continued

Reference
Command Result
Tell Router Update Updates the server’s routing tables to immediately
Config modify how messages are routed. This removes the
5 minute delay before a Router configuration
change takes effect.
To determine the best route for delivering a
message to its destination, the Router creates
routing tables, which map a path to the destination.
The routing table derives information from
variables in the NOTES.INI file and from the
Configuration Settings, Domain, Connection, and
Server documents in the Domino Directory. The
command does not update the routing tables with
changes made to the Global Domain document.
By default, mail the router automatically refreshes
its configuration every 5 minutes to absorb changes
made in its sources. In previous versions of
Domino, you had to restart the router task to update
the routing tables after making changes in the
sources documents.
The command is case insensitive.
Tell Router Quit Stops the Router task on a server.
Schedule Manager Tell commands

This table describes additional Tell commands you can use with
Schedule Manager.
Command Result
Tell Sched Stats Displays totals of reservations and appointments in
the free time database.
Tell Sched Show username Displays the specified user’s schedule on the server
console. Use this command to investigate problems
in the free time database.
continued

Command Result
Tell Sched Validate Immediately validates a free time database on a
server.
Validation occurs by default at 2 AM; however,
you can use this command to force it to occur
sooner. Another way to force validation is to stop
and restart the Schedule Manager.
Validation can take some time. You must issue this
command at all servers where mail files have been
removed and/or added to ensure that old free time
information is removed and new free time
information is added to the free time database on
the server.
Don’t use this command when you add a new user.
The Administration process creates Person
documents for users in the Domino Directory
before creating their mail file on their mail server.
Schedule Manager watches for database creations
and automatically picks up new users’ mail files.
Tell Sched Validate Validates the information for the specified user.
username This command is faster than using the Tell Sched
Validate command because it allows you to
validate individual users, rather than validating all
of the data on a server.
Tell Sched Quit Stops the Schedule Manager task on a server.
SMTP Server Tell commands

This table describes additional Tell commands you can use with SMTP
Server.
Command Result
Tell SMTP Update Config By default, whenever you restart the SMTP
service, and at two-minute intervals thereafter,
the SMTP service automatically checks the
NOTES.INI file, Configuration Settings
document, and Server document to see if any
settings have changes. If the service detects that
settings have changed, it rebuilds its internal
configuration to incorporate the changes.
The “Tell SMTP Update Config” server console
command will manually trigger such a service
update. Using the console command allows
Administrators to immediately put into effect
changes to the SMTP configuration without
disrupting normal service operation.

Reference
Statistic Collector Tell Commands
Statistic Collector.
Command Result
Tell Collector Collect Runs a statistic collection on all the servers specified
and generates statistic reports.
Tell Collector Quit Stops the Collect task on a server.
Web Navigator Tell commands

This table describes additional Tell commands you can use with the Web
Navigator.
Command Result
Tell Web Help Lists all the Web Navigator server console commands.
Tell Web Refresh Refreshes all the Web Navigator global settings. Use this
command if you edit the Administration document while
the Web server task is running.
Tell Web Quit Stops all running copies of the Web Navigator.
Web Server Tell commands

This table describes additional Tell commands you can use with the Web
server.
Command Result
Tell HTTP Dump Dumps the HTTP configuration to a text file so that you can
Config see how the server is configured.
Tell HTTP Refresh Refreshes the Web Server before the normal refresh. You
can specify the refresh cycle interval in the Server
document.
During a Web Server refresh cycle, all of the configuration
information contained in the Web Site documents, and
documents attached to Web Site documents (file protection,
authentication realms, and rules) is updated on the server.
continued

Command Result
Tell HTTP Restart Refreshes the Web server with changes made to settings in
the:
• Server document for the Web Server
• File Protection, Virtual Server, and URL Mapping
documents in the Domino Directory.
• NOTES.INI file that affects the HTTP server task
• HTTPD.CNF and BROWSER.CNF files
• Changes to Java servlets or the servlets.properties file
This command produces the same results as stopping and
restarting the Web Server. However, this Tell command is
faster than stopping and restarting because when you use
the Tell command, the HTTP server task remains in
memory. All outstanding HTTP requests are processed
before the HTTP task restarts, however no HTTP requests
are processed during restart.
This command deletes the in-memory page and
user-authentication caches.
Tell HTTP Show Displays information about file system protection on the
File Access machine, and on virtual servers, if you set up virtual
servers on the machine.
Tell HTTP Show Displays information about SSL and the server key ring file,
Security including information about whether the server started SSL
on the machine. Displays information about SSL for virtual
servers if you set up virtual servers on the machine.
Tell HTTP Show Displays the names of users, their IP addresses, and the
Users session expiration time for users authenticated with
session-based authentication.
Servers participating in single sign-on, configured for
multi-server session-based authentication may not report
sessions accurately using this command.
If the authentication cookie originates from the current
server, displays the user name, IP address, and session
expiration time for that web server. If the authentication
cookie does not originate on the current server, does not
display session information for users.
After a user logs out, this command continues to display
the cookie as valid on the server. The session is still valid
even though the user has ended the session.
Tell HTTP Show Displays a list of virtual servers running on the machine.
Virtual Servers
Tell HTTP Quit Stops the Web Server task.

Reference
Trace
Syntax: Trace servername
Description: Use the Trace command to test a connection to a server.
This command shows detailed information about each server hop and is
useful in troubleshooting network connection problems. This command
works the same way as “Trace connections,” when you choose File -
Preferences - Notes Preferences in the Notes client.
To trace a path to a server, enter:
Trace servername
To trace a specific port, enter:

Trace portname !!! servername
When you attempt to connect to a server, network trace information

automatically appears on the status bar of a Notes workstation or on the
server console, depending on where you initiated the connection attempt.
You can use the NOTES.INI Console_LogLevel setting to control the
level of detail that messages on the status bar contain. Trace information
is recorded in the log file (LOG.NSF).
For more information on tracing connections, see the chapter “Setting up
Server-to-Server Connections.” For more information on the
Console_LogLevel setting, see the appendix “NOTES.INI File.”

Reference
Appendix B
Server Tasks
This chapter explains how to run server tasks that perform complex
administration procedures.
Running server tasks

Server tasks perform complex administration procedures — for example,
compacting databases and updating indexes. You can run a server task
manually, by loading the task at the server console or by using the
Domino Administrator Task - Start tool, Server menu, or the
Administrator console. Or you can run the task automatically when the
server starts by adding the name of the task to the ServerTasks or
ServerTasksAt settings in the NOTES.INI file. In addition, you can create
a Program document in the Domino Directory to run a task at scheduled
intervals.
In addition to the server tasks that Domino supplies, you can write and
run custom tasks that are stored as OS/2 command files, Windows batch
files, UNIX shell scripts or programs, and API programs.
From the local server console

Open the server console and enter the server task at the command
prompt.
From the Domino Administrator server console

1. From the Domino Administrator, open the console for the server on
which the program runs by clicking Console on the Server - Status
tab.
2. In the Server console command field, type:
Load taskname
where taskname is the name of the server task that you want to run.
B-1
From the Domino Administrator Start - Task tool
1. From the Domino Administrator click the Server - Status tab.
2. Click Server Tasks.
3. Open the set of Task tools.
4. Click Start.
5. In the Start New Task box, select a server task from the list. Select
advanced options to specify additional parameters.
6. Click Start Task.
In the NOTES.INI file

Many tasks run, by default, at specific times. You can schedule additional
tasks to run by editing one of these settings in the NOTES.INI file:
• ServerTasks starts tasks automatically every time the server starts up
• ServerTasksAt starts tasks at a specified time
In a Program document
To run a task on a server at a regularly scheduled time or at server
startup, create a Program document in the Domino Directory. You can
also use a Program document to run a UNIX shell script or program, or
an API program.
If you create a UNIX shell script or API program, you can use any of these
characters for the name: A - Z, 0 - 9, & - . _ ’ / (ampersand, dash, period,
space, underscore, apostrophe, forward slash). Do not use \ (backslash) or
any other characters because this can cause unexpected results.
1. From the Domino Administrator, open the Domino Directory. Go to
the Servers view, and open the Server document.
2. Choose Create - Server - Program.
Field Enter
Program name The name of the server task you want to run.
Command line The command that starts the task, including any
arguments to the command.
Server to run on The full hierarchical name of the server on which to run
the task.
Comments A program description or additional information.
B-2 Administering the Domino System, Volume 2

Reference
4. Click the Schedule tab, and then complete these fields:
Field Enter
Enabled/disabled Choose one:
• Startup to run the program only when the server starts.
• Enabled to schedule the task to run at specific times.
Run at times The first time of day you want the task to run.
Repeat interval of The number of minutes before the task should run
again.
Days of week The days of the week when the task will run.
5. (Optional) Click Administration, and then enter the names of

additional owners/administrators.
6. Close and save the document.
Tip To view all tasks scheduled to run on a server, use the Show
Schedule command.
For more information, see the appendix “Server Commands.”
Domino server tasks
Task Command to Description Default in

run task NOTES.INI file
Activity Trends trends Runs the Activity Trends None
Collector Collector which performs
historical and trended analysis
on Domino Activity data.
Administration AdminP Automates a variety of ServerTasks
Process administrative tasks.
Agent manager AMgr Runs agents on one or more ServerTasks
databases.
Billing Billing Collects all generated billing ServerTasks
information.
Calendar Calconn Processes requests for free-time ServerTasks
Connector information from another
server.
CA process ca Automates a variety of ServerTasks
server-based certificate
authority tasks.
Cataloger Catalog Updates the database catalog. ServerTasksAt1
continued
Server Tasks B-3

Change runjava Runs the Change Manager None
Manager ChangeMan addin task which manages
large-scale changes within the
domain.
Chronos Chronos Updates full-text indexes that None
are marked to be updated
hourly, daily, or weekly.
Cluster Cladmin Oversees the correct operation None
Administration of all components of a cluster.
Process (R4/R5
only)
Cluster Cldbdir Updates the cluster database None
Database directory and manages
Directory databases with cluster-specific
Manager attributes.
Cluster Clrepl Performs database replication None
Replicator in a cluster.
Database Compact Compacts all databases on the None
compactor server to free up disk space.
Database fixup Fixup Locates and fixes corrupted None
databases.
Designer Design Updates all databases to reflect ServerTasksAt1
changes to templates.
DIIOP DIIOP Allows Java applets/ ServerTasks
applications to access Domino
data remotely using CORBA.
Directory Dircat Populates directory catalogs None
Cataloger and keeps the catalogs
up-to-date.
Domain Domidx Creates a central, full-text index None
Indexer for all specified databases and
file systems in a domain. Runs
only on Domain Catalog
servers.
Event Monitor Event Monitors events on a server. None
HTTP Server HTTP Enables a Domino server to act None
as a Web server so browser
clients can access databases on
the server.
continued

Reference
IMAP Server IMAP Enables a Domino server to act None
as a maildrop for IMAP clients.
Indexer Updall Updates all changed views ServerTasksAt2
and/or full-text indexes for all
databases.
Internet Cluster ICM Provides failover and workload None
Manager (ICM) balancing for HTTP clients
(Internet browsers) that access
Domino Web servers.
ISpy RunJava Sends server and mail probes ServerTasks
ISpy and stores the statistics.
LDAP Server LDAP Enables a Domino server to ServerTasks on
provide LDAP directory administration
services to LDAP clients. server for the
Domino
Directory; None
on other servers
MTC MTC Reads log files produced by the ServerTasks
router and writes summary
data about message traffic to a
database for message tracking
purposes.
Object store Object Performs maintenance activities ServerTasksAt3
manager on databases and mail files that =Object Info
use shared mail. -Full
POP3 Server POP3 Enables a Domino server to act None
as a maildrop for POP3 clients.
Replicator Replica Replicates databases with other ServerTasks
servers.
Reporter Report Reports statistics for a server. None
Router Router Routes mail to other servers. ServerTasks
Runjava Runjava Runs Java server add-in tasks None; used
such as the Change Manager only with the
and ISpy. name of another
add-in task,
never appears
by itself
Schedule Sched Returns meeting times and ServerTasks
manager dates and available invitees.
continued
Server Tasks B-5

SMTP listener SMTP Listens for incoming SMTP None
connections, enabling Domino
to receive mail from other
SMTP hosts.
SNMP
• QuerySet QurySet Allows Domino to respond to None
Simple Network Management
Protocol (SNMP) requests.
Prerequisite: Domino SNMP
Agent (LNSNMP).
• Interceptor Intrcpt Allows Domino to issue SNMP None
traps for Domino events.
Prerequisite: Domino SNMP
Agent (LNSNMP).
Statistic Collect Collects statistics for multiple None
Collector servers.
Statistics Statlog Records database activity in the ServerTasksAt5
log file.
Stats Stats Generates statistics for a remote ServerTasks
server on demand.
Web Retriever Web Implements the HTTP protocol None
to retrieve Web pages and
convert them into Notes
documents.

Reference
Appendix C
NOTES.INI File
This appendix contains NOTES.INI settings that you can modify. The
settings are listed in alphabetical order. For information on using
NOTES.INI settings to improve server performance, see the chapter
“Improving Server Performance.”
Editing the NOTES.INI file

You should rarely, if ever, need to modify a server’s or client’s
NOTES.INI file. The NOTES.INI file contains many settings that Domino
and Notes rely on to work properly. An accidental or incorrect change
may cause Domino or Notes to run unpredictably. Therefore, you should
edit the NOTES.INI file only if special circumstances occur or if Lotus
Support Services recommends that you do so.
There are three ways to edit NOTES.INI settings:
• Open the NOTES.INI file and edit it. The procedure for doing this
depends on your client’s or server’s operating system and the text
editor you use.
• Create a Configuration Settings document and edit its settings. Using
a Configuration Settings document, you can add and modify many
NOTES.INI settings at a time. However, there are a number of
settings that you cannot set in the Configuration Settings document.
Also, because a Configuration Settings document applies only to
Domino servers, you cannot use it to modify a Notes client’s
NOTES.INI file.
• Use the Set Configuration server command.
For information on Set Configuration, see the appendix “Server
Commands.”
Because directly editing the NOTES.INI file is unsafe, it’s best to use a
Configuration Settings document to modify server settings.
C-1
To edit the NOTES.INI file using a Configuration Settings document
1. From the Domino Administrator, open the Domino Directory and
click the Configuration tab.
2. To edit an existing Configuration Settings document, highlight it and
then click Edit Configuration. To create a new configuration
document, highlight the server for which the Configuration Settings
document will apply, then click Add Configuration.
3. To modify NOTES.INI settings on the server, click the NOTES.INI
Settings tab. This tab lists a number of current settings in the server’s
NOTES.INI file.
4. To add or change a setting, click Set/Modify Parameters to display
all settings that you can set in the Configuration Settings document.
Select the setting(s) you want to add/modify.
Admin
Syntax: Admin=username
Description: Specifies the user name of the server administrator. Enter
each part of the name in canonical format, separated by a slash (/),
where:
CN is the common name
OU is the organization unit
O is the organization
C is the country code
For example:
Admin=CN=John Smith/OU=Marketing/O=Acme
Applies to: Servers
Default: None
UI equivalent: The Administrators field in the Server document in the
Domino Directory
C-2 Administering the Domino System, Volume 2

Reference
Allow_Access
Syntax: Allow_Access=names
Description: Specifies servers, users, and groups that can access a server.
You must specify a hierarchical name in hierarchical format, for example,
Alice Jones/Acme. An asterisk represents everyone listed in the Domino
Directory. An asterisk followed by a view name represents everyone
listed in that view of the Domino Directory. An asterisk followed by a
slash (/) and a hierarchical certifier’s name represents everyone certified
by that certifier. The Deny_Access setting overrides the Allow_Access
setting.
For more information on the Deny_Access setting, see the topic
“Deny_Access” later in this chapter.
Applies to: Servers
Default: None
UI equivalent: The Access Server field in the Security tab of the Server
document in the Domino Directory. The Server document takes
precedence over the NOTES.INI setting. Domino uses the Allow_Access
setting only if the Access Server field is empty.
Allow_Access_portname
Syntax: Allow_Access_portname=names
Description: Specifies servers, users, and groups that can access a server
port. The portname parameter indicates the name of the port you enabled
in the Port Setup dialog box and in the Server document. An asterisk
represents everyone listed in the Domino Directory. An asterisk followed
by a view name represents everyone listed in that view of the Domino
Directory. An asterisk followed by a slash (/) and a hierarchical
certifier’s name represents everyone certified by that certifier. For
example:
Allow_Access_lan3=*
All users listed in the Domino Directory can use the LAN3 port on
this server.
Applies to: Servers
Default: None
UI equivalent: None
NOTES.INI File C-3

Allow_Passthru_Access
Syntax: Allow_Passthru_Access=names
Description: Specifies servers, users, and groups that can access this
server using passthru. If you do not specify a name, no one can access
this server using passthru. An asterisk represents everyone listed in the
Domino Directory. An asterisk followed by a view name represents
everyone listed in that view of the Domino Directory. An asterisk
followed by a slash (/) and a hierarchical certifier’s name represents
everyone certified by that certifier. For example:
Allow_Passthru_Access=*
All users listed in the Domino Directory can access this server using
passthru.
Applies to: Servers
Default: None
UI equivalent: The Access this server field in the Passthru Use section of
the Security tab of the Server document in the Domino Directory. If a
conflict exists between the NOTES.INI setting and the server document,
the Server document takes precedence.
Allow_Passthru_Callers
Syntax: Allow_Passthru_Callers=names
Description: Specifies servers, users, and groups that can instruct this
server to establish a connection to call a destination server. If you do not
enter a name, no calling is allowed. An asterisk represents everyone
listed in the Domino Directory. An asterisk followed by a view name
represents everyone listed in that view of the Domino Directory. An
asterisk followed by a slash (/) and a hierarchical certifier’s name
represents everyone certified by that certifier.
Applies to: Servers
Default: None
UI equivalent: The Cause calling field in the Passthru Use section of the
Security tab of the Server document. If a conflict exists between the
NOTES.INI setting and the Server document, the Server document takes
precedence.

Reference
Allow_Passthru_Clients
Syntax: Allow_Passthru_Clients=names
Description: Specifies servers, users, and groups that can use a passthru
server to connect to this server. If you do not specify a name, passthru is
not allowed. An asterisk represents everyone listed in the Domino
slash and a hierarchical certifier’s name represents everyone certified by
that certifier.
Applies to: Servers
Default: None
UI equivalent: The Route through field in the Passthru Use section of the
Security tab of the Server document. If a conflict exists between the
precedence.
Allow_Passthru_Targets
Syntax: Allow_Passthru_Targets=names
Description: Specifies the destination servers that this server can connect
to using passthru. If you do not specify a name, this server can route to
all servers.
Applies to: Servers
Default: None
UI equivalent: The Destinations allowed field in the Passthru Use section
of the Security tab of the Server document. If a conflict exists between the
precedence.
AMgr_DisableMailLookup
Syntax: AMgr_DisableMailLookup=value
Description: By default, a mail-triggered agent performs a mail lookup
of the user who last modified it. It only runs if the server running the
agent is also the user’s mail server. When users create or modify a
mail-triggered agent on a server other than their own mail server, you
can use this setting on the server to disable mail lookup so that the agent
NOTES.INI File C-5

can run. Notes displays the message for the user “Unable to determine
the execution access privileges” if the mail server cannot be reached.
0 - Perform mail lookups when running mail-triggered agents
1 - Do not perform mail lookups when running mail-triggered agents
Applies to: Servers and workstations
Default: None. Without this setting, mail-triggered agents perform mail
lookups.
UI equivalent: None
AMgr_DocUpdateAgentMinInterval
Syntax: AMgr_DocUpdateAgentMinInterval=number of minutes
Description: Specifies the minimum elapsed time, in minutes, between
the execution of the same document update-triggered agent.
Default: 30
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
AMgr_DocUpdateEventDelay
Syntax: AMgr_DocUpdateEventDelay=number of minutes
Description: Specifies the delay time, in minutes, that the agent manager
schedules a document update-triggered agent after a document update
event.
Default: 5
Domino Directory.

Reference
AMgr_NewMailAgentMinInterval
Syntax: AMgr_NewMailAgentMinInterval=number of minutes
Description: Specifies the minimum elapsed time, in minutes, between
execution of the same new mail-triggered agent.
Default: 0
Domino Directory.
AMgr_NewMailEventDelay
Syntax: AMgr_NewMailEventDelay=number of minutes
Description: Specifies the time (in minutes) that the Agent Manager
delays before scheduling a new mail-triggered agent after new mail is
delivered.
Default: 1
Domino Directory.
AMgr_SchedulingInterval
Syntax: AMgr_SchedulingInterval=number of minutes
Description: Specifies a delay (in minutes) between running of the Agent
Manager’s scheduler. Valid values are 1 minute to 60 minutes.
Default: 1
UI equivalent: None
NOTES.INI File C-7

AMgr_UntriggeredMailInterval
Syntax: AMgr_UntriggeredMailInterval=number of minutes
Description: Specifies a delay (in minutes) between running of the Agent
Manager’s check for untriggered mail. Valid values are 1 minute to 1440
minutes (the number of minutes in a day).
Default: 60
UI equivalent: None
AMgr_WeekendDays
Syntax: AMgr_WeekendDays=day1, day2, ...
Description: When agents use the On Schedule trigger, the Run on
Schedule options box is available and includes the Don’t run on weekends
check box option. When you select this option, the agent does not run on
weekend days. The default value for weekend days is Saturday (7) and
Sunday (1). You can specify any number of days, up to 7. For example:
AMgr_WeekendDays= 1,6,7
Causes agents that have the Don’t run on weekends option checked
not to run on Sundays, Fridays, and Saturdays.
Default: 7 (Saturday) and 1 (Sunday)
Domino Directory.
AppleTalkNameServer
Syntax: AppleTalkNameServer=servername
Description: Applies to AppleTalk users only. Identifies the name of the
user’s secondary AppleTalk server. For more information, see your
AppleTalk network documentation.
Default: None
UI equivalent: File - Preferences - User Preferences - Ports. Select the
AppleTalk port, and click Options to select or modify the server.

Reference
AutoLogoffMinutes
Syntax: AutoLogoffMinutes=minutes
Description: Specifies the number of inactive minutes before a user is
automatically logged off.
Applies to: Workstations
Default: None
UI equivalent: File - Preferences - User Preferences - Basics - Lock ID
after x minutes of inactivity.
BatchRegFile
Syntax: BatchRegFile =filename
Description: Specifies the name of a batch registration file. If you add
this variable, Domino does not prompt you for the filename when you
import users from a text file.
Applies to: Servers
Default: None
UI equivalent: None
BillingAddinOutput
Syntax: BillingAddinOutput=value
Description: Specifies where Domino logs billing events. Use the
following values to set this variable:
1 - Billing database (BILLING.NSF)
8 - Binary file (BILLING.NBF)
9 - Both the billing database and binary file
Domino creates the BILLING.NSF database and/or the BILLING.NBF
file the first time the billing add-in task is started with this option set.
Applies to: Servers
Default: 1
UI equivalent: None
NOTES.INI File C-9

BillingAddinRuntime
Syntax: BillingAddinRuntime=number of seconds
Description: Specifies how long the billing add-in task runs. For
example, BillingAddinRuntime=30 specifies that the billing add-in will
process billing records for 30 seconds. After 30 seconds the billing add-in
stops processing records, even if there are additional records to be
processed. The BillingAddinRuntime value must be less than the value
you specify for the BillingAddinWakeup variable.
Applies to: Servers
Default: 10
Domino Directory.
BillingAddinWakeup
Syntax: BillingAddinWakeup=number of seconds
Description: Specifies how often the billing add-in task runs. For
example, BillingAddinWakeup=300 specifies that the billing add-in task
wakes up every five minutes (300 seconds) to process the billing records
in the billing message queue. The BillingAddinWakeup value must be
greater than the value you specify for BillingAddinRuntime.
Applies to: Servers
Default: 60
Domino Directory.
BillingClass
Syntax: BillingClass=class(es)
Description: Specifies one or more of six classes of billing activity:
• Agent
• Database
• Document

Reference
• HttpRequest
• Mail
• Replication
• Session
The billing process tracks only the activities that you specify in the
BillingClass variable.
Applies to: Servers
Default: None
Domino Directory.
BillingSuppressTime
Syntax: BillingSuppressTime=number of minutes
Description: Specifies the frequency of record stamping during session
and database activities if session and database activities are specified for
the BillingClass variable. If you want billing data collected more
frequently, decrease the default value (15 minutes). To minimize the
billing workload on your system, increase the value.
Applies to: Servers
Default: 15
Domino Directory.
CDP_Command
Syntax: CDP_Command=value
Description: The set of CDP settings control the opening, handling, and
closing of applications using OLE. All OLE applications use these
variables:
CDP_NEW
CDP_OPEN
CDP_EDIT
NOTES.INI File C-11

CDP_SAVE
CDP_CLOSE
CDP_SHOWITEM
CDP_SHOWACTIVEITEM
CDP_EXIT
All other applications use DIP and need to be hard-coded with separate
lines. For normal usage, you should never need to modify CDP settings.
Default: None
UI equivalent: None
CertificateExpChecked
Syntax: CertificateExpChecked=path and date
Description: Specifies the path to the local ID file and the last time the ID
was checked for certificates that have expired or are about to expire.
Default: The ID file and last date checked for expiration.
UI equivalent: None
CertifierIDFile
Syntax: CertifierIDFile=path
Description: Specifies the path to the certifier ID. The path must contain
the drive letter or network drive, directories, and file name. For example:
CertifierIDFile=C:\LOTUS\DOMINO\IDS\CERT.ID
CertifierIDFile=M:\LOTUS\NOTES\IDS\ACME.ID
Applies to: Servers

Default: The path and file name that you specify when you set up the
server.
UI equivalent: None

Reference
ClockType
Syntax: ClockType=value
Description: (UNIX only) Specifies whether the Domino server clock
displays time in 12-hour format (AM and PM) or 24-hour format
(sometimes called military time). A value of 12_HOUR sets the clock type
as 12-hour. A value of 24_HOUR sets the clock type as 24-hour. This
setting overrides the system clock setting defined in the server’s
operating system.
Applies to: Servers
Default: None, although without this setting the Domino server displays
12-hour time.
UI equivalent: None
Clrepl_Obeys_Quotas
Syntax: Clrepl_Obeys_Quotas=value
Description: Specifies whether the Cluster Replicator obeys quotas.
0 - Disables the Cluster Replicator from obeying quotas.
1 - Enables the Cluster Replicator to obey quotas.
Applies to: Servers
Default: The Cluster Replicator does not obey quotas.
UI equivalent: None
Cluster_Replicators
Syntax: Cluster_Replicators=value
Description: Use this setting to start multiple cluster replicators, where
value is the number of cluster replicators required.
Applies to: Servers
Default: None, but Domino starts one cluster replicator by default.
UI equivalent: You can also specify this setting in the NOTES.INI
Settings tab of the Configuration Settings document in the Domino
Directory.
NOTES.INI File C-13

COMnumber
Syntax: COMnumber=parameter1, parameter2, ...
Description: Specifies information for modems connected to the ports
you set in the Ports dialog box. You can define up to five ports (COM1
through COM5). These parameters are valid:
Parameter Specifies Required?

driver Driver name Yes
unit_ID Unit ID Yes
max_sessions Maximum number of concurrent sessions Yes
buffer_size Size of buffer in kilobytes Yes
flags Flags, such as secured channel, log modem I/O, No
enable RTS/CTS, and so on
modem_speed Modem speed No
modem_volume Modem volume and dialing mode No
modem_filename Name of the modem command file No
dial_ timer Connection time-out in seconds No
hangup_timeout Idle hang-up time in minutes No
Unless you are experienced with modems and ports, use the
user-interface to configure ports.
Default: Depends on the modem type selected
UI equivalent: File - Preferences - User Preferences - Ports dialog box.
Compact_Retry_Rename_Wait
Syntax: Compact_Retry_Rename_Wait=number of seconds
Description: If you have specified a value for the
Num_Compact_Rename_Retries setting, Domino waits 30 seconds before
trying to rename a database that was copy-style compacted. You can
request a different amount of time to wait by specifying the value of the
Compact_Retry_Rename_Wait setting in the NOTES.INI file. For
example, to request that Domino wait 2 minutes before trying rename a
database that was copy-style compacted, specify
Compact_Retry_Rename_Wait=120.

Reference
Domino enforces the following upper limit when trying to rename a
copy-style compacted database:
Num_Compact_Rename_Retries x Compact_Retry_Rename_Wait <= 60
minutes.
For more information on the Num_Compact_Rename_Retries setting, see

the topic “Num_Compact_Rename_Retries” later in this chapter.
Applies to: Servers
Default: No default entry, but in the absence of the setting, Domino
waits 30 seconds before trying to rename a database that was copy-style
compacted.
UI equivalent: None
Console_Log_Enabled
Syntax: Console_Log_Enabled=value
Description: Specifies whether to enable logging to the Console Log file
(CONSOLE.LOG, by default).
0 - Disable Console Log file logging
1 - Enable Console Log file logging
Tip To toggle logging to the Console Log file from the server console,
use the “start consolelog” and “stop consolelog” commands.
Applies to: Servers
Default: 0
UI equivalent: None
Console_Loglevel
Syntax: Console_Loglevel=value
Description: Controls the level of information displayed on the status
bar when you trace a connection. The following values are possible:
0 - No information displayed
1 - Only errors are displayed
2 - Summary progress information is displayed
3 - Detailed progress information is displayed
4 - Full trace information is displayed
NOTES.INI File C-15

For more information on tracing a connection, see the chapter
“Troubleshooting.”
Default: 2
UI equivalent: None
Console_Log_Max_Kbytes
Syntax: Console_Log_Max_Kbytes=value
Description: Specifies the maximum size for the Console Log file
(CONSOLE.LOG, by default). If the Console_Log_Max_Kbytes setting is
not present or is set to 0, then the file size is unlimited. When the
maximum file size is reached, new logging output starts to overwrite
existing logging output at the beginning of the file.
This setting can be changed at any time during a server session and when
a new maximum file size is specified, it takes effect upon the next write.
If the new maximum file size is less than or equal to the current
maximum file size, then the maximum size will be set to the current size
to prevent growth and the new size will take effect upon the next server
session.
Applies to: Servers
Default: None
UI equivalent: None
Country_Language
Syntax: Country_Language=value
Description: Specifies the language used for the Domino/Notes
interface.
Default: en-US (US English)
UI equivalent: File - Preferences - User Preferences - International -
Content Language dialog box. You can also specify this setting in the
Domino Directory.

Reference
Create_File_Access
Syntax: Create_File_Access=names
Description: Specifies users, servers, and groups that can create new
databases on the server. You must specify a hierarchical name in
hierarchical format, for example, Alice Jones/Acme. If you don’t specify
a name, all certified users can create files. An asterisk (*) represents
everyone listed in the Domino Directory. An asterisk followed by a view
name represents everyone listed in that view of the Domino Directory.
An asterisk followed by a slash ( / ) and a hierarchical certifier’s name
represents everyone certified by that certifier.
Default: None
Applies to: Servers
UI equivalent: The Create New Databases field in the Security tab of the
Server document. The Server document takes precedence over the
NOTES.INI setting. Domino uses the Create_File_Access setting only if
the Create New Databases field is empty.
Create_Replica_Access
Syntax: Create_Replica_Access=names
Description: Specifies the groups that can create replicas on the server.
You must specify a hierarchical name in hierarchical format, for example,
Alice Jones/Acme. If you don’t specify a group, all certified users can
create replicas. An asterisk (*) represents everyone listed in the Domino
slash (/) and a hierarchical certifier’s name represents everyone certified
by that certifier.
Default: None
Applies to: Servers
UI equivalent: The Create Replica Databases field in the Security tab of
the Server document. Note that the Server document takes precedence
over the NOTES.INI setting. Domino uses the Create_Replica_Access
setting only if the Create Replica Databases field is empty.
NOTES.INI File C-17

CTF
Syntax: CTF=filename
Description: Specifies the international import/export character set
Default: L_CPWIN.CLS
UI equivalent: File - Preferences - User Preferences - International -
Import/Export Character Set dialog box.
DDE_Timeout
Syntax: DDE_Timeout=seconds
Description: The amount of time (in seconds) Notes waits for another
DDE application to respond to a DDE message
Default: 10 seconds
UI equivalent: None
Debug_Outfile
Syntax: Debug_Outfile=filename
Description: Specifies the file name for the Console Log file. If both this
setting and the LogFile_Dir setting exist and Debug_Outfile contains a
fully qualified path name, then LogFile_Dir is not used.
If only the Debug_Outfile setting exists and it contains only a file name,
then the default path
\DATADIRECTORY\IBM_TECHNICAL_SUPPORT is used. If neither
Debug_Outfile or LogFile_Dir exist, then the default path is
\DATADIRECTORY\IBM_TECHNICAL_SUPPORT and the default
path is CONSOLE.LOG.
Applies to: Servers
Default: None
UI equivalent: None

Reference
Debug_SSL_Cert
Syntax: Debug_SSL_Cert=value
Description: Enables viewing of certificate information at the server
console. To enable viewing, set Debug_SSL_Cert to a value of 2.
Applies to: Servers
Default: None
UI equivalent: None
Default_Index_Lifetime_Days
Syntax: Default_Index_Lifetime_Days=number of days
Description: Specifies a default lifetime for view indexes if none was
selected by the database designer in the view properties box. If the index
is inactive for the specified number of days, the Indexer task purges the
index. For example:
Default_Index_Lifetime_Days=60
sets the lifetime of indexes to 60 days.
Default: 45 days
Applies to: Servers
Domino Directory.
Deny_Access
Syntax: Deny_Access=names
Description: Specifies servers, users, and groups that are denied access
to the server. You must specify a hierarchical name in hierarchical
format, for example, Alice Jones/Acme. An asterisk (*) represents
everyone listed in the Domino Directory. An asterisk followed by a view
name represents everyone listed in that view of the Domino Directory.
An asterisk followed by a slash (/) and a hierarchical certifier’s name
represents everyone certified by that certifier. The Deny_Access setting
overrides the Allow_Access setting.
NOTES.INI File C-19

For more information on the Allow_Access setting, see the topic
“Allow_Access” earlier in this chapter.
Applies to: Servers
Default: None
UI equivalent: The Not Access Server field in the Security tab of the
Server document. The Server document takes precedence over the
NOTES.INI setting. Domino uses the Deny_Access setting only if the Not
Access Server field is empty.
Deny_Access_portname
Syntax: Deny_Access_portname=names
Description: Specifies servers, users, and groups that are denied access
to a specific server port. The portname parameter indicates the name of
the port you enabled in the Port Setup dialog box and in the Server
document. An asterisk (*) represents everyone listed in the Domino
slash and a hierarchical certifier’s name represents everyone certified by
that certifier. For example:
Deny_Access_SPX=Terminations
The users in the Terminations group cannot access the SPX port.
Applies to: Servers
Default: None
UI equivalent: None
Desktop
Syntax: Desktop=path
Description: Use this setting to specify the location of the
DESKTOP5.DSK file used to customize the Notes workspace.
For example, on the Macintosh:
Desktop=Notes:Desktop
For example, in Windows:
DESKTOP=C:LOTUS\NOTES\DESKTOP5.DSK

Reference
Default: None, although if this setting is omitted, Notes looks for the file
DESKTOP5.DSK in the Notes Data directory.
UI equivalent: None
DIIOPConfigUpdateInterval
Syntax: DIIOPConfigUpdateInterval=number of minutes
Description: Specifies the time interval, in minutes, at which DIIOP
should refresh its configuration data from the Domino Directory.
Applies to: Servers
Default: The default value is 3 minutes.
UI equivalent: None
DIIOPCookieCheckAddress
Syntax: DIIOPCookieCheckAddress=value
Description: Modifies the behavior of server-based cookies used with
applets that are downloaded by the domino HTTP server. Set the value
to 1 to enable the checking of client IP addresses for these cookies.
Applies to: Servers
Default: The default value is 0 (disabled), which means that DIIOP will
not require the client’s IP address using one of these cookies to match the
IP address of the client to whom the cookie was issued.
Client IP addresses will not match in most cases because the cookie is
issued to the browser using the HTTP protocol, which is typically routed
through proxy servers and therefore the client appears to be the proxy
server. While the user of the cookie is the applet running in the browser,
its network traffic does not go through a proxy server.
UI equivalent: None
NOTES.INI File C-21

DIIOPCookieTimeout
Syntax: DIIOPCookieTimeout=number of minutes
Description: Modifies the behavior of server-based cookies used with
applets that are downloaded by the domino HTTP server. It specifies the
time period (number of minutes) for which each cookie is valid. When a
cookie expires it cannot be used to obtain a session with the DIIOP task.
The minimum setting is 1 minute.
Applies to: Servers
Default: The default value is 10 minutes.
UI equivalent: None
DIIOP_Debug_Invoke
Syntax: DIIOP_Debug_Invoke=value
Description: Use for debugging only. It provides a level of logging
beyond that of DIIOPLogLevel. Each transaction that the DIIOP task
receives is logged along with the object ID that was the target, as well as
the session ID. Valid values are:
1 - Show transaction details when a transaction finishes
2 - Show transaction details when a transaction starts
Applies to: Servers
Default: None.
UI equivalent: None
DIIOPDNSLookup
Syntax: DIIOPDNSLookup=value
Description: Specifies that DIIOP should do a DNS name lookup for
every client that connects and uses DIIOP services. This information is
visible when using the server console command “show tasks.” Set the
value to 1 to enable DNS lookups for clients.
Applies to: Servers
Default: The default value is 0 (disabled).
UI equivalent: None

Reference
DIIOPIgnorePortLimits
Syntax: DIIOPIgnorePortLimits=value
Description: This parameter is only valid on a Linux platform. It
indicates that DIIOP may use the default ports of 63148 and 63149. On
some Linux installations, the default ports are not available for use and
DIIOP will automatically select ports 60148 and 60149. Set this value to 1
to use the higher numbered ports.
Applies to: Servers
Default: The default value is 0 (use default ports).
UI equivalent: None
Note Prior to Domino 6, this variable was known as
DIIOP_IGNORE_PORT_LIMITS. It is still valid for backwards
compatibility.
DIIOPIORHost
Syntax: DIIOPIORHost=hostname
Description: To have DIIOP advertise its existence using an alternate
hostname or IP address, you can set DIIOPIORHost to an alternate host
name or address other than the server default. The server default is
based on the value specified in the Server document setting “Fully
qualified Internet host name.”
Applies to: Servers
Default: The default value is to use the setting in the Server document.
UI equivalent: The preferred method of setting this value is through the
Server document, on the DIIOP section of the Internet Protocols tab.
Note Prior to Domino 6, this variable was known as DIIOP_IOR_HOST.
It is still valid for backwards compatibility.
NOTES.INI File C-23

DIIOPLogLevel
Syntax: DIIOPLogLevel=value
Description: This parameter increases the level of information that
DIIOP reports to the server console and to the log. This value can be set
manually by modifying the NOTES.INI directly or it can be set using the
“tell diiop log=n” command. Possible values are:
0 - Show Errors & Warnings only
1 - Also show informational messages
2 - Also show session init/term messages
3 - Also show session statistics
4 - Also show transaction messages
Applies to: Servers
Default: None.
UI equivalent: None
Dircat_Include_Readerslist_Notes
Syntax: Dircat_Include_Readerslist_Notes=value
Description: When set to 1 the Dircat task aggregates documents that
contain Readers lists. Users that are not in the Readers lists can
nevertheless read these documents in the directory catalog.
Applies to: Servers
Default: None. Without this setting the Dircat task does not aggregate
documents that contain Readers lists. Note that even users who are
included in the Readers list cannot access the documents through the
directory catalog.
UI equivalent: None

Reference
Directory
Syntax: Directory=path
Description: Specifies the location of the Data directory for Domino or
Notes. This path is originally set during the Install program.
Default: C:\LOTUS\NOTES\DATA, or the directory specified during
the Install program.
UI equivalent: File - Preferences - User Preferences - Basics - Local
database folder.
Disable_Cluster_Replicator
Syntax: Disable_Cluster_Replicator=value
Description: Use this setting to disable/enable cluster replication.
0 - Cluster replication enabled
1 - Cluster replication disabled
Applies to: Servers
Default: None, but cluster replication is on by default.
UI equivalent: None
Disable_View_Rebuild_Opt
Syntax: Disable_View_Rebuild_Opt=value
Description: Use this setting to enable/disable the view rebuild
optimization feature, which presorts the view entries in temporary files
before inserting them into the view index.
Use the following values for this setting:
0 - Enables
1 - Disables
Applies to: Servers
Default: None, although the view rebuild optimization feature is enabled
in Domino by default.
UI equivalent: None
NOTES.INI File C-25

DisabledPorts
Syntax: DisabledPorts=portname(s)
Description: This setting indicates which ports are disabled for the
server or workstation. Ports are enabled/disabled in Server documents
(servers) and in the User Preferences dialog box (workstations).
Default: None
UI equivalent: On a workstation, see the Ports tab in the User
Preferences dialog box (choose File - Preferences - User Preferences). On
a server, see the Port tab in the Server document.
DisableLDAPOnAdmin
Syntax: DisableLDAPOnAdmin=value
Description: If set to DisableLDAPOnAdmin=1 prevents the LDAP task
from running on the administration server of the Domino Directory for a
domain. Since this administration server manages the schema and
verifies the directory tree for all servers in the domain that run the LDAP
service, use this setting only if you do not run the LDAP task on any
server in a domain. To disable the LDAP service on the Domino
Directory administration server, you must also remove the LDAP task
from the server’s ServerTasks NOTES.INI setting.
To prevent the LDAP task on the Domino Directory administration
server from processing LDAP requests but still allow it to manage the
schema and verify the directory tree for other servers in the domain that
run the LDAP service, disable the ports for the LDAP service on the
administration server.
Applies to: Servers
Default: None
UI equivalent: None

Reference
Domain
Syntax: Domain=name
Description: On a server, specifies the server’s domain. On a
workstation, specifies the domain of the user’s mail server. This setting
must contain at least one default name.
Default: The domain specified during the Setup program.
UI equivalent: On a server, the Domain Name field in the Basics tab of
the Server document; on a workstation, the Domain field in the Mail tab
in the user’s Person document.
DominoNoBanner
Syntax: DominoNoBanner=value
Description: Web pages created with Domino display a Domino banner
in source headers, as follows:
<HTML>
<! — Lotus-Domino Release [release number] - [date of release] on
[platform] —>
<HEAD>
Use the DominoNoBanner setting to hide/display the banner.
0 - Displays the banner
1 - Hides the banner
Applies to: Servers
Default: 1. Hiding the banner provides greater default security.
UI equivalent: None
NOTES.INI File C-27

DominoNoDirLinks
Syntax: DominoNoDirLinks=value
Description: On a Web server, specifies whether browser users can use
directory links. Options are:
0 - Allow browser users to access directory links.
1 - Prevent browser users from accessing directory links
Applies to: Servers
Default: 0
UI equivalent: None
DominoR5IntlURLDecoding
Syntax: DominoR5IntlURLDecoding=value
Description: Use DominoR5IntlURLDecoding to enable decoding of
international URL strings using a proprietary encoding scheme.
0 - Disables Domino 5 international URL decoding
1 - Enables Domino 5 international URL decoding
Applies to: Servers
Default: 0. By default, Domino 6 encodes URLs according to the IRI
(International Resource Identifiers) standard and does not decode URL
strings encoded by Domino 5.
UI equivalent: None
DominoXURLProcess
Syntax: DominoXURLProcess=value
Description: Use DominoXURLProcess to enable a Domino Web server’s
URL command parser to accept ’!’ as an alternative query component
separator.
0 - Disables ’!’ as an alternative query component separator
1 - Enables ’!’ as an alternative query component separator
Applies to: Servers
Default: 0. By default, Domino does not recognize ’!’ as an alternative
query component separator.
UI equivalent: None

Reference
DST
Syntax: DST=value
Description: Specifies that a server or workstation observe daylight
saving time:
0 - Do not observe daylight saving time
1 - Observe daylight saving time
When you select this option, the created/modified time for documents
created or modified from the first Sunday in April through the last
Sunday in October are time-stamped one hour later than the server’s
system time. This option lets you adjust for daylight saving time without
changing the actual system time.
Default: 1 (observe daylight saving time)
UI equivalent: On a workstation, Daylight saving time field in the Basics
tab in the Advanced tab in the Location document; on a server, Daylight
saving time field in the Server document.
For information on additional ways to adjust the time stamp for daylight
saving, see the topics “DST_Begin_Date,” “DST_End_Date,” and
“DSTlaw” in this chapter.
DSTlaw
Syntax: DSTlaw=begin_month, begin_week, begin_day, end_month,
end_week, end_day
Description: Specifies when daylight saving time (DST) is observed. By
default, the DST period is defined as the first Sunday in April to the last
Sunday in October. (This is the period during which DST is observed in
the United States.) The variables begin_month, begin_week, and begin_day
define the month, week, and day, respectively, when DST begins. The
variables end_month, end_week, and end_day define when DST ends.
Months are 1 (January) through 12 (December); weeks are 1 through 4;
days are 1 (Sunday) through 7 (Saturday). You can use negative numbers
to specify the weeks, where -1 is the last week of the month, -2 is the
second to last week, and so on. For example:
DSTlaw=4 1 1 10 -1 1
Defines DST as beginning in April (4), on the first week (1), on
Sunday (1); and ending in October (10), on the last week (-1), on
Sunday (1).
NOTES.INI File C-29

Default: DSTlaw=4,1,1,10, -1,1 (The first Sunday in April to the last
Sunday in October)
UI equivalent: None
saving, see the topics “DST,” “DST_Begin_Date,” and “DST_End_Date”
in this chapter.
DST_Begin_Date
Syntax: DST_Begin_Date=date
Description: date is the date when daylight saving time will begin,
specified in dd/mm/year format.
In most cases, this parameter is not necessary. Some regions of the world
do not recognize the beginning of daylight saving time on the first
Sunday in April. If your server is in a region where this is true, use this
parameter to specify the exact date when DST begins. Use this setting
along with DST_End_Date, which specifies when daylight saving time
ends.
Applies to: Servers
Default: None, although if this setting is omitted, daylight saving time
begins the first Sunday in April.
UI equivalent: None
saving, see the topics “DST,” “DST_End_Date,” and “DSTlaw” in this
chapter.
DST_End_Date
Syntax: DST_End_Date=date
Description: date is the date when daylight saving time will end,
specified in dd/mm/year format.
In most cases, this parameter is not necessary. Some regions of the world
do not recognize the ending of daylight saving time as the last Sunday in
October. If your server is in a region where this is true, use this
parameter to specify the exact date when DST will end. Use this setting

Reference
along with DST_Begin_Date, which specifies when daylight saving time
begins.
Applies to: Servers
Default: None, although if this setting is omitted, daylight saving time
ends the last Sunday in October.
UI equivalent: None
saving, see the topics “DST,” “DST_Begin_Date,” and “DSTlaw” in this
chapter.
EditExpnumber
Syntax: EditExpnumber=value1, value2, value3, value4, value5...
Description: Settings used for file exports done at the document level.
These are valid values:
Parameter Enter
value1 Program name and file type
value2 The following append options:
0 - No append option offered
1 - Append option offered through a dialog box
2 - Automatically write to a temporary file to avoid the 64K limit
value3 Name of the export routine called
value4 Not currently used
value5 - x File extensions to automatically select a file type in the File Export
dialog box

Default: None
UI equivalent: None
NOTES.INI File C-31

EditImpnumber
Syntax: EditImpnumber=value1, value2, value3, value4, value5
Description: Settings used for file imports done at the document level.
The following are valid values:
Parameter Enter
value1 Program name and version
value2 Not used; always 0
value3 Name of the import routine called
value5 - x File extensions to automatically select a file type in the File Import
dialog box
Default: None
UI equivalent: None
EmptyTrash
Syntax: EmptyTrash=value
Description: Specifies when and how the Trash folder will be purged of
documents marked for deletion. Options are:
0 - Prompt the user before closing the database
1 - Always empty the Trash folder before closing the database
2 - Empty the Trash folder manually
Default: 0
UI equivalent: File - Preferences - User Preferences - Basics - Empty
Trash folder.

Reference
Enable_ACL_Files
Syntax: Enable_ACL_Files=value
Description: Specifies whether to enable ACL file checking on a server.
ACL files are an option for protecting server directories, and contain the
names of users authorized to access those directories. Servers in xSP
configurations enable this feature by default. In an xSP configuration, an
individual ACL file is automatically created for each individual hosted
organization, to prevent users in one hosted organization from traversing
a directory that belongs to another hosted organization.
0 - Disable ACL file checking
1 - Enable ACL file checking
Applies to: Servers
Default: For non-xSP configurations, this variable is set to 0 (disabled).
For xSP configurations, it is set to 1 (enabled).
UI equivalent: None
EnableBiDiNotes
Syntax: EnableBiDiNotes=value
Description: Turns On/Off the support for BiDirectional Languages
(Arabic, Hebrew).
0 - Turns BiDirectional support off
1 - Turns BiDirectional support on
Default: 0 (off)
UI equivalent: None
NOTES.INI File C-33

ExtMgr_AddIns
Syntax: ExtMgr_AddIns=value1, value2, value3...
Description: Defines the list of add-in files for the Extension Manager.
Domino or Notes reads this variable on initialization and then attempts
to load the specified library or libraries. For example:
ExtMgr_AddIns=logdll,amgrdll
In addition, you can use ExtMgr_AddIns to add one or more custom
Extension Manager applications. The name of the add-in file may begin
with the platform specifier character N under Windows. This character
may be omitted when using the ExtMgr_AddIns setting.
Default: None
UI equivalent: None
FileDlgDirectory
Syntax: FileDlgDirectory=path
Description: Specifies the default directory for all file searches. If you
specify this setting, Domino looks only in the specified location.
Applies to: Servers
Default: None, although if this setting is omitted, Domino searches the
Domino Data directory.
UI equivalent: None
Fixup_Tasks
Syntax: Fixup_Tasks=number of tasks
Description: Specifies the maximum number of Fixup tasks that are
created at server startup. A Fixup task performs a consistency check on
any database that requires it. Server initialization continues while Fixup
tasks run.
Applies to: Servers
Default: Twice the number of CPUs on the system.
UI equivalent: None

Reference
FT_Domain_Directory_Name
Syntax: FT_DOMAIN_DIRECTORY_NAME=directory
Description: Allows users and administrators to select the location and
name of the domain index. By default, the domain index is located in the
Domino data directory and is named FTDOMAIN.DI. If an alternate
location is specified using this setting, Domino will support directory
links and index relocation.
Applies to: Servers
Default: None. If this setting is omitted, the domain index is located in
the Domino data directory.
UI equivalent: None
FT_Domain_Idxthds
Syntax: FT_DOMAIN_IDXTHDS=number of threads
Description: Specifies the number of indexing threads to use for Domain
Search. Using more threads lets the Domain Catalog server index more
files simultaneously, but requires more CPU utilization, and response to
search queries may be slow. With fewer indexing threads, search speeds
up because of greater CPU availability, but changes are not reflected in
the index as quickly.
Applies to: Servers
Default: None, although if this setting is omitted, the default number of
threads used is two per CPU. For example, a server with two CPUs uses
four indexing threads by default when indexing. Do not exceed eight
threads per server or you may degrade the performance of the server,
even on servers with more than four CPUs.
UI equivalent: None
NOTES.INI File C-35

FT_Index_Attachments
Syntax: FT_Index_Attachments=value
Description: Specifies whether to exclude types of document
attachments in the Domain Index that are not already excluded by
default. A value of 1 includes these document attachments in the index,
and a value of 2 excludes them. The following types of attachments are
excluded from the Domain Index by default: .au, .cca, .dbd, .dll, .exe, .gif,
.img, .jpg, .mp3, .mpg, .mov, .nsf, .ntf, .p7m, .p7s, .pag, .sys, .tar, .tif,
.wav, .wpl, .zip.
Applies to: Servers
Default: 1
UI equivalent: None
FT_Intl_Setting
Syntax: FT_Intl_Setting=language
Description: Imposes several limitations on full text functionality to let
Notes work properly with the Japanese language. When enabled (set to
1), this setting turns off stemming, makes all full text indexes
case-sensitive, and ignores the setting for the stop word file.
Default: None
UI equivalent: None
FT_Max_Search_Results
Syntax: FT_Max_Search_Results=number of entries
Description: Specifies the maximum number of results (up to
2147483647) that can be retrieved at one time on a database without any
index. For example:
FT_Max_Search_Results=10000
allows a single NotesDatabase or NotesDocumentCollection
“FTSearch” to return up to 10000 entries.
Default: 5000
UI equivalent: None

Reference
FT_No_Compwintitle
Syntax: FT_No_Compwintitle=value
Description: Specifies whether the Domain Catalog server computes the
window titles for documents that are returned by a search.
XXX - Computes document window titles
1 - Omits the computation of document window titles, thus
conserving CPU.
Applies to: Servers
Default: XXX
UI equivalent: None
FTG_No_Summary
Syntax: FTG_No_Summary=value
Description: Specifies whether document summaries can be displayed in
search results. If you use server access lists within a domain to limit
access to information, you might need to check the ACLs of databases on
those servers to ensure that results are filtered. Otherwise, a search might
return a result to a user who cannot access the result document. If the
Domain Catalog server is on a Windows system, search results can
include document summaries whereby users might be able to discern
confidential information. If you are running Domino on Windows and
are not sure that you can properly maintain database ACLs to prevent
this, you might want to disable document summaries by using this
setting in the Domain Catalog server’s NOTES.INI file.
XXX - Allows the display of document summaries in search results.
1 - Prevents the display of document summaries in search results.
Applies to: Servers
Default: XXX
UI equivalent: None
For information on Domain Search security, see the chapter “Setting Up
Domain Search.”
NOTES.INI File C-37

FT_Summ_Default_Language
Syntax: FT_Summ_Default_Language=value
Description: Specifies the language for a document summary in search
results whenever the language in the document is not supported. Valid
values (supported languages) are as follows. If a locale’s native language
is not supported, use a value of NULL or english.
• bokmal
• danish
• default (You can use this value for the locale’s native language, if
supported.)
• dutch
• english
• finnish
• french
• german
• italian
• NULL (English will be the language used.)
• nynorsk
• portugue (Use this value for the Portuguese language.)
• spanish
• swedish
Default: None
UI equivalent: None
Health_Report_Purge_After_N_Days
Syntax: Health_Report_Purge_After_N_Days=N
Description: Used for server health monitoring. N is the number of days
that historical documents remain in the database. By default, historical
reports are purged from the database after seven days. To override the
default, add this variable to the NOTES.INI file, and specify the number
of days for which historical documents remain in the database.
Applies to: Servers
Default: 7 (days)
UI equivalent: None

Reference
HTTPEnableConnectorHeaders
Syntax: HTTPEnableConnectorHeaders=value
Description: Enables the Domino HTTP task to process special headers
that are added to requests by a WebSphere 4.0.3 plug-in installed on a
foreign Web server. When the plug-in relays an HTTP request to the
Domino back-end server, the plug-in adds headers that include
information about the front-end server’s configuration and user
authentication status. As a security measure, the HTTP task ignores these
headers if the setting is not enabled. This prevents an attack via plug-in
mimicking.
0 - The Domino HTTP task does not process the special headers.
1 - The Domino HTTP task does process the special headers.
Applies to: Servers
Default: 0
UI equivalent: None
HTTPLogUnauthorized
Syntax: HTTPLogUnauthorized=value
Description: When set to 1, the Web Server logs Error 401 instances to
the server console. These instances are generated in two cases:
• A user attempts to access a resource but is not authorized for it
• A user has failed to authenticate
Applies to: Servers
Default: None. Without this setting, Error 401 instances are not logged to
the server console. With or without this setting, Error 401 instances are
logged to the Web Server logs.
UI equivalent: None
NOTES.INI File C-39

ICMNotesPort
Syntax: ICMNotesPort=port name
Description: Specifies the name of the Notes network port for TCP/IP
that you are linking the Internet Cluster Manager (ICM) service with.
This setting is required for a partitioned server hosting the ICM service,
and for a single server hosting that service if the server has more than
one Notes port for TCP/IP.
Applies to: Servers
Default: None
UI equivalent: None
IMAILExactSize
Syntax: IMAILExactSize=value
Description: Specifies that the IMAP service report the exact size of a
MIME message when requested by a client.
0 - The IMAP service estimates the message size
1 - The IMAP service reports the exact message size
By default, the IMAP service estimates the message size. This helps
improve server performance. Set this to 1 only if clients require the exact
size.
Applies to: Servers
Default: 0
UI equivalent: None
IMAP_Config_Update_Interval
Syntax: IMAP_Config_Update_Interval=number of minutes
Description: Specifies in minutes how frequently the IMAP server checks
for configuration changes made to the Domino Directory.
Applies to: Servers
Default: None, although the update interval is 2 minutes if this setting is
not included in NOTES.INI file.
UI equivalent: None

Reference
Certain IMAP properties are not dynamically configured and require
you to shut down and restart the service before they go into effect. Also,
a given IMAP session uses whatever properties were in effect at the time
the session began for the duration of that session; configuration changes
apply only to IMAP sessions started after the update occurs.
IMAP_Convert_Nodisable_Folder_Refs
Syntax: IMAP_Convert_Nodisable_Folder_Refs=value
Description: Specifies whether the mail conversion utility (CONVERT)
preserves folder references when updating mail files for use with the
Domino 6 IMAP service.
0 (or variable not set) - The conversion process disables folder
references.
1 - The conversion process preserves folder references
Applies to: Servers
Default: None, although without this setting, Domino removes folder
references during conversion.
UI equivalent: None.
In earlier releases of Domino, the IMAP service used folder references in
the mail template to retrieve IMAP folder and message data. Because the
Domino 6 IMAP service does not use folder references, and preserving
folder references retards IMAP performance, by default, when you run
the mail conversion utility (CONVERT) to prepare mail files for IMAP
use, it removes folder references from the converted mail files.
Set this variable only in environments where Domino applications other
than the IMAP service use folder references in mail files to track
information. When this variable is set, folder references are preserved
during all mail file conversions, whether performed manually from the
server console, or automatically as the result of an IMAP user logging in
to the IMAP service for the first time. Following conversion, the IMAP
folder and message data maintained by folder references is initially
synchronized with the Domino 6 IMAP information. However, as the
Router delivers new messages to the mail file, folder references are not
updated.
NOTES.INI File C-41

IMAPDisableFTIImmedUpdate
Syntax: IMAPDisableFTIImmedUpdate=value
Description: Specifies whether or how the IMAP server will do an
immediate FTI update after a new message is appended. This is required
for searching for new messages immediately.
1 - Suppress the update request (by default, the update suppression
time is 15 minutes)
2 - Disable FTI update
Applies to: Servers
Default: The IMAP server does an immediate FTI update after a new
message is appended.
UI equivalent: None
IMAPDisableMsgCache
Syntax: IMAPDisableMsgCache=value
Description: Specifies whether the IMAP server will cache the last
fetched message.
1 - Disable the cache
Applies to: Servers
Default: The IMAP server caches the last fetched message.
UI equivalent: None
IMAPGreeting
Syntax: IMAPGreeting=greeting
Description: Customizes the greeting the IMAP server sends to clients
connecting over TCP/IP.
Applies to: Servers
Default: None, although without the setting the following greeting is
used:
* OK Domino IMAP4 Server V5.0 ready Mon, 10 May 1999
17:57:13 -0500
UI equivalent: None

Reference
IMAPNotesPort
Syntax: IMAPNotesPort=port name
Description: Specifies the name of the Notes network port for TCP/IP that
you are linking the IMAP service with. This setting is required for a
partitioned server hosting IMAP, and for a single server hosting it if the
server more than one Notes port for TCP/IP.
Applies to: Servers
Default: None
UI equivalent: None
For information on binding an Internet service to an IP address, see the
chapter “Setting Up the Domino Network.”
IMAPRedirectSSLGreeting
Syntax: IMAPRedirectSSLGreeting=greeting
Description: Customizes the message the IMAP server sends to clients
attempting to connect over TCP/IP when the TCP/IP port is configured
to Redirect to SSL.
Applies to: Servers
used:
IMAP Server configured for SSL Connections only. Please
reconnect using the SSL Port portnumber.
UI equivalent: None
IMAP_Session_Timeout
Syntax: IMAP_Session_Timeout=number of minutes
Description: Specifies when the IMAP server drops idle IMAP client
sessions. We recommend specifying a setting greater than ten minutes;
many IMAP clients poll for new mail every ten minutes and the
overhead of supporting idle session is less than the overhead required to
support clients logging on and opening mailboxes.
NOTES.INI File C-43

Applies to: Servers
Default: None, although without this setting, the server drops idle
sessions after 30 minutes.
UI equivalent: None
IMAPShowIdleStatus
Syntax: IMAPShowIdleStatus=value
Description: If enabled, the command “sh task” at the server console will
show idle IMAP threads.
1 - Enable the display of idle IMAP threads
Applies to: Servers
Default: Off
UI equivalent: None
IMAPSSLGreeting
Syntax: IMAPSSLGreeting=greeting
Description: Customizes the greeting the IMAP server sends to clients
connecting over SSL.
Applies to: Servers
used:
* OK Domino IMAP4 Server V4.6 ready Mon, 12 May 1997
17:57:13 -0500
UI equivalent: None
Incoming Mail Sound

Syntax: Incoming Mail Sound=path\file
Description: Specifies the tune that plays when mail arrives. The file is a
sound file, usually a WAV file.
Note In Domino 5 the name of this setting is NewMailTune.

Reference
Default: None
UI equivalent: The Play a Sound field on the Mail tab in the User
Preferences dialog box (choose File - Preferences - User Preferences.)
INET_Authenticate_with_Secondary
Syntax: INET_Authenticate_with_Secondary=value
Description: Allows a Domino POP3 server to use passwords stored in
directories other than the primary for services other than HTTP, such as
LDAP, IMAP, and POP3.
0 - Disables this setting.
1 - Enables this setting
Applies to: Servers
Default: 1
UI equivalent: None
InstallType
Syntax: InstallType=value
Description: Identifies the type of Notes client installed, as follows:
0 - Designer License Type
1 - Administration License Type
2 - Designer and Administration License Type
This line is updated when you perform an incremental setup after
installing Notes 5.
Default: None
UI equivalent: None
NOTES.INI File C-45

JavaEnableJIT
Syntax: JavaEnableJIT=value
Description: Enables the default JIT if one is provided. Specify 1 as the
JavaEnableJIT value to allow normal loading of the default JIT.
Caution JITs can be unstable and lead to unexpected crashes.
Applies to: Servers
Default: 0
UI equivalent: None
JavaJITName
Syntax: JavaJITName=name
Description: Enables the specified JIT. You must provide the named JIT
or an error is reported by the Java Virtual Machine (JVM), although
execution continues without the named JIT. Use the JavaJITName setting
to load a JIT other than the default JIT (if one is provided).
Caution JITs can be unstable and lead to unexpected crashes.
Applies to: Servers
Default: None
UI equivalent: None
JavaMaxHeapSize
Syntax: JavaMaxHeapSize=number of bytes
Description: Specifies the maximum—not initial—size the Java heap can
reach. The Java Virtual Machine (JVM) starts out at 16MB of heap space
and most of it is uncommitted. If the JVM needs more heap than it
currently has, it will expand the heap in increments but will not exceed
the maximum. Exceptions such as “java.lang.OutOfMemoryError”
indicate that a heap has reached its maximum size. You can specify the
number of bytes directly or use the suffix “MB” to indicate megabytes,
for example, specifying “64MB” is the same as specifying “67108864.”
Applies to: Servers
Default: 64MB
UI equivalent: None

Reference
JavaMinHeapSize
Syntax: JavaMinHeapSize=number of bytes
Description: Specifies the initial size of the Java heap at Java Virtual
Machine (JVM) startup. If the JVM needs more heap than it currently has,
it will expand the heap in increments but will not exceed the maximum.
You can specify the number of bytes directly or use the suffix “MB” to
indicate megabytes, for example, specifying “16MB” is the same as
specifying “16777216.”
Applies to: Servers
Default: 16MB
UI equivalent: None
JavaNoAsyncGC
Syntax: JavaNoAsyncGC=value
Description: Prevents the Java Virtual Machine (JVM) from running the
garbage collection (GC) mechanism in a separate background thread.
Specify 1 as the JavaNoAsyncGC value to debug internal JVM problems.
Applies to: Servers
Default: 0
UI equivalent: None
JavaNoClassGC
Syntax: JavaNoClassGC=value
Description: Prevents the garbage collection (GC) mechanism of classes,
which protects static fields. Specify 1 as the value to enable the
JavaNoClassGC setting.
Applies to: Servers
Default: 0
UI equivalent: None
NOTES.INI File C-47

JavaStackSize
Syntax: JavaStackSize=number of bytes
Description: Specifies the size of each Java thread’s execution stack. You
may need to increase the default number of bytes if you need
deeply-nested call stacks, but otherwise you should not need to change
the default.
Applies to: Servers
Default: 409600
UI equivalent: None
JavaUserClasses
Syntax: JavaUserClasses=list
Description: Allows code-sharing across agents and applets. The value
list is a list of directories, JAR files, or ZIP files that are added to the Java
Virtual Machine’s internal classpath so that classes can be found via the
system loader (rather than via attachment to the agent or applet). Note
that this doesn’t replicate and requires access to the file system on the
server.
Use a semicolon (;) to separate list items for Win32 and OS/2 systems
and use a colon (:) to separate list items for UNIX systems; for example, a
valid list for Win32 is:
c:\classes;d:\appxyz\stuff.jar
Applies to: Servers

Default: None
UI equivalent: None
JavaVerbose
Syntax: JavaVerbose=value
Description: Enables the verbose setting of the Java Virtual Machine
(JVM), which causes the JVM to issue many messages while it runs.
Specify 1 as the JavaVerbose value to troubleshoot runtime problems.
Applies to: Servers
Default: 0
UI equivalent: None

Reference
JavaVerboseGC
Syntax: JavaVerboseGC=value
Description: Enables the verbose setting of the garbage collection (GC)
mechanism in Java Virtual Machine (JVM), which causes the JVM to
issue many messages about memory usage as GC runs. Specify 1 as the
JavaVerboseGC value to enable this setting.
Applies to: Servers
Default: 0
UI equivalent: None
KeyFileName
Syntax: KeyFileName=path
Description: Specifies the location of the server ID or the user ID file.
This setting lets an administrator use one ID to run the server. For
example:
On Macintosh, KeyFileName=Notes:JForgo.ID
On UNIX, KeyFileName=/home/server1/notes/kbowker.id
On Windows, KeyFileName=C:\Lotus\Notes\DMccarrick.ID
For information on specifying a server ID file for a machine that runs
both the Notes workstation and Domino server programs, see the topic
“ServerKeyFileName” later in this chapter.
Default: The ID for the administrator that you specify when you set up
the server.
UI equivalent: None
NOTES.INI File C-49

KitType
Syntax: KitType=value
Description: Specifies which program you are running:
1 - Workstation
2 - Server
Default: Specified during the Install program. You can install the
workstation, the server, or both the workstation and server. The value
when you install the server and workstation on the same machine is 2.
UI equivalent: None
LANnumber
Syntax: LANnumber=port_driver, unit_ID, not_used, buffer_size
Description: Specifies information about network ports on servers and
workstations. For example:
LAN0=spx, 1, , 2000
LAN1=netbios, 0, 15, 2000, , 12288
The LAN0 port is configured for an SPX network connection. The LAN1
port is configured for a NetBIOS connection and contains additional port
setup information. Exclude the _ or i prefix and the .DLL extension from
the port driver name.
Default: Specified during the Install program.
UI equivalent: On a workstation, File - Preferences - User Preferences -
Ports; on a server, the Ports tab in the Server document.

Reference
LDAPBatchAdds
Syntax: LDAPBatchAdds=value
Description: Specifies which views in the Domino Directory the LDAP
service updates after processing an LDAP write operation:
0 - After a write operation the LDAP service updates all the Domino
Directory views it uses
1 - After a write operation the LDAP service updates only the
($LDAPRDNHier) view and waits for the Update task to update the
other views it uses
Use LDAPBatchAdds=1 before doing batch LDAP adds of 100 entries or
more so that so that the additions are processed more quickly. When the
LDAP adds are complete, immediately remove the setting or change it
back to LDAPBatchAdds=0. Failure to immediately remove or change
this setting back to 0 after completing the batch processing will cause
subsequent LDAP operations to be unreliable.
Applies to: Servers
Default: None, although without this setting, after processing an LDAP
write operation the LDAP service updates all the views it uses.
UI equivalent: None
LDAPConfigUpdateInterval
Syntax: LDAPConfigUpdateInterval=number of minutes
Description: Specifies the interval at which the LDAP service detects and
puts into effect changes to these configuration settings:
• Settings in the domain Configuration Settings document except
“Choose fields that anonymous users can query via LDAP” and
“Allow LDAP users write access”
• NOTES.INI settings related to the LDAP service set through the Set
Configuration command
• LDAP activity logging settings on the Activity Logging tab of a
Configuration Settings document
NOTES.INI File C-51

You must always restart the LDAP task to put into effect changes to these
settings:
• “Choose fields that anonymous users can query via LDAP”
• “Allow LDAP users write access”
• Port and port security settings on the Ports - Internet Ports -
Directory tab.
Applies to: Servers
Default: Without this setting the interval is three minutes.
UI equivalent: None
LDAPGroupMembership
Syntax: LDAPGroupMembership=value
Description: The LDAP service always searches Domino groups
specified as “Multi-purpose,” “Access Control List only,” “Servers only,”
or “Deny List only” groups because it can do so quickly. However
because searches of Domino groups specified as “Mail only” groups or of
groups that do not have a value for the GroupType attribute can be slow,
by default the LDAP service does not always search these types of
groups. The LDAP service does not search these types of groups if a
search query meets all of the following criteria, indicating a query that is
typically used for authentication:
• A search query uses the equality filter objectclass=value, where value
is one of these object classes: groupOfNames, groupOfUniqueNames,
dominoGroup, or group.
• A search query uses an equality filter with one of these attributes:
member, uniqueMember, or members.
• The two filters above are concatenated using the AND operator.
For example, by default the LDAP service does not search Domino “Mail
only” groups and groups that do not have values for the GroupType
attribute if search queries such as these are specified:
• (&(objectclass=dominoGroup)(member=cn=jack
brown,o=acme))
• (|(&(objectclass=groupOfUniqueNames)(uniqueMember=cn=
jackbrown,o=acme))(&(objectclass=groupOfNames)(member=
cn=jack brown,o=acme)))

Reference
However, by default the LDAP service does search these groups if search
queries such as these are specified:
• (&(objectclass=dominoGroup)(member=*br*))
• (member=cn=jack brown,o=acme)
• (|(&(objectclass=dominoGroup)(member=cn=jack
brown,o=acme))(cn=*groupname*))
To change the LDAP service default behavior for group searches, specify
one of these values for this setting:
1 - Always search all groups that meet specified search criteria. If
you choose this setting, full-text indexing the directory is
recommended to improve the speed of searches of Domino “Mail
only” groups and groups that do not use the GroupType attribute.
2 - Never search Domino “Mail only” groups or groups that do not
use the GroupType attribute.
Note In Domino 5 the name of this setting is
LDAP_MailOnlyGroupOption. The name has been changed
in Domino 6 for clarity. However, you can use either setting name.
Applies to: Servers
Default: None
UI equivalent: None
LDAPNotesPort
Syntax: LDAPNotesPort=port name
you are linking the LDAP service with. This setting is required for a
partitioned server hosting LDAP, and for a single server hosting it if the
server more than one Notes port for TCP/IP.
Applies to: Servers
Default: None
UI equivalent: None
NOTES.INI File C-53

LDAPPre55Outlook
Syntax: LDAPPre55Outlook=value
Description: If set to LDAPPre55Outlook=1, if the LDAP service receives
a search query that specifies country (c=xx) as a search base, it converts
the search base to root (“”). This setting is designed for use with pre-5.5
Microsoft Outlook Express clients which, when users don’t specify a
search, automatically use the country associated with the software
version as a search base. Since it’s likely that pre-5.5 users who don’t
specify a search base intend a root search rather than one using the
client-supplied country search base, use this setting if the clients that use
the LDAP service are primarily pre-5.5 Microsoft Outlook Express
clients.
Applies to: Servers
Default: None
UI equivalent: None
Location
Syntax: Location=location_name
Description: Identifies the user’s current location.
Default: None
UI equivalent: File - Mobile - Choose Current Location.

Reference
Log
Syntax: Log=logfilename, log_option, not_used, days, size
Description: Specifies the contents of the log file and controls other
logging actions:
Parameter Value
logfilename The log database file name, usually LOG.NSF
log_option Log options:
1 - Log to the console
2 - Force database fixup when opening the log file
4 - Full document scan
not_used Always set to zero; this parameter is not currently used
days The number of days to retain log documents
size The size of log text in event documents
For example:
Log=LOG.NSF,1,0,7,20000
The log file (LOG.NSF) is deleted in seven days and can contain up
to 20,000 bytes. All log information is also sent to the console.
Applies to: Servers
Default: Log=LOG.NSF,1,0,7,40000
UI equivalent: None
Log_AgentManager
Syntax: Log_AgentManager=value
Description: Specifies whether or not the start of agent execution is
recorded in the log file and shown on the server console:
0 - Do not log agent execution events
1 - Log agent execution events (partially and completely successful)
2 - Log agent execution events (completely successful only)
Applies to: Servers
Default: None
Domino Directory.
NOTES.INI File C-55

Log_Authentication
Syntax: Log_Authentication=value
Description: Specifies whether or not authentication logging is enabled
on the server. To enable authentication logging, set Log_Authentication
to a value of 1.
For example, if you specify the following NOTES.INI settings:
Log_Authentication=1 (to enable logging)
Debug_Console=1 (to write output to the console window)
Debug_Outfile=c:\debug\debug.txt (to write output to the specified
text file)
this is sample output from client NOTES.INI:
Authenticate: CN=CLEVES01/OU=Cleveland/OU=A/O=Acme
T:64 E:1: S:64:22 A:4:1 L:N:N:N
Authenticate: CN=ACCOUNT/OU=Memphis/OU=A/O=Acme
T:64 E:1: S:64:22 A:4:1 L:N:I:N
Authenticate: CN=CLEVES02/OU=Cleveland/OU=A/O=Acme
T:128 E:1: S:128:22 A:4:1 L:N:N:N
and this is sample output from server NOTES.INI:
Authenticate: CN=Jane Ochoa/O=Acme
T:128 E:1: S:128:22 A:4:1 L:N:N:N
You can use the following table to interpret the output.
Field Description
T Ticket Width
Examples of values are 64 and 128.
E Encryption Bit
Examples of values are 1 (Encrypted), 0 (Not encrypted), and 1:e
(Escrow for International).
S Encryption Strength
The first value is the key length; for example, 128, 64, and 40.
The second value is the algorithm; for example, 22 (RC4) and 2F (RC2).
continued

Reference
Field Description
A Algorithm
Examples of values are 4:1 (RC4) and 2:0 (RC2).
L License Info
The first value applies to the local ID (that is, local client or server); the
second value applies to the remote ID (that is, the server); and the third
value applies to the version of local software. Examples of values are N
(North American/Global) and I (International).

Default: None
UI equivalent: None
Log_Connections
Syntax: Log_Connections=value
Description: Specifies whether or not connection logging is enabled on
the server. When connection logging is enabled, the server console
displays the Notes network port, the network address of the requesting
system, and the network address of the destination server.
0 - Do not log connections
1 - Log connections
Applies to: Servers
Default: None
Domino Directory.
Log_Console
Syntax: Log_Console=value
Description: Security administrators can use this setting to enforce the
logging of server console command output, which can otherwise be
prevented if the command is prefixed with an exclamation point (!).
0 - Console command logging turned off
1 - Console command output logged, unless it’s prefixed with an
exclamation point
NOTES.INI File C-57

2 - Console command output logged, whether prefixed with the “!”
or not
Applies to: Servers
Default: None, but in the absence of this setting console command
output is logged unless it’s prefixed with an exclamation point.
UI equivalent: None
Log_DirCat
Syntax: Log_DirCat=value
Description: Controls which information related to the Directory
Cataloger task is logged to the console and to the Miscellaneous Events
view of the log file (LOG.NSF):
1 - Logs when the Directory Cataloger starts and finishes, the name
and domain of each source Domino Directory as it is aggregated, the
number of entries processed.
3 - Logs same information as 1, except in addition, logs the names of
all entries processed. Using 3 is not recommended because it slows
performance and fills the log file. If you do use 3, use it only
temporarily.
Applies to: Servers
Default: None, although without this setting the log file only shows
when the Directory Cataloger starts.
UI equivalent: None
LogFile_Dir
Syntax: LogFile_Dir=directoryname
Description: Specifies the directory for the Console Log file
(CONSOLE.LOG, by default). If both this setting and the
Debug_Outfile setting exist and Debug_Outfile contains a fully
qualified path name, then LogFile_Dir is not used. If neither
Debug_Outfile or LogFile_Dir exist, then the default path
\DATADIRECTORY\IBM_TECHNICAL_SUPPORT is used.

Reference
Applies to: Servers
Default: None
UI equivalent: None
Log_Replication
Syntax: Log_Replication=value
Description: Specifies the level of logging of replication events
performed by the current server:
0 - Do not log replication events
1 - Log that a database is replicating
2 - Log summary information about each database
3 - Log information about each replicated document (both design
and data documents)
4 - Log information about each replicated field
Applies to: Servers
Default: None
Domino Directory.
Log_Sessions
Syntax: Log_Sessions=value
Description: Specifies whether individual sessions are recorded in the
log file and displayed on the console:
0 - Do not log individual sessions
1 - Log individual sessions
Applies to: Servers
Default: None
UI equivalent: The Log All Client Events setting that is an Advanced
server Setup option. You can also specify this setting in the NOTES.INI
Directory.
NOTES.INI File C-59

Log_Tasks
Syntax: Log_Tasks=value
Description: Specifies whether the current status of server tasks is
recorded in the log file and displayed on the console:
0 - Do not send status information
1 - Send the status of server tasks to the log file and to the console
Applies to: Servers
Default: None
Domino Directory.
Log_Update
Syntax: Log_Update=value
Description: Specifies the level of detail of Indexer events displayed at
the server console and in the log file:
0 - Records when the Indexer starts and shuts down.
1 - Records when the Indexer starts and shuts down and when the
Indexer updates views and full text indexes for specific databases.
2 - Records when the Indexer starts and shuts down and when the
Indexer updates views and full text indexes for specific databases.
Also records the names of views the Indexer is updating.
Applies to: Servers
Default: None
UI equivalent: None

Reference
Log_View_Events
Syntax: Log_View_Events=value
Description: Specifies whether messages generated when views are
rebuilt are recorded in the log file:
0 - Do not log messages when views are rebuilt
1 - Log messages when views are rebuilt
Removing this setting from the NOTES.INI file also disables logging of
these messages.
Applies to: Servers
Default: None
UI equivalent: None
MailCharSet
Syntax: MailCharSet=value
Description: Specifies the character set a POP3 server uses when
downloading mail messages to a POP3 client. value corresponds to a
character set as follows:
Character set group Language: Encoding MIME name MailCharSet

character set value
Western Codepage 1252 “usascii” 82
Western Codepage 1252 “us-ascii” 82
Western ISO Latin-1 (8859) “iso-8859-1” 32
Western Mac Script Roman “x-mac-roman” 96
Central European Codepage 1250 “cp1250” * 80
Central European ISO Latin-2 (8859-2) “iso-8859-2” 33
Turkish ISO Latin-3 (8859-3) “iso-8859-3” 34
Turkish ISO Latin-5 (8859-9) “iso-8859-9” 40
Turkish Codepage 1254 “cp1254” * 84
Taiwanese Big5, Codepage 950 “big5” 26
Taiwanese EUC-TW “x-euc-tw” 3,302
Thai Codepage 874 “cp874” * 144
Simplified Chinese PRC Chinese: GB,GBK “gb2312” 27
continued
NOTES.INI File C-61

Character set group Language: Encoding MIME name MailCharSet
character set value
Korean EUC-KR “euc-kr” 24
Japanese EUC-J “x-euc-jp” 3,301
Japanese ISO-2022-JP “iso-2022-jp” 3,277
Japanese ShiftJIS “x-sjis” 18
Greek ISO 8859-7 “iso-8859-7” 38
Greek Codepage 1253 “cp1253” * 83
Cyrillic Codepage 1251 “cp1251” * 81
Cyrillic ISO 8859-5 “iso-8859-5” 36
Cyrillic KOI8 “koi8-r” 3,308
Baltic Rim ISO Latin-4 (8859-4) “iso-8859-4” 35
Baltic Rim Codepage 1257 “cp1257” * 87
Arabic ISO 8859-6 “iso-8859-6” 37
Arabic Codepage 1256 “cp1256” * 86
Hebrew ISO 8859-8 “iso-8859-8” 39
Hebrew Codepage 1255 “cp1255” * 85
* On Windows-based servers, the MIME prefix is “windows-” rather than “cp”,

for example, “windows-1254.”
If you do not use this setting, the POP3 server looks for a
WWWDSP_Codepage value, if this setting is added.
(WWWDSP_Codepage controls the character set used by the Web
Navigator and accepts the same values as MailCharSet.)
Applies to: Servers
Default: None, although if this setting is omitted and there is no
WWWDSP_Codepage setting, the POP3 server uses the us-ascii
character set.
UI equivalent: None

Reference
MailCompactDisabled
Syntax: MailCompactDisabled=value
Description: Enables or disables the routine compacting of the server’s
MAIL.BOX. Without this setting in the NOTES.INI file, MAIL.BOX is
compacted routinely when the Compact server task runs:
0 - Enables compacting of MAIL.BOX
1 - Disables compacting of MAIL.BOX
Applies to: Servers
Default: None
UI equivalent: None
MailCompactHour
Syntax: MailCompactHour=value
Description: Use this setting to specify the time at which the router
should perform mailbox compaction.
Value is based on a 24-hour clock. For example, MailCompactHour=22
will cause compaction to initiate around 10pm.
Applies to: Servers
Default: In the absence of the setting, the router will perform mailbox
compaction at 4 AM.
UI equivalent: None
MailConvertMIMEonTransfer
Syntax: MailConvertMIMEonTransfer=value
Description: Enables or disables MIME message conversion on the
router. This can help minimize conversion overhead on the server
running the SMTP listener task.
0 - Router does not perform conversions for MIME messages
1 - Router performs conversions for MIME messages
Applies to: Servers
Default: 0
NOTES.INI File C-63

UI equivalent: None
Mail_Disable_Implicit_Sender_Key
Syntax: Mail_Disable_Implicit_Sender_Key=value
Description: Determines whether to encrypt an encrypted message with
the sender’s public key:
0 - Does not encrypt the encrypted message with the sender’s public
key
1 - Encrypt the encrypted message with the sender’s public key
Default: 0
UI equivalent: None
Mail_Log_To_MiscEvents
Syntax: Mail_Log_To_MiscEvents=value
Description: Determines whether all mail event messages are displayed
in the Miscellaneous Events view of the log file:
0 - Does not display mail events in the Miscellaneous Events view
1 - Displays mail events in the Miscellaneous Events view
Default: None, although if this setting is omitted, mail events are not
displayed in the Miscellaneous Events view.
UI equivalent: None
MailServer
Syntax: MailServer=server
Description: Specifies the server where the user’s mail file resides.
Default: None
UI equivalent: The Mail Server field in the Mail tab of the Person
document in the Domino Directory.

Reference
Mail_Skip_NoKey_Dialog
Syntax: Mail_Skip_NoKey_Dialog=value
Description: Specifies whether to display the Encryption Failure dialog
when Notes cannot locate the public key to sign or encrypt a message:
0 - The “Don’t show signature or encryption failures again and
continue sending” dialog appears when Notes cannot find the public
key.
1 - The “Don’t show signature or encryption failures again and
continue sending” dialog does not appear when Notes cannot find
the public key. Notes then sends the message unsigned and/or
unencrypted.
Default: None
UI equivalent: The “Don’t show signature or encryption failures again
and continue sending” checkbox in the Encryption Failure dialog box.
MailSystem
Syntax: MailSystem=value
Description: Specifies the mail system that the user selected during the
workstation setup procedure:
0 - Notes mail
1 - cc:Mail or a non-Lotus mail system
Default: None
UI equivalent: The mail system selection made during workstation
setup.
NOTES.INI File C-65

MailTimeout
Syntax: MailTimeout=number of days
Description: Specifies the number of days after which the server returns
undelivered mail to the sender. Increase this setting when you have a lot
of mail returned in one day or when you are sending mail to foreign
domains.
Note To specify a period of less than one day, use the NOTES.INI
setting MailTimeoutMinutes.
Applies to: Servers
Default: None, although if this setting is omitted, undelivered mail is
returned after one day.
UI equivalent: None, but you can specify this setting in the NOTES.INI
Directory.
MailTimeoutMinutes
Syntax: MailTimeoutMinutes=number of minutes
Description: Specifies the number of minutes after which the server
returns undelivered mail to the sender. The maximum number of
minutes is 1440 (24 hours).
Note To specify a time greater than one day, use the NOTES.INI setting
MailTimeout.
Applies to: Servers
Default: None
UI equivalent: None
Map_Retry_Delay
Syntax: Map_Retry_Delay=number of minutes
Description: Specifies the number of minutes that a server waits after an
unsuccessful attempt to call another server before it tries again.
Applies to: Servers
Default: None
UI equivalent: None

Reference
Memory_Quota
Syntax: Memory_Quota=number of megabytes
Description: This setting is for OS/2 only. Specifies the maximum
number of megabytes of virtual memory that the server can allocate. This
gives administrators more control over the growth of the swap file. The
minimum value is 4MB. Without this setting in the NOTES.INI file, the
server uses all available memory.
Applies to: Servers
Default: None
Domino Directory.
MinNewMailPoll
Syntax: MinNewMailPoll=number of minutes
Description: Determines how often workstations can contact the server
to see if new mail has arrived for the user. This setting overrides the
user’s selection in the Mail Setup dialog box. You can increase the mail
polling interval if there are a large number of mail users on your server,
and you want to prevent frequent polling from affecting server
performance.
Applies to: Servers
Default: None
UI equivalent: None
Move_Mail_File_Expiration_Days
Syntax: Move_Mail_File_Expiration_Days=number of days
Description: Specifies the number of days that the Notes client updates
mail file related Change Requests. After this time period, these become
obsolete Change Requests. For example:
Move_Mail_File_Expiration_Days=30
Applies to: Servers
Default: None
UI equivalent: None
NOTES.INI File C-67

MTCDailyTasksHour
Syntax: MTCDailyTasksHour=time
Description: Specifies the time, in 24-hour format, when the Mail
Tracking Collector (MTC) task performs the daily compaction of the
Domino MailTracker Store database (MTSTORE.NSF). For example:
MTCDailyTasksHour=25:00
Applies to: Servers
Default: None, although in the absence of this setting, compaction occurs
nightly at 2 AM.
UI equivalent: None
MTMaxResponses
Syntax: MTMaxResponses=number of responses
Description: Specifies the maximum number of message tracking
responses returned from a query. The number of responses returned will
be less than or equal to the MTMaxResponses value. Whenever a query
returns more than the MTMaxResponses limit, a message indicating this
appears on the Admininstration panel status line.
Applies to: Servers
Default: None, although if this setting is omitted, the maximum number
of message tracking responses returned from a query is 100.
UI equivalent: None
Names
Syntax: Names=name(s)
Description: Specifies the names of the secondary Domino Directories
that Domino searches to verify recipient names in mail messages. By
default, Domino searches only the primary Domino Directory, which is
typically named NAMES.NSF.
Note It is strongly recommended that you use directory assistance
rather than this setting to do lookups in secondary Domino Directories.
This NOTES.INI setting allows additional directories to be searched in
the order in which they appear and stops searching when it finds a

Reference
match in one of the databases. The file names can be up to 256 characters.
Separate the list of directories with commas. Do not specify the NSF file
extension.
The server does not use this feature to look up additional Connection,
Domain, or Server documents specified in additional directories. Ensure
you create all of the necessary Connection, Domain, and Server
documents in the primary Domino Directory.
Local secondary Domino Directories
To specify secondary Domino Directories that are replicated locally on
the server, type the names of the directories without the NSF extension
following the name of the primary Domino Directory; for example
NAMES=NAMES, EASTNAME, WESTNAME
Remote secondary Domino Directories
If secondary Domino Directories are not replicated locally, access them
over the network by specifying server names in canonical format and
their Domino Directories as follows:
CN=servername/OU=organizational unit/O=organization/!!filename
Specify as many organizational units as necessary.
For example, specify:
NAMES=NAMES, CN=serverwest/OU=west/O=acme!!NAMES,
CN=servereast/OU=east/O=acme!!NAMES
If the name of the remote server is flat, omit the canonical format, for
example
NAMES=NAMES, serverwest!!NAMES
If a remote server contains multiple Domino Directories, for example a
hub server, you can point to each directory on the server. To do this, you
must repeat the server name for each directory, for example:
NAMES=NAMES, CN=serverhub/O=acme!!NAMES1,
CN=serverhub/O=acme!!NAMES2
Note Do not add the name of a condensed Directory Catalog as a value
for this setting. Use the Basics tab of the Server document in the Domino
Directory to set up a server to use a condensed Directory Catalog.
Applies to: Servers
Default: NAMES
UI equivalent: None
NOTES.INI File C-69

NetWareSocket
Syntax: NetWareSocket=socketnumber
Description: Specifies the IPX socket number used by the Domino server.
Applies to: Servers
Default: None. Domino lets the IPX/SPX protocol stack assign a socket
number dynamically.
UI equivalent: None
For information on assigning the IPX socket number for a Domino server,
see the chapter “Setting Up the Domino Network.”
NetWareSpxSettings
Syntax: NetWareSpxSettings=value
Description: Specifies the decimal value of the Domino server’s IPX
socket.
Applies to: Servers
Default: None
UI equivalent: None
NewMailInterval
Syntax: NewMailInterval=number of minutes
Description: Defines how often (in minutes) Notes checks the user’s
Inbox for new mail.
Default: 1
UI equivalent: File - Preferences - User Preferences - Mail - Check for
new mail every x minutes.

Reference
NewUserServer
Syntax: NewUserServer=server
Description: Specifies the registration server for a Domino domain, if
this has not been specified in Administration Preferences.
Applies to: Servers
Default: None
UI equivalent: None
NoDesignMenu
Syntax: NoDesignMenu=value
Description: Hides the Design menu on workstations.
0 - Shows the Design menu
1 - Hides the Design menu
Default: None, although if this setting is omitted, the Design menu
appears
UI equivalent: None
NoExternalApps
Syntax: NoExternalApps=value
Description: Protects against “mail bomb” viruses by disabling the
following workstation features:
• OLE, DDE, DIP, @Command
• @DBLookup, @DB Column (when using non-Notes drivers)
• @MailSend, @DDExxx
• Launching file attachments
• Subscribe on a Macintosh workstation
Use the following values to set this variable:
0 - Enables the workstation features listed above
1 - Disables the workstation features listed above
NOTES.INI File C-71

Default: None, although if this setting is omitted, these workstation
features are enabled.
UI equivalent: None
No_Force_Activity_Logging
Syntax: No_Force_Activity_Logging=value
Description: Controls whether the Statlog task automatically enables
activity logging on all databases:
0 - Allows automatic activity logging on all databases
1 - Prevents automatic activity logging on all databases
Even when activity is not being recorded for the database, the
information is still recorded in the Activity entry of the Database Usage
view in the server’s log file.
Applies to: Servers
Default: None, although if this setting is omitted, the Statlog server task
enables the Record Activity option for every database on the server and
adds 64Kb to each database.
Domino Directory.
NoMailMenu
Syntax: NoMailMenu=value
Description: Hides the Mail menu. When set to 1, the Mail menu doesn’t
appear on workstations. This setting also sets the user’s mail system to
None.
Default: None, although if this setting is omitted, the Notes Mail menu
appears.
UI equivalent: None

Reference
NoMsgCache
Syntax: NoMsgCache=value
Description: Disables per-user message caching by the IMAP task. This
can improve capacity (number of users) on a server by reducing memory
consumption.
Applies to: Servers
Default: None, although if this setting is omitted, IMAP per-user
message caching will be enabled.
UI equivalent: None
NSF_Buffer_Pool_Size
Syntax: NSF_Buffer_Pool_Size=number of bytes
Description: Specifies the maximum size (in bytes) of the NSF buffer
pool, a section of memory dedicated to buffering I/O transfers between
Domino and disk storage. The maximum size depends on any limitations
of the operating system, and the amount of system memory available.
The minimum size is 4MB.
Note You can also use NSF_Buffer_Pool_Size_MB to set the maximum
size of the NSF buffer pool. This is the same as NSF_Buffer_Pool_Size,
except it specifies the size in megabytes instead of bytes. Use
NSF_Buffer_Pool_Size_MB to avoid the 2GB limitation that exists for
NSF_Buffer_Pool_Size due to NOTES.INI variable limits. (NOTES.INI
variables are signed variables, and cannot be larger than 2GB.)
Default: Determined automatically by the server or workstation. (This is
strongly recommended, except on partitioned servers.) The more
memory is available, the larger the server sets the default
NSF_Buffer_Pool_Size. On workstations, the maximum setting of the
NSF_Buffer_Pool_Size is 8MB (4MB for MAC). On the server, the default
maximum is determined to be between 1/8 and 3/8 of available physical
memory, depending on the overall size of physical memory. The defaults
are not automatically adjusted on partitioned servers, so it will usually be
necessary to adjust the maximum values in each partition to a fraction of
memory such that the memory used by all partitions adds up to
approximately 1/4 to 3/8 of memory.
UI equivalent: None
NOTES.INI File C-73

NSF_DbCache_Disable
Syntax: NSF_DbCache_Disable=value
Description: Controls whether the database cache is enabled on a server.
The database cache is enabled by default.
0 - Enables the database cache
1 - Disables the database cache
Applies to: Servers
Default: None
UI equivalent: None
NSF_DbCache_Maxentries
Syntax: NSF_DbCache_Maxentries=number of databases
Description: Determines the number of databases that a server can hold
in its database cache at one time, where n is the number of databases.
Increasing the database cache size can improve system performance but
requires additional memory. The minimum number of databases allowed
in the cache at one time is 25; the maximum is approximately 2000,
depending on the server platform.
Applies to: Servers
Default: None, although if this setting is omitted, the number of
databases that the server can hold in its cache at one time is either 25, or
the NSF_Buffer_Pool_Size value divided by 300K (whichever is greater).
UI equivalent: None
Num_Compact_Rename_Retries
Syntax: Num_Compact_Rename_Retries=number of times to retry
Description: Domino attempts only once to rename a database that was
copy-style compacted. You can request additional attempts by specifying
a value in the Num_Compact_Rename_Retries setting in the NOTES.INI
file. Domino tries to rename until it succeeds or the number of retries is
exhausted. For example, to request that Domino try once again to rename,
specify Num_Compact_Rename_Retries=1; to request that Domino try 5
more times to rename, specify Num_Compact_Rename_Retries=5.

Reference
Applies to: Servers
attempts just once to rename a database that was copy-style compacted.
UI equivalent: None
NWNDSPassword
Syntax: NWNDSPassword=NDS password
Description: Specifies the password for Domino to log in to the Novell
Directory Service (NDS) tree on system start-up. Until this setting is
added to the NOTES.INI file, an administrator must log in to the NDS
tree before starting the Domino server.
Applies to: Servers
Default: None
UI equivalent: None
For information on setting up NDS for a Domino server, see the
appendix “Novell Directory Service for the IPX/SPX Network.”
NWNDSUserID
Syntax: NWNDSUserID=NDS user ID
Description: Specifies the user ID for Domino to log into the Novell
Directory Service (NDS) tree on system start-up. Until this setting is
added to the NOTES.INI file, an administrator must log into the NDS
tree before starting the Domino server.
Applies to: Servers
Default: None
UI equivalent: None
For information on setting up NDS for a Domino server, see the
appendix “Novell Directory Service for the IPX/SPX Network.”
NOTES.INI File C-75

Passthru_Hangup_Delay
Syntax: Passthru_Hangup_Delay=number of seconds
Description: Specifies how long in seconds a passthru server maintains a
dialup connection after its last dialup session ends.
Applies to: Servers
Default: 120
UI equivalent: None
Passthru_LogLevel
Syntax: Passthru_LogLevel=value
Description: Specifies the level of trace information recorded for all
network connections (including passthru) in the Miscellaneous Events
view of the log file.
0 - No information is recorded
1 - Only errors are recorded
2 - Summary progress information is recorded
3 - Detailed progress information is recorded
4 - Full trace information is recorded
5 - Full trace information plus driver messages are recorded
Default: 0
UI equivalent: File - Preferences - User Preferences - Ports - Trace -
Notes Log options
PhoneLog
Syntax: PhoneLog=value
Description: Specifies whether phone calls are recorded in the log file:
0 - Does not record phone calls to the log file
1 - Records all calls, except those that fail because of a busy signal
2 - Records all phone calls

Reference
Default: 2
Domino Directory.
PKCS11_Library
Syntax: PKCS11_Library=path
Description: Specifies the location of the server’s locally installed
PKCS#11 file for enabling Smartcards. For example:
PKCS11_Library=C:\Program Files\Schlumberger\Smart Cards and
Terminals\Common Files\slbck.dll
Applies to: Servers
Default: None
UI equivalent: The Smartcard installation wizard will prompt the user to
install the appropriate DLL for the Smartcard.
Platform_Statistics_Disabled
Syntax: Platform_Statistics_Disabled=value
Description: By default, Domino tracks performance metrics of the
operating system and captures the results in the Domino server. Use the
following setting to disable statistic reporting:
Platform_Statistics_Disabled=1
Note You must remove the setting from the NOTES.INI file altogether
to re-enable platform statistic reporting.
Applies to: Servers
Default: None
UI equivalent: None
NOTES.INI File C-77

POP3ConfigUpdateInterval
Syntax: POP3ConfigUpdateInterval=number of minutes
Description: Determines how often (per minute) the POP3 server will
update its configuration information.
Applies to: Servers
Default: 2 minutes
UI equivalent: None
POP3_Disable_Cache
Syntax: POP3_Disable_Cache=value
Description: Enables/disables message caching for users.
0 - Enables message caching
1 - Disables message caching
Applies to: Servers
Default: 0
UI equivalent: None
POP3DNSLookup
Syntax: POP3DNSLookup=value
Description: Enables/disables reverse DNS lookups of client host names.
0 - Disables reverse DNS lookups of client host names
1 - Enables reverse DNS lookups of client host names
Applies to: Servers
Default: 0
UI equivalent: None

Reference
POP3Domain
Syntax: POP3Domain=domain name
Description: Specifies the name of the Internet domain to use as the
gateway to send mail to the Internet for local addresses. (All local
addresses are converted to Internet addresses.) If this setting is included
in the NOTES.INI file, it overrides the DNS value.
Applies to: Servers
Default: None
UI equivalent: None
POP3_Enable_Cache_Stats
Syntax: POP3_Enable_Cache_Stats=value
Description: Enables/disables message caching statistics.
0 - Disables message caching statistics
1 - Enables message caching statistics
Applies to: Servers
Default: 0
UI equivalent: None
POP3MarkRead
Syntax: POP3MarkRead=value
Description: Specifies whether POP3 messages should be marked as
read after downloading. A value of 1 instructs the server to mark the
messages as read. Default is 0 (messages are marked as unread).
0 - Do not mark POP3 messages as read
1 - Mark POP3 messages as read
Applies to: Servers
Default: 0
UI equivalent: None
NOTES.INI File C-79

POP3_Message_Stat_Cache_NumPerUser
Syntax: POP3_Message_Stat_Cache_NumPerUser=number of message
statistics
Description: Limits the number of message statistics that can be cached
for a single user. Message statistics caches contain UNIDs and saved
message sizes. Each cache entry consumes CPU time and server memory.
Reducing this number can improve server performance.
Applies to: Servers
Default: 50
UI equivalent: None
POP3NotesPort
Syntax: POP3NotesPort=port name
you are linking the POP3 service with. This setting is required for a
partitioned server hosting POP3, and for a single server hosting it if the
server has more than one Notes port for TCP/IP.
Applies to: Servers
Default: None
UI equivalent: None
portname_MaxSessions
Syntax: portname_MaxSessions=number of sessions
Description: Restricts the number of sessions on a specified port.
Applies to: Servers
Default: None
UI equivalent: None

Reference
Ports
Syntax: Ports=portname(s)
Description: This setting indicates which ports are enabled for the server
or workstation. Ports are enabled/disabled by a two step process s using
the Setup Ports dialog box and then using Server documents (for servers)
or the User Preferences dialog box (for workstations). The order in which
ports are listed in this setting can affect how Notes workstations and
Domino servers connect to a system.
Default: None
UI equivalent: On a workstation, see the Ports tab in the User
Preferences dialog box (choose File - Preferences - User Preferences). On
a server, the Configuration tab’s Tools pane, Server - Setup Ports option,
and then see the Ports - Notes Network Ports tab in the Server document.
For information on reordering network ports on a server, see the chapter
“Setting Up the Domino Network.”
ProgramMode
Syntax: ProgramMode=value
Description: If the user sets up Notes with a Notes Mail ID or switches to
a Notes Mail ID (not a Lotus Notes Desktop ID), a value is written to the
NOTES.INI ProgramMode setting:
0 - Full Notes
1 - Notes Mail
8 - Desktop
Default: 1 (Full Notes)
UI equivalent: None
NOTES.INI File C-81

Repl_Error_Tolerance
Syntax: Repl_Error_Tolerance=number of replication errors
Description: Specifies the number of replication errors of the same type
that can occur between two databases before the server terminates
replication.
Applies to: Servers
Default: 2
Domino Directory.
ReplicationTimeLimit
Syntax: ReplicationTimeLimit=number of minutes
Description: Specifies a time limit (in minutes) for replication between
one server and another. If this setting is not included in the NOTES.INI
file, there is no time limit.
Applies to: Servers
Default: None
UI equivalent: The Replication Time Limit field in the
Routing/Replication tab in the Connection document in the Domino
Directory.
Replicators
Syntax: Replicators=number of tasks
Description: Specifies the number of Replicator tasks that can run
Note You must shut down and restart the server for this setting to take
effect.
Applies to: Servers
Default: 1
Domino Directory.

Reference
Repl_Obeys_Quotas
Syntax: Repl_Obeys_Quotas=value
Description: Specifies whether the Replicator obeys quotas.
0 - Disables the Replicator from obeying quotas
1 - Enables the Replicator to obey quotas
Applies to: Servers
Default: The Replicator does not obey quotas.
UI equivalent: None.
Report_DB
Syntax: Report_DB=path
Description: When the Monitoring Configuration database
(EVENTS4.NSF) is created, it is placed in the Domino Data directory. Use
this setting to specify the location of the database if it is located
somewhere other than in the Domino Data directory.
Applies to: Servers
Default: None, but in the absence of any Report_DB setting in the
NOTES.INI file, the default path is Lotus\Domino\Data\events4.nsf.
UI equivalent: None
ReportUseMail
Syntax: ReportUseMail=value
Description: Allows the Reporter task to use the Router to send statistics
to another server in the same domain:
1 - Use the Router
0 - Use the network
Using the Router can be useful for reporting statistics over dial-up
connections to a central collection server.
Applies to: Servers
NOTES.INI File C-83

Default: None, although without the setting, the Reporter task uses the
network to report statistics.
Domino Directory.
RouterAllowConcurrentXferToAll
Syntax: RouterAllowConcurrentXFERToALL=value
Description: Use this setting to enable/disable multiple concurrent
transfer threads for inter-domain Notes routing.
1 - Enables
0 - Disables
Applies to: Servers
Default: None, but if the setting does not appear in the NOTES.INI file,
Domino’s default behavior is to disable multiple concurrent transfer
threads for inter-domain Notes routing.
UI equivalent: None
For information on enabling multiple concurrent transfer threads
between Domino domains, see the chapter “Customizing the Domino
Mail System.”
RouterDisableMailToGroups
Syntax: RouterDisableMailToGroups=value
Description: Specifies whether the router should allow or deny mail
addressed to a group.
0 - Allow the Router to expand groups and forward a message to the
group members.
1 - Router will not expand any groups. It will return the message as a
failure report to the sender - rejected for policy reasons.
Applies to: Servers
Default: 0
UI equivalent: None

Reference
RouterDSNForNullReversePath
Syntax: RouterDSNForNullReversePath=value
Description: Specifies whether the router should return delivery status
notifications (DSNs) for messages received over SMTP with null RFC 821
reverse paths.
0 - Don’t return a failed DSN. Create the non delivery report, but
mark it as DEAD. The Administrator can then delete these messages
or release them.
1 - Create and send the delivery status notification.
2 - Do not create a delivery status notification.
Applies to: Servers
Default: 0
UI equivalent: None
RouterEnableMailByDest
Syntax: RouterEnableMailByDest=value
Description: Use this setting to generate verbose mail routing statistics
per destination. These statistics may be useful when attempting to
troubleshoot routing related problems.
0 - No destination based statistics are generated by the router.
1 - Router maintains statistics for each mail routing destination,
which include the last successful/unsuccessful transfer time, total
number of messages routed, and the total number of failures.
Applies to: Servers
Default: None
UI equivalent: None
NOTES.INI File C-85

RTR_Logging
Syntax: RTR_Logging=value
Description: Enables or disables monitoring of Cluster Replicator
activity.
0 - Disables monitoring of the Cluster Replicator
1 - Enables monitoring of the Cluster Replicator
Applies to: Servers
Default: None
UI equivalent: None
Sched_Dialing_Enabled
Syntax: Sched_Dialing_Enabled=value
Description: Enables or disables dialing out to check Busy Time.
Use the following values:
0 - Disables dialing out to check Busy Time
1 - Enables dialing out to check Busy Time
Default: Dialing out to check Busy Time is disabled.
UI equivalent: None
Sched_Purge_Interval
Syntax: Sched_Purge_Interval=number of days
Description: Specifies how many days prior to the current day to keep
busytime data. A value of 0 means data is never purged.
Applies to: Servers
Default: 7
UI equivalent: None

Reference
Schedule_Check_Entries_When_Validating
Syntax: Schedule_Check_Entries_When_Validating=value
Description: Enables or disables whether SchedMgr validates its
busytime database entry on a user by user basis, as follows:
0 - Disables validation
1 - Enables validation
Validation should not be required under normal conditions.
Applies to: Servers
Default: 0
UI equivalent: None
Schedule_No_CalcStats
Syntax: Schedule_No_CalcStats=value
Description: Enables or disables whether SchedMgr updates/calculates
statistics on an hourly daily basis, as follows:
0 - Enables update/calculation
1 - Disables update/calculation
Applies to: Servers
Default: 0
UI equivalent: None
Schedule_No_Validate
Syntax: Schedule_No_Validate=value
Description: Enables or disables whether SchedMgr validates its
busytime database entry on a daily basis, as follows:
0 - Enables validation
1 - Disables validation
Validation should be enabled under normal conditions.
Applies to: Servers
Default: 0
UI equivalent: None
NOTES.INI File C-87

Schema_Daemon_Breaktime
Syntax: Schema_Daemon_Breaktime=number of seconds
Description: Specifies how often (in seconds) the schema daemon
spawned by the LDAP service checks if it should shut down because its
parent LDAP task is shutting down. In most situations there is no need to
change the breaktime interval. In rare situations, you might increase this
value as a way to free up CPU resources on a heavily used server.
Increasing the breaktime value also increases the time it takes the LDAP
service to shut down.
Applies to: Servers
Default: None, although without this setting, the schema daemon checks
the status of its parent LDAP task every 15 seconds.
UI equivalent: None
Schema_Daemon_Idletime
Syntax: Schema_Daemon_Idletime=number of minutes
Description: Specifies how long (in minutes) the schema daemon
spawned by the LDAP service remains idle after it has completed its
tasks. After the schema daemon has been idle for the specified interval, it
begins its tasks again.
Applies to: Servers
Default: None, although without this setting, the schema daemon
remains idle for 15 minutes.
UI equivalent: None
Schema_Daemon_Reloadtime
Syntax: Schema_Daemon_Reloadtime=number of hours
Description: Specifies how often (in hours) the schema daemon spawned
by the LDAP service adds schema elements for new or changed Domino
Directory forms and fields to its in-memory schema. This operation
occurs only on the administration server for the Domino Directory and
not on other servers in the domain that run the LDAP service.

Reference
Reloading in-memory schema to reflect new or changed Domino
Directory forms and fields is a CPU-intensive operation. You might set
different intervals for Schema_Daemon_Reloadtime and
Schema_Daemon_Resynctime so the two operations occur at different
times. Or you might increase the interval during periods when there are
no schema changes.
Schema_Daemon_Idletime, rather than Schema_Daemon_Reloadtime,
controls how often the schema daemon loads new schema elements
defined in the Domino LDAP Schema database into memory.
Applies to: Servers
Default: None, although without this setting the schema daemon reload
interval is 24 hours.
UI equivalent: None
Schema_Daemon_Resynctime
Syntax: Schema_Daemon_Resynctime=number of hours
Description: Specifies how often (in hours) the schema daemon spawned
by the LDAP service updates the schema published in the Domino LDAP
Schema database with a newer in-memory schema. This operation occurs
only on the Domino Directory administration server, and not other
servers in the domain that run the LDAP service.
Synchronizing the Schema database with in-memory schema is a
CPU-intensive operation. You might set different intervals for
Schema_Daemon_Reloadtime and Schema_Daemon_Resynctime so the
two operations occur at different times. Or you might increase the
interval during periods when there are no schema changes.
Applies to: Servers
Default: None, although without this setting the schema daemon resync
interval is 24 hours.
UI equivalent: None
NOTES.INI File C-89

Secure_Disable_FullAdmin
Syntax: Secure_Disable_FullAdmin=value
Description: Entering 1 disables the Full Access Administrators field in
the Server document, causing the server to ignore any entries in that
field.
1 - Disables the Full Access Administrators field in the Server
document
0 - Does not disable Full Access Administrators field in the Server
document
Applies to: Servers
Default: 0
UI equivalent: None
SecureMail
Syntax: SecureMail=value
Description: Entering 1 as the value forces the mail program to sign and
encrypt all mail sent from the workstation:
1 - Removes the Sign and Encrypt options from all dialog boxes
0 - Restores the Sign and Encrypt options
Default: None, although if this setting is omitted, the Sign and Encrypt
options appear
UI equivalent: File - Preferences - User Preferences - Mail - Encrypt sent
mail

Reference
Server_Availability_Threshold
Syntax: Server_Availability_Threshold=value
Description: Specifies the acceptable level of system resources available
to a server. By setting this value for each server in a cluster, you
determine how the workload is distributed among cluster members.
Valid values are 0 to 100. Domino compares this value against a server’s
availability index; when the availability index falls below the
Server_Availability_Threshold value, the server becomes BUSY.
A Server_Availability_Threshold value of zero (0) indicates a fully
available state and workload balancing is disabled; a value of 100
indicates the server is BUSY (since the availability index can never be
greater than 100) and the Cluster Manager then tries to redirect user
requests to more available cluster members.
Applies to: Servers
Default: 0
Domino Directory.
Server_Cluster_Default_Port
Syntax: Server_Cluster_Default_Port=portname
Description: Specifies the port used for intracluster network traffic. The
value should be a port name — for example, TCP — as specified in the
Ports tab of the Server document.
Applies to: Servers
Default: None
Domino Directory.
NOTES.INI File C-91

Server_Console_Password
Syntax: Server_Console_Password=encrypted_password
Description: For the encrypted_password to be written to this setting in the
NOTES.INI file, you must use the Set Configuration server command to
specify the password.
The password can be a combination of letters and numbers. When this
setting is added to the NOTES.INI file, Domino activates the Set Secure
command to secure the server console. The password provided should
be different from the administrator’s user password. If you forget the
console password, delete this setting from the NOTES.INI file, and then
re-specify a password.
Applies to: Servers
Default: None
UI equivalent: None
ServerKeyFileName
Syntax: ServerKeyFileName=ID_file
Description: Specifies the server ID file to use on a machine that runs
both the Notes workstation program and the Domino server program.
Then, you edit the NOTES.INI KeyFileName setting to specify your user
ID as the ID to use when you run the Notes workstation or API programs
on the server machine.
For more information, see the topic “KeyFileName” earlier in this
chapter.
Applies to: Servers
Default: None
UI equivalent: None

Reference
Server_Max_Concurrent_Trans
Syntax: Server_Max_Concurrent_Trans=number of transactions
Description: Sets the limit for the number of concurrently scheduled
transactions on a server. If you use this setting to set the maximum
number of concurrent transactions on partitioned servers, Lotus
recommends that the sum of the limits be 20 transactions or less. For
example, if you are running four partitioned servers on a computer, you
would set the limit for each partitioned server at five transactions.
Applies to: Servers
Default: None
UI equivalent: None
Server_MaxSessions
Syntax: Server_MaxSessions=number of sessions
Description: Specifies the maximum number of sessions that can run
concurrently on the server. To prevent server overload, decrease this
number if you set up multiple Replicators or Routers.
Applies to: Servers
Default: None
Domino Directory.
Server_MaxUsers
Syntax: Server_MaxUsers=number
Description: Sets the maximum number of users that are allowed to
access a server. When this number is reached, the server state becomes
MAXUSERS, and the server stops accepting new Database Open requests.
0 - Unlimited access to server by users
number - Restricts number of active users to the number you specify
NOTES.INI File C-93

Applies to: Servers
Default: None
Domino Directory.
ServerName
Syntax: ServerName=name
Description: Specifies the full hierarchical name of the server
Applies to: Servers
Default: None
UI equivalent: The Server Name field in the Server document.
ServerNoReplRequests
Syntax: ServerNoReplRequests=value
Description: Forces the server to refuse all replication requests from
other servers. When this feature is enabled, to replicate with this server,
the requesting server must perform pull-push replication:
0 - Accepts replication requests from other servers
1 - Refuses replication requests from other servers
Applies to: Servers
Default: None, although omitting this setting allows the server to accept
replication requests.
UI equivalent: None

Reference
ServerPullReplication
Syntax: ServerPullReplication=value
Description: Specifies that all scheduled replication initiated from this
server must be pull-push replication. This server will not replicate back
to the other server:
0 - Scheduled replication occurs normally (push-pull replication is
not forced)
1 - This server pulls changes from other servers, but other servers
cannot pull changes from this server
This setting affects only scheduled replication.
For example, to reduce the workload on a hub server, specify 1 for the
ServerPullReplication setting on all spoke servers in a hub-and-spoke
system.
Applies to: Servers
Default: None, although omitting this setting allows for normally
scheduled replication.
Domino Directory.
ServerPushReplication
Syntax: ServerPushReplication=value
Description: Specifies that all scheduled replication initiated from this
server must be push-pull replication. This server does not request that
the other server replicate back.
0 - Scheduled replication occurs normally (push-pull replication is
not forced)
1- Other servers pull changes from this server, but this server cannot
pull changes from other servers
Applies to: Servers
Default: None, although omitting this setting allows for normally
scheduled replication.
UI equivalent: None
NOTES.INI File C-95

Server_Restart_Delay
Syntax: Server_Restart_Delay=number of seconds
Description: Specifies the amount of time (in seconds) the server waits
before restarting with the ’restart server’ console command.
Applies to: Servers
Default: None, although by default, Domino waits 10 seconds.
UI equivalent: None
Server_Restricted
Syntax: Server_Restricted=value
Description: Enables or disables server access to a server. If access is
disabled, the server does not accept new Open Database requests.
0 - Server access is unrestricted
1 - Server access is restricted for the current server session. Restarting
the server clears the setting.
2 - Server access is restricted persistently, even after server restarts
Applies to: Servers
Default: None
Domino Directory.
Server_Session_Timeout
Syntax: Server_Session_Timeout=number of minutes
Description: Specifies the number of minutes of inactivity after which
the server automatically terminates network and mobile connections. The
minimum recommended setting is 30-45 minutes. A lower setting may
negatively impact server performance. The ideal setting depends on
factors such as server load and the number of concurrent users on the
server.

Reference
For mobile connections, XPC has its own internal time-out. If the XPC
time-out value is shorter than the Server_Session_Timeout value, the
XPC time-out takes precedence.
Applies to: Servers
terminates a session connection after 240 minutes of inactivity (four
hours).
Domino Directory.
Server_Show_Performance
Syntax: Server_Show_Performance=value
Description: Specifies whether or not server performance events are
displayed on the console.
1 - Displays server performance events on console
Applies to: Servers
Default: None
Domino Directory.
ServerTasks
Syntax: ServerTasks=name(s)
Description: Specifies the tasks that begin automatically at server startup
and continue until the server is shut down. For example:
ServerTasks=Replica, Router, Update, Stats, AMgr, Adminp, Sched,
CalConn, Event, Collect, MTC, RunJava ISpy
The server runs the Replicator, Router, Indexer, Stats, Agent Manager,
Administration Process, Schedule Manager, Calendar Connector, Event,
Collector, Mail Tracker Collector, and Mail Probe server tasks. Each task
increases the server’s load and may adversely affect server performance.
Note that RunJava ISpy is case sensitive and must be specified exactly as
shown.
NOTES.INI File C-97

Applies to: Servers
Default: Replica, Router, Update, Stats, AMgr, Adminp, Sched, CalConn,
Billing
UI equivalent: None
ServerTasksAthour
Syntax: ServerTasksAthour=name(s)
Description: Schedules automatic server and database maintenance
functions. Enter the time in 24-hour format, where 0 is 12 AM (midnight)
and 23 is 11 PM. For example:
ServerTasksAt3=Catalog
ServerTasksAt7=Updall
ServerTasksAt16=Catalog, Updall, Statlog
At 3 AM, the server runs the Catalog task. At 7 AM, the server runs the
Updall task. At 4 PM, the server runs the Catalog, Updall, and Statistics
tasks.
Applies to: Servers
Default:
ServerTasksAt1=Catalog, Design
ServerTasksAt2=Updall, Object Collect mailobj.nsf
ServerTasksAt3=Object Info -Full
ServerTasksAt5=Statlog
UI equivalent: None
Setup
Syntax: Setup=revision number
Description: Identifies the version number of the software. The setting is
used by the Install program to determine whether or not to run the Setup
program. This variable also provides an upgrade audit.
Default: None
UI equivalent: None

Reference
SetupDB
Syntax: SetupDB=setupweb.nsf
Description: Identifies the setup database for HTTP server setup mode.
This must always be setupweb.nsf. When this is included in NOTES.INI,
the administrator can start the server in HTTP server setup mode by
including the argument HTTPSetup when starting the server. If this
variable is missing, the server will not enter HTTP server setup mode.
Applies to: Servers
Default: None
UI equivalent: None
SetupServerAddress
Syntax: SetupServerAddress=address
Description: Identifies the address of the setup server. This can be either
a DNS name, or a telephone number (XPC or DUN) to connect to the
server. SetupServerAddress, together with SetupServerName, instruct
the Notes setup program to obtain setup information from the specified
server. If either variable is missing from NOTES.INI, the setup program
prompts the user for setup information.
Default: None
UI equivalent: None
SetupServerName
Syntax: SetupServerName=name
Description: Identifies the name of the setup server. SetupServerName,
together with SetupServerAddress, instructs the Notes setup program to
obtain setup information from the specified server. If either variable is
missing from NOTES.INI, the setup program prompts the user for setup
information.
Default: None
UI equivalent: None
NOTES.INI File C-99

Shared_Mail
Syntax: Shared_Mail=value
Description: Specifies whether the shared mail feature is used for new
mail delivered to this server:
0 - The shared mail feature is not used for new mail
1 - The shared mail feature is used for new mail delivered to this
server
2 - The shared mail feature is used for new mail delivered to this
server and for new mail transferred through this server
Applies to: Servers
Default: 0 (shared mail not used)
Domino Directory.
SMIME_Strong_Algorithm
Syntax: SMIME_Strong_Algorithm=value
Description: Specifies the encryption method for encrypting MIME
messages to recipients whose public keys are longer than 512 bits, but do
not have the special “strong encryption” flag in their certificates. Possible
values are:
RC2_40
RC2_56
RC2_64
RC2_80
RC2_128
RC5_5
RC5_7
RC5_10
RC5_16
DES
3DES

Reference
Default: None
UI equivalent: None
SMIME_Weak_Algorithm
Syntax: SMIME_Weak_Algorithm=value
Description: Specifies the encryption method for encrypting MIME
messages to recipients whose public keys are shorter than 512 bits.
Possible values are:
RC2_40
RC2_56
RC2_64
RC2_80
RC2_128
RC5_5
RC5_7
RC5_10
RC5_16
DES
3DES
Default: None
UI equivalent: None
SMTPAllHostsExternal
Syntax: SMTPAllHostsExternal=value
Description: Use this setting to determine whether all hosts should be
subject to the anti-spam controls specified for the server.
0 - Exempts internal hosts from anti-spam controls.
1 - Internal hosts included for anti-spam controls.
NOTES.INI File C-101

Applies to: Servers
Default: In the absence of the setting, any internal hosts would be
exempt from the controls.
UI equivalent: In the server’s Configuration Settings document, first
click the Router/SMTP tab, then the Restrictions and Controls tab, and
finally the SMTP Inbound Controls tab. In the Inbound Relay
Enforcement section’s “Perform Anti-Relay enforcement for these
connecting hosts” field, select “All connecting hosts” or “External hosts.”
SMTP_Config_Update_Interval
Syntax: SMTP_Config_Update_Interval=number of minutes
Description: Determines how often (in minutes) Domino checks to
determine whether the user has updated SMTP configuration
information. You can change Configuration documents while servers are
running. For the change to take effect, the server must periodically check
the Configuration document for changes. If the server discovers a
change, it rereads all settings. This setting lets you change the server’s
checking interval. A shorter time results in slightly higher overhead for
checking, but changes are noticed more quickly.
Applies to: Servers
Default: 2
UI equivalent: None
SMTPDebug
Syntax: SMTPDebug=value
Description: Controls the level of console logging performed by the
SMTP task.
0 - No logging
1 - Log errors
2 - Log Protocol commands
Applies to: Servers
Default: 0
UI equivalent: None

Reference
SMTPDebugIO
Syntax: SMTPDebugIO=value
Description: Enables the logging of all data received by the SMTP task:
0 - No logging
3 - Logs all data received by the SMTP task
Caution Use SMTPDebugIO only when necessary and disable it again
as soon as possible. It can cause the log file to grow very large, and logs
the contents of received messages.
Applies to: Servers
Default: 0
UI equivalent: None
SMTPExpandDNSBLStats
Syntax: SMTPExpandDNSBLStats=value
Description: Use this setting to generate DNS blacklist filter statistics for
each connecting host found in a DNS blacklist site.
0 - Host specific DNS blacklist filter statistics are not generated by
the SMTP server.
1 - SMTP server generates host specific DNS blacklist filter statistics
which indicate the total number of hits per DNSBL site, per
connecting host’s IP address.
Applies to: Servers
Default: In the absence of this setting, the SMTP task maintains statistics
that track the total number of connecting hosts that were found on the
combined DNSBL of all sites combined, as well as how many were found
on the DNSBL of each configured site.
UI equivalent: None

SMTPGreeting
Syntax: SMTPGreeting=string
Description: Specifies a text message sent to SMTP clients when they
connect to the SMTP server. The message must contain the string “%s”
which is replaced by the current date/time when the connection is made.
Applies to: Servers
Default: “host-name ESMTP Service (Lotus Domino build-name) ready
at %s”
UI equivalent: None
SMTPNotesPort
Syntax: SMTPNotesPort=port name
Description: Specifies the port for the SMTP service, where port name is the
name of the Domino port for TCP/IP. This is required for partitioned
servers, and single servers that have more than one TCP/IP port.
Applies to: Servers
Default: None
UI equivalent: None
SMTPNoVersionInRcvdHdr
Syntax: SMTPNoVersionInRcvdHdr=port name
Description: Use this setting to prevent Domino server product
information from being disclosed in SMTP Received headers.
0 - Domino-generated SMTP Received header will contain Domino
server product information, which includes the server version.
1 - Domino-generated SMTP Received header will not contain
Domino server product information.
Applies to: Servers
Default: In the absence of this setting, Received headers added by the
Domino server will include product information such as the server version.
UI equivalent: None

Reference
SMTPMaxForRecipients
Syntax: SMTPMaxForRecipients=number of addresses
Description: Determines how many addresses can be added when the
SMTP task adds received headers to messages received.
Applies to: Servers
Default: 0
UI equivalent: None
SMTPMTA_Space_Repl_Char
Syntax: SMTPMTA_Space_Repl_Char=character
Description: Specifies the character the SMTP MTA uses to replace
spaces in names. Choices are underline (_) or period (.). The following
restrictions apply to using periods as replacement characters:
• User names in the Domino Directory cannot contain periods. For
example, John R. Doe is not valid.
• You cannot use periods as the domain name separator if you
configure Domino domains to appear to the left of the @ sign in mail
addresses. If you do, a user name with periods replacing spaces can
be confused with domain names separated by periods.
Default: Underline
UI equivalent: None

SMTPRelayAllowHostsandDomains
Syntax: SMTPRelayAllowHostsandDomains=value
Description: Forces servers to abide by Domino 5 rules to resolve
conflicts between Allow and Deny list entries in the SMTP inbound relay
controls.
0 - Entries in the Allow field of the SMTP inbound relay controls take
precedence over entries in the Deny fields when there is a conflict
between them. For example, given the following entries:
Field Entry
Deny messages to be sent to the following external xyz.com
Internet domains
Allow messages only from the following Internet relay.abc.com
hosts to be sent to external Internet domains
the host relay.abc.com can always relay to any destination, including

destinations in the domain xyz.com.
1 - Entries in the Deny fields of the SMTP inbound relay controls take
precedence over entries in the Allow fields in the event of a conflict.
Using the preceding example, if you deny relays to xyz.com, the host
relay.abc.com cannot relay to the denied domain.
Applies to: Servers
Default: 0
UI equivalent: None
SMTPSaveImportErrors
Syntax: SMTPSaveImportErrors=value
Description: Specifies whether mail message import errors are recorded,
as follows:
0 - No messages are recorded.
1 - When an arriving message fails to be written as a note in
MAIL.BOX, Domino writes the data stream to a temporary directory,
and logs the name of the file.
2 - All arriving messages have their data streams written to the
temporary directory.

Reference
Note This feature can use a great deal of disk space because the saved
messages continue to accumulate until you delete them. Also, the content
of the messages is accessible to anyone with the privileges to read files in
the temporary directory.
Applies to: Servers
Default: 0
UI equivalent: None
SMTPStrict821AddressSyntax
Syntax: SMTPStrict821AddressSyntax=value
Description: Specifies whether the SMTP task requires addresses that
appear in MAIL FROM commands or RCPT TO commands be properly
formed according to the 821 standard (must contain <>):
0 - Does not enforce 821 standard
1 - Enforces 821 standard
Applies to: Servers
Default: 0
UI equivalent: None
SMTPStrict821LineSyntax
Syntax: SMTPStrict821LineSyntax=value
Description: Specifies whether the SMTP task requires all protocol text
be terminated by CRLF:
0 - 821 standard is not enforced (LF is accepted as a line terminator)
1 - 821 standard is enforced
Applies to: Servers
Default: 0
UI equivalent: None

SMTPTimeoutMultiplier
Syntax: SMTPTimeoutMultiplier=value
Description: Multiplies the SMTP time-out wait value by the specified
number. Each SMTP protocol exchange has a time-out wait value. If the
client does not respond within the time-out period, the connection is
broken. You can increase the time-out period by specifying a multiplier
value. For example, a value of 2 doubles all time-out periods.
Applies to: Servers
Default: 1
UI equivalent: None
SSLCipherSpec
Syntax: SSLCipherSpec=value1value2value3...
Description: (SSL users only) Determines which SSL-compliant cipher to
use to encrypt files on the server. Specification numbers correspond to
the following ciphers:
Cipher specification value Cipher

01 SSL_RSA_WITH_NULL_MD5
02 SSL_RSA_WITH_NULL_SHA
03 SSL_RSA_EXPORT_WITH_RC4_40_MD5
04 SSL_RSA_WITH_RC4_128_MD5
5 SSL_RSA_WITH_RC4_128_SHA
06 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
09 SSL_RSA_WITH_DES_CBC_SHA
0A SSL_RSA_WITH_3DES_EDE_CBC_SHA
0B SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
0C SSL_DH_anon_WITH_RC4_128_MD5
0D SSL_DH_anon_WITH_DES_CBC_SHA
To enter multiple ciphers, enter each cipher specification value, including

leading zeros. Do not include spaces between values. For example:
SSLCipherSpec=01020A
Note Specifying a 128-bit cipher for a server with an international
license has no effect.

Reference
Applies to: Servers
Default: None
UI equivalent: SSL ciphers field for each Internet protocol in the Ports -
Internet Ports of the Server document. The settings in this field are
overridden by the SSLCipherSpec NOTES.INI setting.
SSL_Resumable_Sessions
Syntax: SSL_Resumable_Sessions=number of sessions cached
Description: Specifies the number of resumable SSL sessions that will be
cached on the server. Setting this variable to 1 disables SSL session
resumption on the server.
Applies to: Servers
Default: 50
UI equivalent: None
SSL_Trace_KeyFileRead
Syntax: SSL_Trace_KeyFileRead=value
Description: Enables viewing of information on the current keyring in
use on a Domino server. To enable viewing, set SSL_Trace_KeyFileRead
to a value of 1. This enables viewing of protocols other than HTTP to see
if there is a valid keyring file present in the server’s Server document or
Internet site documents from the server console.
Applies to: Servers
Default: None
UI equivalent: None
SwapPath
Syntax: SwapPath=location
Description: Specifies the location of the server’s swap file. If this setting
exists in the NOTES.INI file, the Reporter or Collector server task uses
this location for the Server.Path.Swap statistic.
Applies to: Servers

Default: None
Domino Directory.
TCP_EnableIPV6
Syntax: TCP_EnableIPV6=value
Description: Use this setting to enable Domino for IPv6.
0 - disables the feature
1 - enables the feature
Applies to: Servers
Default: None, but in the absence of the setting, IPV6 is disabled.
UI equivalent: None
TCP/IPportname_PortMappingNN
Syntax: TCP/IPportname_PortMappingNN=CN=servername/
O=organization,IPaddress:TCP/IP portnumber
Description: Specifies the TCP/IP port number of each partitioned
server sharing the IP address of the port mapping server. TCP/IPportname
is the name of the TCP/IP port which is specified in the NOTES.INI file
by the settings Ports=TCPIP. This entry is only valid in the NOTES.INI
file of the port mapper server. NN is any number from 00, 01, 02, and so
on to 99; only 00 to 04 are currently supported. Numbers must be
assigned in ascending order as an invalid break in the number sequence
causes subsequent entries in the NOTES.INI file to be ignored.
For example:
TCP/IPportname
_PortMapping00=CN=Server1/O=ACME,192.94.222.169:13520
TCP/IPportname
TCP/IPportname
The last number is the port number assigned to each partitioned server.
This number must be an available number as specified in Assigned
Numbers RFC 1340.

Reference
Applies to: Servers
Default: None
UI equivalent: None
TCP/IPportname_TCPIPAddress
Syntax: TCP/IPportname_TCPIPAddress=0,IPaddress:TCP/IP portnumber
Description: Defines the IP address and port number for a Domino
server. TCP/IPportname is the name of the TCP/IP port which is specified
in the NOTES.INI file by the setting Ports=TCPIP. For example:
TCP/IPportname_TCPIPAddress=0,192.94.222.169:1352
Applies to: Servers
Default: None
UI equivalent: None
Temp_Index_Max_Doc
Syntax: Temp_Index_Max_Doc=number of entries
Description: Specifies the maximum number of results (up to
2147483647) that can be retrieved at one time—by an agent running on a
server—on a database without any index. For example, specifying
Temp_Index_Max_Doc=10000
allows a single NotesDatabase or NotesDocumentCollection “FTSearch”
running on a server to return up to 10000 entries.
To use the Temp_Index_Max_Doc setting for an agent running on a
server, you must also use the FT_Max_Search_Results setting and specify
the same value, for example
FT_Max_Search_Results=10000
For information on the FT_Max_Search_Results setting, see the topic
“FT_Max_Search_Results” earlier in this chapter.
Applies to: Servers
Default: 5000
UI equivalent: None

TimeZone
Syntax: TimeZone=value
Description: Specifies the time zone for a server or workstation. Time
zones begin at Greenwich, England (0 = Greenwich Mean Time) and
move westward around the world. The time zones can be 15, 30, 45, or 60
minutes apart (not all zones are an hour apart). For example:
TimeZone=8
TimeZone=0
Specifies Pacific Standard Time (8) and Greenwich Mean Time (0).
Default: Defined during the workstation or server Setup procedure.
UI equivalent: On a workstation, the Local time zone field in the
Location document; on a server, the Local time zone field in the Server
document.
Topology_WorkInterval
Syntax: Topology_WorkInterval=number of hours
Description: Use this setting to specify how often the Maps server add-in
task updates the topology map data in the Domino Directory. Once set, it
will refresh n hours after the maps add-in program is started, and every
n hours after that.
Note You should not use the setting to refresh too frequently, because
the map data is stored in your Domino Directory and updates are
Applies to: Servers
Default: None, however the Topology maps task normally refreshes
topology information once a day, every night at 2 AM.
UI equivalent: None

Reference
TransLog_MaxSize
Syntax: TransLog_MaxSize=number of megabytes
Description: The maximum size, in MB, for the transaction log. A value
of at least 192 MB is recommended. If you don’t specify a value, the
system determines a log size approximately three times the size of the
server’s RAM.
Applies to: Servers
Default: None
UI equivalent: “Maximum log space” field in the Transactional Logging
tab of the Server document.
TransLog_Path
Syntax: TransLog_Path=path
Description: Specifies the path to the transaction log. The default
location is \logdir in the server’s data directory. However, it is strongly
recommended to store the transaction log on a separate mirrored device,
such as a RAID level 0 or 1 device with a dedicated controller. If you
change this field and have an existing transaction log, you must use the
operating system to move all the log files to the new log path.
Applies to: Servers
Default: logdir in the server’s data directory, for example c:\data\logdir
UI equivalent: “Log path” field in the Transactional Logging tab of the
Server document.
TransLog_Performance
Syntax: TransLog_Performance=value
Description: Specifies the trade-off between transactional log runtime
and restart recovery time, as follows:
1 - Favor runtime. The system stores more database changes in
memory writes fewer changes to the transaction log. Fewer writes to
disk improves server runtime.
2 - Standard (default)

3 - Favor restart recovery time. The system stores fewer database
changes in memory and writes more changes to the transaction log.
More writes to the transaction log improves restart recovery time.
Applies to: Servers
Default: 2
UI equivalent: “Runtime/Restart performance” field in the
Transactional Logging tab of the Server document.
TransLog_Status
Syntax: TransLog_Status=value
Description: Enables transaction logging for all Domino 5 databases on
the server, as follows:
0 - Transactional logging disabled
1 - Transactional logging enabled
You must upgrade databases to Domino 5 format before they can use
transaction logging.
Applies to: Servers
Default: 0
UI equivalent: “Transactional logging” field in the Transactional
Logging tab of the Server document.
TransLog_Style
Syntax: TransLog_Style=value
Description: Specifies the type of transaction logging. Options are as
follows:
0 - Circular (default). The system continuously reuses the extent log
files, overwriting old transactions.
1 - Archive. The system does not reuse extent log files and allows
you to use a backup utility to archive log files. This is recommended.
Applies to: Servers
Default: 0
UI equivalent: “Logging style” field in the Transactional Logging tab of
the Server document.

Reference
TransLog_UseAll
Syntax: TransLog_UseAll=value
Description: Specifies whether or not to use all available disk space on
the log device, as follows:
0 - The system uses the default or specified value in
“TransLog_MaxSize”
1 - Use all available space on the disk for the transaction log extent.
This is recommended if you use a separate device dedicated to
storing the extent.
Applies to: Servers
Default: 0
UI equivalent: “Use all available space on log device” field in the
Transactional Logging tab of the Server document.
Update_No_BRP_Files
Syntax: Update_No_BRP_Files=value
Description: Determines whether or not the Fixup task creates BRP files.
When set to 1, the Fixup task will not create a BRP file when it encounters
an error in a view index.
Applies to: Servers
Default: None
UI equivalent: None
Update_No_Fulltext
Syntax: Update_No_Fulltext=value
Description: Turns off full-text indexing on a server.
0 - Turns full-text indexing on
1 - Turns full-text indexing off
Applies to: Servers
Default: None, although if this setting is omitted, full-text indexing is on.
Domino Directory.

Updaters
Syntax: Updaters=number of tasks
Description: Specifies the number of Update server tasks that can run
concurrently on the server. You must shut down and restart the server
for this setting to take effect.
Applies to: Servers
Default: None, although if this setting is omitted, only a single Update
task can run at a time.
Domino Directory.
Update_Suppression_Limit
Syntax: Update_Suppression_Limit=value
Description: Overrides the NOTES.INI Update_Suppression_Time
setting if a certain number of duplicate requests to update indexes and
views are received.
Applies to: Servers
Default: None
Domino Directory.
Update_Suppression_Time
Syntax: Update_Suppression_Time=number of minutes
Description: Specifies the delay time between full-text index and view
updates, even if immediate indexing is scheduled as a server task.
Applies to: Servers
Default: 5
Domino Directory.

Reference
UpgradeApps
Syntax: UpgradeApps=filename1, filename2, filename3...
Description: Specifies custom upgrade applications for migrating users
to Notes. Domino 5 includes four upgrade applications for migrating
users to Notes, one each for cc:Mail, Windows NT, Exchange, and LDIF.
In addition, you can use UpgradeApps to add one or more custom
upgrade applications (DLL files) to the Registration dialog. Use commas
to separate multiple names. Specified files must reside in the Notes
program directory. UpgradeApps does not affect the upgrade
applications that ship with Domino.
Applies to: Servers
Default: None
UI equivalent: None
UseFontMapper
Syntax: UseFontMapper=value
Description: Determines whether the font mapper is used to guess the
closest mappings between the font face name in a CGM metafile and the
currently installed fonts on a Notes workstation.
1 - Enables the font mapper
0 - Disables the font mapper
Default: 1
UI equivalent: None

ViewExpnumber
Syntax: ViewExpnumber=value1, value2...
Description: Specifies parameters to be used by file exports done at the
view level.
Parameter Enter
value1 Program name and file type
value2 The following append options:
0 - No append option offered
1 - Append option offered through a dialog box
2 - Automatically write to a temporary file to avoid the 64K limit
value3 Name of the export routine called
value5 - x File extensions to automatically select a file type in the File Export
dialog box

Default: None
UI equivalent: None
ViewImpnumber
Syntax: ViewImpnumber=value1, value2...
Description: Specifies parameters to be used by file imports done at the
view level.
Parameter Enter
value1 Program name and version
value2 Not used, always 0
value3 Name of the import routine called
value5 - x File extensions to automatically select a file type in the File Import
dialog box

Default: None
UI equivalent: None

Reference
View_Rebuild_Dir
Syntax: View_Rebuild_Dir=path
Description: Specifies the directory where temporary files will be created
for optimized view rebuilds.
For example, to set the directory to my_view_rebuild_directory, enter the
following line in the NOTES.INI file:
View_Rebuild_Dir=c:\my_view_rebuild_directory
Applies to: Servers

Default: None, but in the absence of this setting, the system’s temporary
storage directory (specified by the TEMP or TMP environment variables)
is used.
UI equivalent: None
WebAuth_Verbose_Trace
Syntax: WebAuth_Verbose_Trace=value
Description: Use this setting to troubleshoot problems with Web server
user authentication and Web server group searches for database access
verification. With the setting enabled, a Domino Web server records
detailed information about specific Web user authentication sessions at
the server console. Information includes authentication success or failure,
group cache information used to verify Web users’ membership in
groups for database access control, and the search filters used to find
user and group entries in an LDAP directory.
0 - Disabled
1 - Enabled
Note After you correct the problem, be sure to disable this feature (or
remove the setting altogether), because it slows Web server performance.
Applies to: Servers
Default: None
UI equivalent: None

WebSess_Verbose_Trace
Syntax: WebSess_Verbose_Trace=value
Description: This setting should be used to troubleshoot both single
server and multi-server (as in single sign-on) session-based
authentication problems. When enabled, the setting allows a Domino
Web server to record, at the server console, detailed information about
specific Web session-based authentication sessions, such as
unauthorized, unauthenticated, or session expiration information.
0 - Disabled
1 - Enabled
Note After you correct the problem, be sure to disable this feature (or
remove the setting altogether), because it slows Web server performance.
Applies to: Servers
Default: None
UI equivalent: None
Window_Title
Syntax: Window_Title=text
Description: Uses the specified text on the title bar.
Default: None
UI equivalent: None
WinInfoboxPos
Syntax: WinInfoboxPos=value1, value2
Description: Determines the position of the InfoBox.
Default: 85, 193
UI equivalent: None

Reference
WinSysFontnumber
Syntax: WinSysFontnumber=value1, value2, value3
Description: All CGM metafiles contain numeric font identifiers 1
through x, where x is the maximum number of fonts in an optional CGM
font face name table. When the font mapper is disabled, these lines list
the installed Windows system fonts to which the CGM font numbers are
mapped.
Default: None
UI equivalent: None
XPC_Console
Syntax: XPC_Console=value
Description: Displays the XPC console, which shows modem
input/output (if logged).
1 - Displays the console
0 - Hides the console
Default: 0
UI equivalent: None

Reference
Appendix D
System and Application Templates
This appendix describes all system and application templates.
System and application templates

These are templates that the setup program, servers, and administrators
use to create system and application databases. When you create a new
database, some of these templates do not appear in the template list
unless you choose “Show advanced templates.” Most templates have a
file extension of .NTF.
For more information on creating databases from templates, see
Template title and file Template name Purpose

name
Activity Trends (6) StdActivityTrends Records and reports statistics that
ACTIVITY.NTF Database portray the activity of users (clients)
against the databases on the Domino
server where this database resides.
Administration StdR4Admin Tracks and records Administration
Requests (6) Requests Process requests and processes.
ADMIN4.NTF
Agent Log StdR4AgentLog Lists actions and errors that occur
ALOG4.NTF when a LotusScript program that
uses the NotesLog class runs.
Archive Log (6) StdR50ArchiveLog Logs information about all archived
ARCHLG50.NTF databases and contains information
about the number of documents
archived, the source database, and
the archive database.
Billing StdR4Billing Records and stores billing
BILLING.NTF information about activity on a
Domino server.
Bookmarks (6) Bookmarks Opens a user’s databases and links.
BOOKMARK.NTF
continued
D-1
name
Catalog (6) StdNotesCatalog Records and stores information
CATALOG6.NTF about the databases on a Domino
server.
Certificate StdCertificate Acts as a front-end to a single
Requests (6) Requests CA-process Internet certifier,
CERTREQ.NTF implementing a Web-based UI for
browser users to request client
certificates for their browser or
other internet client, and a Notes UI
for creating server key rings for
SSL-enabled Domino servers.
Certification Log StdNotes Maintains records of certified Notes
CERTLOG.NTF CertificationLog IDs in a Notes community.
Cluster Analysis (6) StdR4Cluster Generates reports about the cluster
CLUSTA4.NTF Analysis configuration to verify if the cluster
was configured correctly; locates
problems with the configuration.
Cluster Directory (6) STDR4Cluster Records and stores information
CLDBDIR4.NTF Directory about databases in a server cluster.
Database Analysis StdR4DBAnalysis Stores the results of a single
DBA4.NTF database analysis.
Database Library StdR4DatabaseLib Contains a list of public databases to
DBLIB4.NTF which users can request access.
Decommission Server StdNotes Produces reports to help
Reports Decommission decommission one server and
DECOMSRV.NTF Server replace it with a server that is
already set up.
DECS Administrator DECS Configures real-time back-end
Template Administrator connectivity between Domino and
DECSADM.NTF Template external systems when using the
DECS (Domino Enterprise
Connection Services) add-in task.
Design Synopsis DesignSynopsis Stores the results from a design
DSGNSYN.NTF synopsis of a database.
Directory StdMasterAddress Provides directory assistance to
Assistance (6) Book4.5 multiple directories.
DA50.NTF
continued
D-2 Administering the Domino System, Volume 2

Reference
name
Directory Catalog Lightweight Helps to configure and build a
DIRCAT5.NTF Directory directory catalog, which compresses
user and group entries from one or
more Domino Directories into a
single database.
Discussion - Notes & StdR50Disc Provides an electronic conference
Web (6) room for threaded discussions;
DISCSW6.NTF includes built-in user profiles that
allow automatic mailing of links to
items of interest; allows for
anonymous responses, archiving,
and public/private threads.
Doc Library - Notes & StdR50WebDocLib Provides document storage and
Web (R6) allows for review workflow (serial
DOCLBW6.NTF and parallel) and archiving.
DOLS Administration DOLS Admin 1.0 Lets you configure any Domino
Template application so that users can
DOLADMIN.NTF download the application for offline
use.
DOLS Resource DOLS Resource Lets you configure any Domino
Template Template 1.0 application so that users can
DOLRES.NTF download the application for offline
use.
Domino StdAdminDatabase Contains some necessary
Administrator (6) user-interface elements for the
DOMADMIN.NTF Domino Administrator; do not
change this system template.
Domino Certificate StdNotes50SSL Sets up an internal certification
Authority (6) Auth authority for use with SSL.
CCA50.NTF
Domino Certificate StdCertPub Lets you request publication of an
Publication Requests SSL client certificate under an entry
Requests (6) in the address book.
CERTPUB.NTF
Domino Change DominoChange Used by the Domino Change
Control (6) Control Manager process to manage and
DOMCHANGE.NTF execute change control plans. It
includes an approval cycle
workflow and tight integration with
the Administration Process.
continued
System and Application Templates D-3

name
Domino Directory StdR4Public Provides a repository that stores
PUBNAMES.NTF AddressBook user, server, connection, and access
control information.
Domino Directory StdDbDirMan Contains cache times for each
Cache (6) database in the server’s data
DBDIRMAN.NTF directory.
Domino LDAP StdDominoLDAP Provides information about the
Schema (6) Schema attributes, object classes, and
SCHEMA.NTF syntaxes supported by the Domino
LDAP schema in an user-friendly
format.
Domino MailTracker MailTrackerStore Contains information (originators,
Store (6) recipients, arrival times, and status)
MTSTORE.NTF about messages the server
processes.
Domino Web StdWebAdmin Creates a database that allows
Administrator (6) Database administrators to use a browser to
WEBADMIN.NTF administer databases.
Domino Web Server StdR5Domino Holds custom error pages for use
Configuration (6) WebServer with the Web server.
DOMCFG.NTF Configuration
Domino Web Server Domino Web Logs information about activities on
Log (6) Server Log a Domino Web server.
DOMLOG.NTF Template
Extended Mail (R6) ExtR6Mail Can be used to create a mail
MAIL6EX.NTF database either on a local computer
or on a server. Mail databases
created from this template are best
used by Notes, Intranet, or Internet
clients.
continued

Reference
name
Health Monitoring StdDominoHealth Contains the Health Reports
DOMMON.NTF Monitor generated by Server Health
Monitoring. Domino configuration
and performance is periodically
evaluated and recorded as health
reports and health statistics.
Recommendations on how to
correct poor server behavior are
issued when appropriate. The
configuration documents in this
database can be used to customize
the health evaluation.
Issued Certificates Issued Certificates A record of the certificates issued by
List (6) List a single certifier. Can be used by a
ICL.NTF CA Administrator to revoke
certificates.
Local Document NotesDocCache Creates a user’s local document
Cache cache database, which stores
CACHE.NTF documents that the user opens and
provides fast retrieval of documents
previously opened.
Local free time info BusyTime Manages time allotment for the
BUSYTIME.NTF calendar and scheduling features.
Lotus SmartSuite StdSmartSuiteR6 Gives Notes users the ability to
Library (6) DocLib create and save documents using
DOCLBS6.NTF Lotus SmartSuite Word Pro, 1-2-3,
Freelance, or Paintbrush, without
leaving Notes.
Mail Journaling (6) StdMailJournaling Stores copies of messages that pass
MAILJRN.NTF through the router. This is a system
database; therefore, the messages
are saved per server, not per user.
Mail Router StdNotesMailbox Stores mail from a user that is in
Mailbox (6) route from one user to another user.
MAILBOX.NTF
Mail (IMAP) StdR50IMail Creates a proxy database that
IMAPCL5.NTF allows clients to interact using
IMAP mail.
Mail (R6) StdR56Mail Creates the standard mail databases
MAIL6.NTF used by Notes mail users.
continued

name
Message Tracking StdReports Creates reports that measure mail
Reports (6) Database message statistics or usage patterns.
REPORTS.NTF
Microsoft Office StdR46DocLibMS Automatically loads and sizes the
Library (6) OLE object to the window; stores
DOCLBM6.NTF and supports review cycles of
documents created with Microsoft
Office products.
Monitoring StdR5Events Stores configuration records for
Configuration (6) statistics reporting and monitoring
EVENTS4.NTF tools and stores a listing of server
messages.
Monitoring Results (6) StdR5StatReport Records information about the
STATREP5.NTF activity on one or more Domino
servers.
News Articles (6) StdR60NNTP Creates databases on clients to
NNTPCL5.NTF Client interact with NNTP news sites.
NNTP Cross-Post StdR46NNTP Stores and posts articles to multiple
NNTPPOST.NTF PostBox newsgroups at a scheduled interval.
NNTP Discussion (6) StdR5.0NNTPDisc Creates newsgroup discussion
NNTPDI50.NTF databases that the NNTP server
uses.
Notes Log StdNotesLog Stores information about activities
LOG.NTF on a Domino server or a Notes
workstation.
Notes Log StdR4LogAnalysis Creates a results database that
Analysis (6) contains one view, Log Events, that
LOGA4.NTF is categorized by server. Shows the
date and time of events, the source
(event or console message), and the
text of messages. Does not display
times for server console messages.
NT/Migrating Users’ StdNotesNewUser Stores randomly generated
Passwords Passwords passwords created when
NTSYNC45.NTF administrators register Notes users
from Windows NT.
continued

Reference
name
Personal Address StdR4Personal Creates a client database that stores
Book AddressBook information about connecting to
PERNAMES.NTF servers on a network or from a
remote site. The database also
maintains personal mailing lists.
Personal Journal (R6) StdR4Journal Creates a personal journal database
JOURNAL6.NTF where users keep private
documents.
Personal Web StdR50Personal Creates a Personal Web Navigator
Navigator (6) WebNavigator database to access the Internet
PERWEB50.NTF directly from a client.
Phonebook (6) StdPhonebook Provides information about the best
PHONEBOOK.NTF local phone number to use to
connect to a server from anywhere
in the world.
Policy Synopsis (6) StdPolicySynopsis Creates a result database for policy
POLCYSYN.NTF information generated by the Policy
Synopsis tool.
Resource StdR60Resource Contains inventory and schedule
Reservations (6) Reservation information on meeting resources,
RESRC60.NTF such as conference rooms and
equipment.
Search Site (6) StdNotesSearchSite Creates a database used when
SRCHSITE.NTF performing text searches on a
specified set of databases.
Server Certificate StdNotes50SSL Requests server certificates from
Admin Admin either a Domino or a third-party
CSRV50.NTF certificate authority (CA). Also
stores CA certificates and manages
server certificates.
Server Web Navigator StdR50Web The server add-in program
(R5.0) Navigator WEB.EXE uses this template to
PUBWEB50.NTF create the server navigator database
that gives Notes users access to the
Web. The database stores Internet
documents before workstations
retrieve them.
Server.Planner: Server.Planner: Stores completed Server.Planner
Analyst Analyst queries and stores results associated
DSPA.NTF with those queries.
continued

name
Server.Planner: Server.Planner: Stores information resulting from
Decision Maker Decision Maker the Server.Planner Analyst Query,
DSPD.NTF including recommended
configuration(s).
Server.Planner: Server.Planner: Stores machine configuration
Vendor Vendor information and stores performance
DSPV.NTF results from NotesBench workloads.
Smart Upgrade StdNotesKits Repository for Smart Upgrade kits
Kits (6) within a Domino domain. The
smupgrade.ntf system administrator places Smart
Upgrade kits into this database in
order to make them available to
clients. Lotus Notes 6 detects new
Update kits and automatically
upgrades itself.
Subscriptions (6) StdNotesHeadlines Allows users to subscribe to various
HEADLINE.NTF 5.0 databases or Web sites and receive
updates on them.
TeamRoom (6) StdR6TeamRoom Creates structured, limited
TEAMRM6.NTF timeframe discussion databases;
useful for short-term projects or
team-oriented activity that requires
a special format.
User Registration StdUser Creates the User Registration Queue
Queue (6) RegistrationQueue database that stores information on
USERREG.NTF Notes users pending registration.

Reference
Appendix E
Customizing the Domino Directory
This appendix describes how to customize the Domino Directory

template, which controls the appearance and functionality of the Domino
Directory. Because the Domino Directory controls the operation of the
Domino system, follow the instructions in this appendix exactly to ensure
that the system continues to operate successfully.
The Domino Directory template

The default Domino Directory template (PUBNAMES.NTF) controls the
appearance and functionality of the Domino Directory database
(NAMES.NSF). Domino uses the forms and settings in the default
Domino Directory template to control features — for example, mail,
server tasks, and access control — and to store critical information that
manages server connections, mail routing, and system configuration.
Using the default Domino Directory template ensures that all Domino
features work properly. However, you may want to customize the
Domino Directory to suit the needs of your organization. If you
customize the Domino Directory template, you must follow specific rules
and procedures to get exactly the look you want without jeopardizing the
performance of the system and/or losing the customizations when you
upgrade to a new version of the default Domino Directory template.
To ensure that your customizations do not disable your system,
customize a copy of the default Domino Directory template. Then, if you
make a mistake, you can easily revert to the default Domino Directory
template.
You must use the Domino Designer or write a Notes API program to
customize the Domino Directory. For more information on writing Notes
API programs, see the Domino database “Lotus C API Toolkit for
Notes/Domino 6” which is available at www.lotus.com/ldd.
Customizing the Domino Directory requires Designer or Manager access
in the ACL of the Domino Directory.
E-1
Rules for customizing the Domino Directory
To avoid rendering Domino inoperable, follow these rules when you
customize the Domino Directory.
For more information on designing views, fields, and forms, see
Default hidden views

Do not change the hidden views that come with the Domino Directory.
Do not change view names, selection formulas, column formulas, or
column positions of these hidden views. Do not insert or delete columns
in the hidden views. A view name enclosed in parentheses ( ) indicates a
hidden view.
Default visible views

You can change any visible view that comes with the Domino Directory.
However, when you upgrade to a new version of the default Domino
Directory template, you must recreate or reapply your customizations.
New views
You can add new hidden views and new visible views. However, new
views might have an impact on the performance of both the Domino
Directory and the server.
Default fields
Do not change formulas, data types, multi-value settings, and keyword
choices for default directory fields. You can change the format of the
fields, including changing font, size, and color. You can relocate fields, as
long as fields that, by default, have a constraint — for example, a field
that contains a formula that depends on a value in the field above it —
maintain their relative placement. If you reformat or relocate default
directory fields, you must re-create your customizations when you
upgrade to a new version of the default Domino Directory template.
New fields
To add fields to a default form that comes with the Domino Directory,
create a subform that contains the new fields. If the default form has a
corresponding $xxxExtensibleSchema subform, insert the subform you
create into the $xxxExtensibleSchema subform. For example, to add
fields to the Person form, insert a new subform into the
$PersonExtensibleSchema subform. If you use an $xxxExtensibleSchema
subform and you later upgrade to a new version of the default Domino
Directory template, Domino preserves your customizations
automatically.
E-2 Administering the Domino System, Volume 2

Reference
If a default form to which you want to add fields does not have a
corresponding $xxxExtensibleSchema subform, insert the subform you
create directly into the form. In this case, you must insert the subform
into the form again after you upgrade to a new version of the default
Domino Directory template. When you insert a new subform directly
into a default form, choose the Design property “Prohibit design refresh
or replace to modify.”
You can also use an $xxxExtensibleSchema subform as part of defining a
new LDAP auxiliary object class in the LDAP schema.
Default forms
Do not change the names of the forms that come with the Domino
Directory. You can add aliases, which are duplicate names. An alias
appears in the Form Properties box to the right of the form name and is
preceded by a vertical bar. It’s best to add a new alias rather than edit an
existing one. By doing so, programs that use the existing alias continue to
work properly. If you add or edit an alias, when you upgrade to a new
version of the default Domino Directory template, you must re-create
your customizations.
To hide a section of an existing form, select the section in the form,
choose Text - Text Properties, click the Hide tab (the fifth tab from the
left) and select appropriate hide options. If you later upgrade your
company’s Domino Directory with a new version of the default Domino
Directory template, you must repeat this step. If you hide a section of an
existing form, select the form, choose Design - Design Properties, click
the Design tab, and make sure “Prohibit design refresh or replace to
modify” is selected.
New forms
You can create new forms. If you want documents created from the
forms to be LDAP-accessible, you must follow a specific procedure to
create the forms.
For more information, see the topic “Using the Domino Directory to
extend the LDAP schema” later in the chapter.
Database icon
You can change the icon.
New LDAP schema elements

To add schema elements to the Domino LDAP schema, you can create
forms and subforms in the Domino Directory. However, the
recommended way to extend the schema is to use the Domino LDAP
Schema database (SCHEMA.NSF). The Schema database provides an
easy-to-use interface for extending the schema, has built-in
Customizing the Domino Directory E-3

error-checking that ensures valid schema elements, simplifies the
creation of complex object class structures, and offers other advantages
as well.
The only reason to use the Domino Directory to extend the schema is if
Notes or Web users require access to entries associated with the new
schema elements through documents in the directory. If only LDAP
access to entries created from the new schema elements is required, use
the Domino LDAP Schema database to extend the schema.
For information on using the Domino Directory to extend the schema, see
the topic “Using the Domino Directory to extend the schema” later in this
chapter. For more information on the LDAP schema and on using the
Schema database to extend the schema, see the chapter “Managing the
LDAP Schema.”
To extend the LDAP schema using the Domino Directory, you can add a
new LDAP structural object class by creating a form and related
subforms, create a new LDAP auxiliary object class by creating a subform,
and define LDAP attributes for a new object class by creating fields.
Customizing the Domino Directory template

To customize the Domino Directory template, perform these procedures:
1. Create a copy of the Domino Directory template (PUBNAMES.NTF).
2. Review the rules for customizing the Domino Directory.
3. Customize a visible view.
4. Use the Domino Directory to extend the schema.
Note Using the Domino LDAP Schema database, rather than the
Domino Directory, is the recommended method for extending the
schema.
5. Apply customizations to the Domino Directory (NAMES.NSF).
Creating a copy of the Domino Directory template

Never customize the default Domino Directory template
(PUBNAMES.NTF). Instead, create a copy of the default Domino
Directory template and then customize the copy.
In the following steps, Acme’s Domino Directory, ACMENAMES.NTF,
and StdAcmeDominoDirectory are used as the title, file name, and
template name, respectively, for the copy of the Domino Directory

Reference
template. Where Acme appears, substitute a name that relates to your
company.
1. Choose File - Database - New.
2. Select a server to store the new template.
3. In the Title field, enter:
Acme's Domino Directory
4. In the File Name field, enter:

ACMENAMES.NTF
5. Click Template Server and select a server that stores the default
Domino Directory template (PUBNAMES.NTF).
6. Click “Show advanced templates.”
7. Choose Domino Directory (PUBNAMES.NTF) from the list of
templates.
8. Ensure that the “Inherit future design changes” field is checked.
Then when a new version of the default Domino Directory template
becomes available, ACMENAMES.NTF will inherit the design
changes.
9. Click OK. Acme’s Domino Directory template is now open.
10. Choose File - Database - Properties, and then click the Design tab
(fourth tab from the left).
11. Choose “Database file is a master template,” and then in the
Template name field, enter the template name:
StdAcmeDominoDirectory
12. Close the Properties box.
Customizing a visible view in the Domino Directory

Depending on how extensive your changes to the view will be, you can
customize the view or a copy of the view. If your changes will be
minimal, customize the view. Then when you upgrade to a new version
of the default Domino Directory template, you must re-create the
customizations. If your changes will be extensive, customize a copy of
the view. Then when you upgrade to a new version of the Domino
Directory template, you need only to reapply the customizations.
These steps use ACMENAMES.NTF as the file name for the copy of the
Domino Directory template. Where ACMENAMES.NTF appears,
substitute the file name of the copy of the Domino Directory template
you created.

For more information on designing views, see the book Application
To make minimal changes directly to the view

1. Make sure that you are working in a copy of the default Domino
Directory template (ACMENAMES.NTF) and that you have
Designer or Manager access in the Domino Directory ACL.
2. From the Domino Designer, customize a visible view in
ACMENAMES.NTF.
3. Select the view, choose File - Document Properties, click the Design
tab (third tab from the left), then select “Prohibit design refresh or
replace to modify.”
4. Make any other directory customizations, and then complete the
procedure “Applying template customizations to the Domino
Directory database.”
To make extensive changes to a copy of the view

1. Make sure that you are working in a copy of the default Domino
Directory template (ACMENAMES.NTF) and that you have
Designer or Manager access in the Domino Directory ACL.
2. From the Domino Designer, make a copy of a view in
ACMENAMES.NTF.
3. Select the copy, choose File - Document Properties, click the Design
tab (third tab from the left), and then select “Prohibit design refresh
or replace to modify.”
4. Customize the copy of the view, and then give the copy of the view a
new title.
5. Open the original view, choose Design - View Properties, click the i
tab, and then deselect “Show in View menu.”
6. Save the view.
7. Select the original view, choose File - Document Properties, click the
Design tab, and then choose “Prohibit design refresh or replace to
modify.”
8. Make any other directory customizations, and then complete the
procedure “Applying template customizations to the Domino
Directory database.”

Reference
Using the Domino Directory to extend the LDAP schema
To add schema elements to the Domino LDAP schema, you can create
forms and subforms in the Domino Directory, or you can use the Domino
LDAP Schema database (SCHEMA.NSF). Using the Schema database is
the preferred method for extending the schema. Use the Domino
Directory to extend the schema only if Notes or Web users require access
to the entries created from the new schema elements through documents
in the directory. If only LDAP access to entries defined by the new
schema elements is required, instead use the Domino LDAP Schema
database to extend the schema.
Note You must use a Lotus Domino Designer 6 client when using the
Domino Directory to extend the schema.
For more information on the LDAP schema as well as guidelines and
methods for extending the schema, see the chapter “Managing the LDAP
Schema.”
You can use the Domino Directory to:
• Create a new LDAP structural object class
• Configure a new LDAP structural object class to inherit
• Create a new LDAP auxiliary object class
• Define LDAP attributes for a new object class
To add attributes to an object class defined in the default schema, do not
add the attributes to the object class directly. Instead, do one of the
following:
• Create an auxiliary object class to define the new attributes, and then
add the auxiliary object class to the default object class
• Create a new structural object class with the new attributes, and then
configure the new object class to inherit from the default object class
Using the Domino Directory to enable LDAP-standard entries to be

visible as documents
The LDAP-standard schema elements defined in the default LDAP
schema through the LSCHEMA.LDIF file do not correlate to forms and
fields in the Domino Directory. For example, the object class
residentialPerson does not correlate to a form in the Domino Directory.
By default, you can use only LDAP operations to create and access
directory entries defined by these LDAP-standard schema elements.
If you want to display LDAP-standard entries such as these in
documents that are visible to Notes and Web users, you can follow the
same steps that describe how to use the Domino Directory to extend the

schema. For example, to create a form to hold values for entries defined
by the residentialPerson object class, follow the steps described in the
procedure “Using the Domino Directory to create a new LDAP structural
object class”. In this case you are not using the form to define an object
class — the object class is already defined in the LSCHEMA.LDIF file.
Instead you’re using the form so that entries defined by the object class
are visible in documents. If you do this, make sure to define the schema
elements exactly as the Domino LDAP Schema database (SCHEMA.NSF)
shows them to be defined. Defining them differently can cause you to
define new schema elements, rather than simply allowing the default
schema elements to be visible in documents.
Using the Domino Directory to create a new LDAP structural object

class
You can add a form and associated subforms to the Domino Directory to
define a new LDAP structural object class in the LDAP schema and to
enable documents created from the form to be LDAP-accessible. The
preferred method for extending the schema is to use the Domino LDAP
Schema database, however. Use the Domino Directory to extend the
schema only if Notes or Web users require access to the new entries
defined by the schema elements through documents in the directory.
If you do not need documents created from a form to be LDAP-accessible
— for example, you don’t run the LDAP service in the domain and are
sure you won’t in the future — you can create a new form without
following these steps.
To add a new form to the Domino Directory to define an LDAP
structural object class:
1. Create a form for the structural object class.
2. Create and insert an associated $xxxInheritableSchema subform into
the form to define the attributes for the object class.
3. (Optional) Create and insert an associated $xxxExtensibleSchema
subform into the $xxxInheritableSchema subform to support adding
an auxiliary object class to the structural object class.
Note You must also create a view for displaying the object class entries
to Notes and Web users.

Reference
For example, to create a new structural object class called acmePrinter:
Form:
acmePrinter
Subform:
$acmePrinterInheritableSchema
(Attributes a, b, c) Subform:
$acmePrinterExtensibleSchema
Note Inserting a subform into an ExtensibleSchema subform or

inserting an ExtensibleSchema subform into an InheritableSchema
subform are the only instances in which nesting subforms — that is,
inserting a subform within another subform — is acceptable.
Creating a form to define a new LDAP structural object class

The procedures that describe how to using the Domino Directory to
create a new structural object class use the following:
• ACMENAMES.NTF as the file name for the copy of the Domino
Directory template. Where ACMENAMES.NTF appears, substitute
the file name of the copy of the Domino Directory template you
created.
• acmePrinter as the name of the new structural object class. Substitute
the name of the object class you are adding.
• (LDAP country) form and the $countryInheritableSchema and
$countryExtensibleSchema subforms, which come with the Domino
Directory, as templates to use as a basis for creating the new form
and subforms.
The first step in using the Domino Directory to create a new LDAP
structural object class is creating a form as follows:
1. Make sure that you are working in a copy of the Domino Directory
template (ACMENAMES.NTF) and that you have at least Designer
or Manager access in the ACL.
2. From the Domino Designer, open ACMENAMES.NTF.
3. Do the following to copy the contents of the (LDAP country) form
into a new form:
Note Do not select the (LDAP country) form and use copy and paste
to copy it.
a. In the left pane, select Forms.
b. Open the (LDAP country) form, choose Edit - Select All, then
Edit - Copy.
c. Close the (LDAP country) form.
d. Click New Form, and choose choose Edit - Paste.

4. With the new form open, delete the words LDAP Country at the top
of the new form, and replace them with a label describing the new
type of entry — for example, Acme Printer:
5. Choose Design - Form Properties, and do the following:

Note Next to the Name property, enter xxx, where xxx is the name
of the new object class — for example:
acmePrinter
Note You can use a backslash (\) in the name of the new form so
that the form name cascades from an item in the Notes Create menu.
If you use the backslash, add the right-most portion of the name as
an alias to the form name so that the object is correctly named in the
LDAP schema. For example, to cascade the acmePrinter form from
LDAP, name the form LDAP\acmePrinter | acmePrinter.
a. (Optional) Deselect the Display property “Include in menu” to
prevent Notes and Web users from creating documents from the
form. When a Notes or Web user creates a document, LDAP
users can’t search the new documents until after the Indexer runs
to update the views.
b. Deselect the Options property “Render pass through HTML in
Notes.”
c. Leave the other properties the same, and close the Form
properties box.
6. On the Mandatory tab of the new form, select the Type field and in
the field formula in the pane below, change “country” to the name of
the new object class enclosed in quotation marks — for example:
“acmePrinter”

Reference
7. Do the following to remove the $countryInheritableSchema subform
from the new form:
a. On the Mandatory tab, click the phrase “Mandatory Attributes”
to set focus on the $countryInheritableSchema subform.
b. Verify that the $countryInheritableSchema subform is selected in

the bottom pane.
c. Choose Edit - Delete to remove the $countryInheritableSchema
subform.
8. Close and save the new form.
9. Do the following:
a. In the left pane, select Forms.
b. Select the new form, and choose Design - Design Properties.
c. Click the third tab from the left, and select “Prohibit design
refresh or replace to modify.”
10. Complete the procedure “Creating and inserting an
$xxxInheritableSchema subform.”
Creating and inserting a $xxxInheritableSchema subform

After you create a form to define a new structural object class, create an
associated $xxxInheritableSchema subform and insert it into the form.
The $xxxInheritableSchema subform defines the attributes for the
structural object class.
template (ACMENAMES.NTF) and that you have Designer or
Manager access in the ACL.

3. Do the following to copy the contents of the
$countryInheritableSchema subform into a new subform:
Note Do not select the $countryInheritableSchema subform and use
copy and paste to copy it.
a. In the left pane, select Shared Code and then Subforms.
b. Open the $countryInheritableSchema subform, choose Edit -
Select All, then Edit - Copy.
c. Close the $countryInheritableSchema subform.
d. With Subforms still selected, click New Subform, and choose Edit
- Paste.
4. Do the following to specify the properties for the new subform:
a. With the new subform open, choose Design - Subform Properties.
b. Next to the Name property, enter the following:
$xxxInheritableSchema
Where xxx is the name of the new structural object class created
previously — for example:
Deselect the Options property “Render pass through HTML in
Notes.”
c. Leave the other properties the same, and close the Subform
Properties box.
5. On the Mandatory tab, do the following:

a. Delete the field OfficeCountry and its label. Do not delete the
$dspType field and label.
b. Choose Create - Field.

Reference
c. Next to the Name property, specify FullName.
d. Next to the Type property, select Names.
e. Close the Field box.

f. Select Input Validation in the Object pane, and enter the
following formula:
@V2If(FullName = “”; @Failure(“FullName is required”);
@Success)
6. On the Optional tab, delete the searchGuide field and its label, and
optionally delete the comment field and its label.
7. Leave the Operational tab as is.
8. Define the mandatory and optional attributes for the new structural
object class in the new InheritableSchema subform.
For more information, see the topic “Using the Domino Directory to
define an LDAP attribute for a new object class” later in this chapter.
9. Do the following to remove the $countryExtensibleSchema subform
from the new InheritableSchema subform:
a. On the Extensible tab of the new InheritableSchema subform,
place the cursor the equivalent of one line down to select the
$countryExtensibleSchema subform.
b. Verify that the $countryExtensibleSchema subform is selected in

the bottom pane.
c. Choose Edit - Delete to remove the $countryExtensibleSchema
subform from the new InheritableSchema subform.
10. Save and close the new InheritableSchema subform.

11. Do the following to insert the new InheritableSchema subform into
the form created to define the structural object class:
a. From the Domino Designer, open ACMENAMES.NTF.
b. In the left pane, select Forms and open the form you created
previously — for example, acmePrinter.
c. Position the cursor between the form name and the Type, Owner,
LocalAdmin, and DocumentAccess fields.
d. Choose Create - Resource - Insert Subform, select the

InheritableSchema subform you created — for example
$acmePrinterInheritableSchema — and click OK.
12. Save and close the form.
13. (Optional) Complete the procedure “Creating and inserting an
$xxxExtensibleSchema subform.”
Creating and inserting an $xxxExtensibleSchema subform

After you create and insert a $xxxInheritableSchema subform for
structural object class, create and insert a $xxxExtensibleSchema subform
into the $xxxInheritableSchema subform so that you can add an auxiliary
object class to the structural object class. If you do not want to add an
auxiliary object class to the new structural object class, do not complete
this procedure.
3. In the left pane, select Shared Code and then Subforms.
4. Click New Subform.

Reference
b. Next to the Name property, enter the following:
$xxxExtensibleSchema
Where xxx is the name of the new structural object class created
previously — for example:
c. Deselect the Options property “Render pass through HTML in
Notes.”
d. Leave the other properties the same, and close the Subform
Properties box.
e. Save and close the new ExtensibleSchema subform.
6. Do the following to insert the new ExtensibleSchema subform into
the InheritableSchema subform:
a. With Subforms still selected, open the InheritableSchema
subform you created previously, for example
$acmePrinterInheritableSchema.
b. On the Extensible tab choose Create - Resource - Insert Subform.
c. Select the ExtensibleSchema subform you created — for example
d. Click OK.
7. Save and close the InheritableSchema subform.
8. Complete the procedure “Using the Domino Directory to create an
LDAP auxiliary object class.”

Configuring a new LDAP structural object class to inherit
To specify that a new structural object class defined using the Domino
Directory inherit from another structural object class defined in the
directory, insert the $xxxInheritableSchema subform for the superior
object class into the $xxxInheritableSchema subform of the subordinate
object class. For example, you can create the structural object class
acmeLaserPrinter that inherits attributes from the structural object class
acmePrinter:
Form:
acmeLaserPrinter
Subform:
$acmeLaserPrinterInheritableSchema
(Attributes a, b, c)
Subform:
(Attributes d, e, f)
You can also configure a new structural object class to inherit from a
default object class in the schema that is defined by a form.
4. Open the $xxxInheritableSchema subform for the subordinate object
class. For example, if you want the acmeLaserPrinter object class to
inherit from the acmePrinter object class, open the
$acmeLaserPrinterInheritableSchema subform.
5. Click the Inheritable tab, and do the following:
a. Choose Create - Resource - Insert Subform.
b. Select the InheritableSchema subform for the superior object
class. For example, select the $acmePrinterInheritableSchema
subform if you want the acmeLaserPrinter object class to inherit
from the acmePrinter object class.
c. Click OK.
6. Save and close the InheritableSchema subform for the subordinate
object class.

Reference
Using the Domino Directory to create an LDAP auxiliary object class
Use an auxiliary object class to add one set of attributes to multiple
structural object classes. To use the Domino Directory to create an LDAP
auxiliary object class, create a subform to define the auxiliary object class,
and then insert the subform into the $xxxExtensibleSchema subform of
each structural object class to which you want to add the auxiliary object
class.The superior object class for an auxiliary object class you add is
Top.
For example, to create the auxiliary object class building and add it to the
structural object class acmePrinter do the following:
Form:
acmePrinter
Subform:
(Attributes a, b, c)
Subform:
Subform:
building
(Attributes x, y, z)
The preferred method for extending the LDAP schema is to use the
Domino LDAP Schema database. Use the Domino Directory to extend
the schema only if Notes or Web users require access to the new schema
elements through documents in the directory.
Creating a subform to define an auxiliary object class

4. Click New Subform.
b. Next to the Name property, enter a name for the auxiliary object
class — for example, building.
c. Keep the Options property “Include in Insert Subform... dialog”
selected.
d. Deselect the Options property “Render pass through HTML in
Notes.”

e. Leave the other properties the same, and close the Subform
Properties box.
f. Save and close the new subform.
6. Do the following to add a field to define the auxiliary object class:
a. Choose Create - Field.
b. Next to Name on the Basics tab of the Field dialog box, specify
any name, but precede the name with a dollar sign ($) to indicate
that the field is an operational field — for example: $building.
c. Next to Text on the Basics tab of the Field dialog box, select
“Computed when composed.”
d. Specify the formula for the field in the pane below as follows:
FIELD $objectclass := $objectclass : “subform”;1
Where subform is the name of the subform you specified in step 5
— for example:
FIELD $objectclass := $objectclass : “building”;1

Reference
You must enclose the subforn name in quotations marks (“ ”).
7. Complete the procedure “Using the Domino Directory to define an

LDAP attribute for a new object class” to add the attributes to the
new auxiliary object class.
8. Save the new subform.
9. Do the following:
a. In the left pane, select Shared Code and then Subforms.
b. Select the new subform, and choose Design - Design Properties.
c. Click the third tab from the left, and select “Prohibit design
Adding the new auxiliary object class to a structural object class

After you create subform to define a new auxiliary object class, complete
this procedure to add the auxiliary object class to a structural object class.
You can add the auxiliary object class to a new structural object class you
have created, or a default structural object class.
1. From ACMENAMES.NTF, open a $xxxExtensibleSchema subform or
a form, as described in the following table:
To add the auxiliary object class to Open this subform or form
dominoPerson $PersonExtensibleSchema
dominoGroup $GroupExtensibleSchema
dominoOrganization, $CertifierExtensibleSchema
dominoOrganizationalUnit, and
dominoInternetCertifier
dominoServerResource $ResourceExtensibleSchema
locality $LocalityExtensibleSchema
organization $organizationExtensibleSchema
organizationalUnit $organizationUnitExtensibleSchema
a structural object class defined in the The form used to define the object
default schema that doesn’t have a class
corresponding $xxxExtensibleSchema
subform
a structural object class you defined $xxxExtensibleSchema
in the Domino Directory Where xxx is the name of the new
structural object class

2. Choose Create - Resource - Insert Subform.
3. Select the subform you created for the auxiliary object class — for
example, building.
4. Click OK.
5. Close and save the subform or form you opened in step 1.
6. Complete the procedure “Applying template customizations to the
Domino Directory database.”
Using the Domino Directory to define an LDAP attribute for a new

object class
The preferred method for extending the LDAP schema is to use the
Domino LDAP Schema database. Use the Domino Directory to extend
the schema only if Notes or Web users require access to the new schema
elements through documents in the directory.
To define an attribute for a new object class you have added to the
Domino Directory, add a field to the appropriate subform.
Note Do not add the fields ListName or ServerName.
1. From the Domino Adminstrator or Notes client, choose the name for
the attribute, then do the following to determine whether the
attribute is already being used:
a. Open the Domino LDAP Schema database (SCHEMA.NSF) on a
server that runs the LDAP service.
b. Select the All Schema Documents - LDAP Attribute Types view.
c. Do a full-text search for the name of the attribute you plan to
define for the object class.
d. Do one of the following:
• If the search returns a document whose “LDAP name” field
contains the name of the attribute for which you searched, use
the corresponding value in the “Notes mapping” field in the
Attribute document as the name of the new field.
• If the search does not return a document whose “LDAP name”
field contains the name of the attribute for which you
searched, use the name of the attribute for which you
searched.

Reference
• To define an attribute for a new auxiliary object class, open the
subform for the auxiliary object class — for example, the subform
named building.
• To define an attribute for a new structural object class, open the
$xxxInheritableSchema subform for the object class — for
example, the subform $acmePrinterInheritableSchema — and then
select the Mandatory tab if the attribute will be required, or select
the Optional tab if the attribute will not be required.
5. Choose Create - Field, and do the following:
a. Next to the Name property, give the field a name as described in
Step 1.
b. Next to the Type property, choose one of the following data
types, and keep “Editable” selected:
Choose this Domino data type For this LDAP attribute syntax
Text Directory string
Date/Time Generalized time
Number Integer
Names Distinguished name
6. (Optional) Do the following to require that all entries include a value

for this attribute:
a. Select the field.
b. Select “Input Validation” in the Objects pane at the bottom of the
subform.
c. Enter the following input validation formula:
@V2If(fieldname = “”; @Failure(“fieldname is required”); @Success)
Where fieldname is the name you gave the new field.
For example, if you add the field “shoesize” and you want to
require that all entries include values for the field, enter this
formula:
@V2If(shoesize = “”; @Failure(“shoesize is required”); @Success)
7. Close and save the subform.

Applying template customizations to the Domino Directory database
After you customize a copy of the Domino Directory template, you must
complete this procedure to apply the design changes to the Domino
Directory database, which is usually (NAMES.NSF).
These steps use Acme’s Domino Directory and ACMENAMES.NTF as
the title and file name for the copy of the Domino Directory template
used to customize the directory. Where Acme appears, substitute the
names associated with the copy of the Domino Directory template you
created.
1. Make sure you have Designer or Manager access to the Domino
Directory database, which usually has the file name NAMES.NSF.
2. Open the Domino Directory database (NAMES.NSF).
3. Choose File - Database - Replace Design.
4. Click Template Server, and select the server that stores Acme’s
Domino Directory (ACMENAMES.NTF) template.
5. Click “Show advanced templates” to display Acme’s Domino
Directory template in the templates box.
6. Select Acme’s Domino Directory in the templates box.
7. Verify that the “Inherit future design changes” field is selected, and
then click Replace.
Upgrading to a new Domino Directory template

When a new version of the Domino Directory template
(PUBNAMES.NTF) becomes available, you’ll want to use it so that you
can take advantage of new Domino features. Complete this procedure to
preserve your customizations when you upgrade your customized copy
of the Domino Directory template to a new version of the template.
These steps use ACMENAMES.NTF as the file name for the copy of the
Domino Directory template. Where ACMENAMES.NTF appears,
substitute the file name of the copy of the Domino Directory template
you created.
1. For each visible view in ACMENAMES.NTF that came with the
Domino Directory and that you customized, from the Domino
Designer choose File - Document Properties, click the Design tab
(third tab from the left) and deselect “Prohibit design refresh or
replace to modify.” Deselecting the option ensures that the views

Reference
receive all design changes from the new version of the Domino
Directory template.
Repeat Step 1 for each form that came with the Domino Directory
and in which you hid sections.
2. Open ACMENAMES.NTF, choose File - Database - Refresh design,
select a server that has a new version of the default Domino
Directory template (PUBNAMES.NTF), and click OK.
3. If you created subforms to customize forms, re-insert the subforms
into the appropriate forms in ACMENAMES.NTF. If you customized
built-in subforms for Person, Group, or Server\Certifier forms, you
do not need to complete this step.
4. To hide a section of one of the forms that comes with the Domino
Directory, do the following in ACMENAMES.NTF:
a. Select the section in the form, choose Text - Text Properties, click
the Hide tab (the fifth tab from the left), select hide options, and
then save the form. LDAP ignores any hide selections.
b. Choose File - Document Properties, click the Design tab, and then
select “Prohibit design refresh or replace to modify.”
5. For each view in ACMENAMES.NTF that came with the Domino
Directory and that you customized, choose File - Document
Properties, click the Design tab, and then select “Prohibit design
6. If you previously customized a visible view that came with the
Domino Directory, in ACMENAMES.NTF do one of the following to
restore the customizations:
• If you made changes directly to the view, re-create the changes.
• If you made changes to a copy of the view, open the original view,
choose Design - View Properties, click the i tab, deselect “Show in
View menu,” then save the original view. Then, select the original
view, choose File - Document Properties, click the Design tab, and
choose “Prohibit design refresh or replace to modify.”

Reference
Appendix F
Administration Process Requests
This appendix contains administration requests with the detailed

processes that occur for each request, flowcharts for several
administration requests, as well as timing and scheduling information for
administration requests.
Administration process requests

An administration request is created by the administrator performing an
action; it represents an administration task and is run by the server task
AdminP (Administration Process). When an administration request is
generated, it appears in the Administration Requests database.
Note The Administration Process carries out “Immediate” requests
within a minute after they appear in the Administration Requests
database rather than according to a scheduling field.
For more information on the Administration Process, see the chapter
“Setting Up the Administration Process.”
Administration Process Requests - One Domain

Add Internet Certificate
Add resource
Add servers to a cluster
Approve person’s name change request
Change HTTP password in Domino Directory
Change user password in Domino Directory
Copy server public key
Create hosted organization storage
Create IMAP delegation requests
Create mail files during setup
Create Mail-in database
F-1
Create replica
Create a Roaming User
Delegate mail file
Delegate mail file on administration server
Delegate Web mail file
Delete database
Delete group in Domino Directory
Delete hosted organization
Delete person in Domino Directory
Delete Policy in Domino Directory
Delete resource
Delete roaming user
Delete server name in Domino Directory
Downgrade user from Roaming to Non-Roaming user
Find name in domain
Maintain Trends database record
Modify CA Configuration in the Domino Directory
Modify ID recovery information in Domino Directory
Modify resource
Modify user information stored in the Domino Directory
Move database from a cluster server
Move database from a non-cluster server
Move a mail file from one server to another
Move roaming user to another server
Place server’s Notes build number into Server record
Recertify Certificate Authority in Domino Directory
Recertify servers
Recertify users
Register hosted organization
Remove servers from cluster
F-2 Administering the Domino System, Volume 2

Reference
Rename group
Rename person
Rename person - name change refused
Request to create ISpy database
Retract database
Set Directory Assistance field
Set directory filename
Set password fields
Set user name and enable schedule agent
Set Web admin fields
Set Web user name and enable scheduled agent
Sign database with server’s ID file
Store CA Policy Information in the Domino Directory
Store certificate in Domino or LDAP Directory
Store Certificate Revocation List in Domino or LDAP Directory
Store directory type in Server record
Store server’s CPU count
Store server’s DNS host name
Update client information in Person Record
Update external domain information
Update domain catalog configuration
Update license tracking information in Domino Directory
Update roaming user information in Person record
Update non-roaming user to roaming user
Update server protocol information
Upgrade server to hierarchical
Web set Soft Deletion Expire Time
Administration Process Requests F-3

Administration Process Requests - Time-based execution
The following requests are generated when moving databases or creating
database replicas as part of a recommended resource balancing plan as
determined by IBM Tivoli Analyzer for Lotus Domino.
Check access for new replica creation
Check access for move replica creation
Check mail server’s access
Check access for non-cluster move replica
Administration Process Requests - Multiple Domains

Create Replica
Delete Server
Delete person
Rename person from flat to hierarchical
Rename server from flat to hierarchical
Add Internet Certificate to Person Record

The Add Internet Certificate to Person Record administration request is
generated when you add an Internet certificate to a user’s Person
document. From the Domino Administrator, open the Domino Directory
and select the user(s) whose Person documents you want to add Internet
Certificates to. Choose Action - Add Internet Certificate. The request is
generated after you select the certifier or keyring file during the
procedure. This request is not generated if you choose to use CA Process.
Triggered by: Initiating the process to add an Internet Certificate to
the Person document for one or more users.
Carried out on: The administration server of the Domino Directory
copies the Certificate into the User Certification field of the Person
document.
Carried out: According to the “Interval” setting for the
Administration Process in the Server document.
Result: Places the person’s Internet certificate in the Domino
Directory so that encrypted mail may be sent to that user. Places the
person’s Internet certificate in the User ID file so that the user can
send signed mail.

Reference
Add Resource
You can add a resource, that is a room or reservation, to the Resource
Reservations database via the Domino Administrator.
Triggered by: The Resource administrator performing a New
Resource action in the Resource Reservations database.
Carried out on: The administration server for the Domino Directory.
Carried out: Immediately
Result: Creates a mail-in database record for the resource.
Adding servers to a cluster

Triggered by: From the servers view, click Add to Cluster or select
that option from the Actions menu.
Carried out: According to the “Interval” setting in the
Administration Process section of the Server document. If you choose
to initiate this command immediately, the Administration Process is
not used to perform the action.
Result: If the cluster did not already exist, the new cluster is created
and the server is added to it. If the cluster already exists, the server is
added to the cluster.
Approve person’s name change request

Triggered by: A Notes client user requesting a name change in the
User Security panel on the Notes client. The Notes user enters
information pertinent to the name change, and clicks a Send button
to send the request to the administrator. This approval request is
posted.
Carried out: When you approve or reject this request in the
Administration Request database.
Result: If the administrator approves the request, an e-mail with the
user’s new name is sent to the user. The Person document is
updated. If the administrator rejects the request, a message is sent to
user and the Person document is not updated.
Note If the user has selected the “Ask your approval before accepting
name change” on the Notes name changes dialog box in the Notes client
interface, the user is notified of this name change and can approve or
reject it. Name changes are typically rejected by users only if the user
name is misspelled. If the user does reject the proposed name change, an

“Approve refused name change” is posted in the Administration
Requests database.
For more information on processing name change refusals, see the topic
“Rename person - name change refused” later in this appendix.
Change HTTP password in Domino Directory

Lotus Notes users can change their HTTP password if the administrator
has set the “Allow users to change HTTP passwords via the Internet”
field to Yes on the Basics tab of the Security Settings document. If the
value in that field is No, the user is not able to change the HTTP
password. The user has the ability to change the HTTP Internet password
during authentication when attempting to access a Notes database via a
Web browser. The “Change HTTP password in Domino Directory” is
also generated when an Internet password is synchronized with a Notes
password.
Triggered by: A user initiating an action to change their Internet
password via the Internet or a Notes password is synchronized with
the Internet password.
Carried out on: Administration server for the Domino Directory.
Result: The password is updated in the user’s Person document.
Change user password in Domino Directory

Triggered by: Person changing their password when prompted
during authentication.
Result: Creates a password digest. Populates the “Last change date”
field and updates the “Password digest” with the encrypted
password digest for the password in the user’s Person document.
Copying server public key

Triggered by: The server recognizing that the Public Key field in the
Server document is empty or out of date.
Administration Process section of the Server document.
Result: The public key of the server ID is copied to the Public Key
field of the Server document.

Reference
Create IMAP delegation requests
The “Create IMAP delegation requests” administration request is
generated from an IMAP client when a user sets delegation preferences
for their mail file. This is done from the user’s desktop by clicking Tools -
Preferences and then selecting mail delegation settings on the Delegation
- Mail Delegation tab.
Triggered by: A user setting mail delegation preferences on their
IMAP client.
Carried out on: Server on which the user’s mail file resides.
Result: Modifies the ACL for the mail file on the server for that
database.
Create mail files during setup

Triggered by: Choosing to create a mail file via the Administration
Process during registration.
Carried out on: Home mail server.
Result: Creates the mail file on the home mail server.
Create Mail-in database

Triggered by: Entering the “load runjava ISpy” command for the
first time.
Result: Creates a mail-in database record in the Domino Directory
for the ISpy database.
Note In previous releases, this request was named “Request to create
ISPY database.”

Create replica
You can create a database replica using the Administration Process by
selecting a database and then choosing Database - Create Replica from
the tools pane in the Domino Administrator.
Check access
Triggered by: Initiating the command from the Domino
Administrator.
Carried out on: The server that contains the database being
replicated.
Result: The Administration Process on the source server checks that
the user submitting the request and the destination server have at
least Reader access in the ACL of the database. If the user and
destination server have the necessary access and if a Connection
document between the source and destination server exists, the
Administration Process generates a “Create replica” request in the
Administration Requests database of the source server.
Create replica
To populate the replica, the user submitting the request and the source
server must have Create Replica access to the destination server.
Triggered by: Successful completion of the Check Access
administration request.
Carried out on: The destination server for the database.
Result: A new replica of the database is placed on the destination
server. The database is populated during the next replication.

Reference
Create a Roaming User
You create a roaming user during the user registration process. During
the user registration process for a roaming user, the administration
process generates the administration request “Create a Roaming User’s
Roaming Files” three times in order to create the following three files:
• journal.nsf
• bookmark.nsf
• names.nsf
Create a Roaming User’s Roaming Files
Triggered by: Clicking the Advanced check box on the Basics panel
of the registration user interface, and then selecting the Roaming
User check box on the same panel. (The Roaming User check box is
not displayed until you select the Advanced check box on the Basics
panel of the registration user interface.)
Carried out on: Either the user’s mail server or the server you
designate as a roaming server in the User Registration user interface.
If you selected “Put roaming user files on mal server”, the files are
placed on the mail server. If that option is not selected, the files are
placed on the designated registration server. The default location is a
subdirectory beneath the directory path Domino/Data/Mail. The
subdirectory is named with up to the first eight characters of the
user’s last name. For example, Domino/Data/Mail/<username.nsf>.
Result: Creates the roaming users files for the user that you are
registering.
Create Mail file

Triggered by: Choosing to create a mail file during the
Administration Process during registration.
Carried out on: User’s home mail server.
Carried out: Immediately.
Result: Creates the mail file on the user’s home mail server.
Delegate mail file

Triggered by: A mail file owner, with Editor access to another mail
file’s Access Control List, setting new mail preferences.
Carried out on: The administration server of the user’s mail file.

Result: Modifies the ACL for the mail file on the server for that
database. New mail preferences are set by the user on the user’s mail
file.
Delegate mail file on administration server

Triggered by: A user initiating the action to delegate mail file access
from the Notes client, the “Delegate mail file” request is then sent to
the user’s home server, which is not the administration server for the
mail database.
Carried out on: The administration server for the mail database.
Result: The “Delegate mail file on administration server” request is
generated to redirect the “Delegate mail file” request to the correct
administration server for the user’s mail database.
Delegate Web mail file

Triggered by: The user delegating access to their mail file to one or
more other users. Web mail delegation is defined via the user’s Web
browser, by choosing Tools- Preferences - Delegation and then
delegating mail file access.
Carried out on: The user’s home mail server.
Result: Updates the user’s mail file ACL to include the updated
delegation information.
Delete Database
You can delete (retract) a database and, optionally, delete all replicas of
the database. From the Domino Administrator, choose Files and select
the database you are deleting, and then choose Files - Delete. You are
prompted to verify that you do want to delete the selected file(s) and
presented with a check box in which to indicate whether you want to
delete all replicas. Click the check box to delete all replicas of those
databases.
Get Replica Information for Deletion

Purpose: The application supported by the database is now obsolete
and all replicas of the database can be removed.
Triggered by: From the Domino Administrator, choosing the File
tab, selecting the database you are deleting, and then choose Files -
Delete. Or, choose the database on the bookmarks or workspace and
choose Database - Delete.

Reference
Carried out on: All servers in the domain.
Result: AdminP reads the database ACL to verify that the request
signer is the database Manager. If so, generates an “Approve Replica
Deletion” request for the server administrator to accept or reject. If
the signer is not a database administrator, an Event is logged.
Approve Replica Deletion

Triggered by: Successful completion of the “Get Replica Information
for Deletion” request.
Carried out on: Any server.
Carried out: According to the administrator’s discretion.
Result: Posts the “Request Replica Deletion” request.
Request Replica Deletion

Triggered by: The administrator’s approval of the “Approve Replica
Deletion” request.
Result: Posts the “Delete Replica” request.
Delete Replica
Triggered by: Completion of the “Request Replica Deletion” request.
Carried out on: Server on which the database exists.
Result: The replica is deleted.

You can delete a group name using the Administration Process by
initiating a Delete Group action from the Domino Directory or the
Domino Administrator. The following flowchart shows the sequence of
Administration Process requests that occur when you do this. (Boxes
indicate requests.) The timing shown for each request is the default,
which you can customize through the Server Tasks - Administration
Process tab on the Server document.

Choose "Actions: Delete Group"
in the Domino Directory
Delete
Yes from Domino Directory No
immediately?
Delete in Delete in
Access Control List Address Book
1 Hour 1 Hour
Delete in Delete in Delete in

Reader/Author Access Control Person
Fields List Documents
Weekly 1 Hour Daily
Delete in
Reader/Author
Fields
Weekly

Triggered by: Choosing Actions - Delete Group in the Domino
Directory (or clicking Delete Group) and selecting to delay the
deletion of the group name from the Domino Directory.
Result: The Administration Process removes the name from the
Domino Directory except from Person documents.
Delete in Person documents

Triggered by: Completion of a “Delete Group in Domino Directory”
request.
Carried out: According to the “Execute once a day requests at”
setting for the Administration Process in the Server document.
Result: The Administration Process removes the group name from
Person documents in the Domino Directory.

Reference
Delete in Access Control List
Triggered by: Choosing to immediately delete all occurrences of the
group name from the Domino Directory when initiating the Delete
action or the completion of a “Delete Group in Domino Directory”
request (if you chose to delay deletion of the name from the Domino
Directory).
Carried out on: Each server in the domain.
Result: Each server in the domain deletes the name from the ACLs of
databases for which it is an administration server.
Delete in Reader / Author Fields

Triggered by: Completion of a “Delete in Access Control List”
request on the administration server for the Domino Directory (if you
chose to immediately delete occurrences of the name from the
Domino Directory) or completion of the “Delete in Person
Documents” request (if you chose to delay deletion of the name from
the Domino Directory).
Carried out: According to the “Delayed Request” settings for the
Result: Each server in the domain deletes the name from
Reader/Author fields of databases for which it is an administration
server and that have the advanced ACL option “Modify all
Reader/Author fields” selected.
Timing for deleting a group

Request Timing
Delete group in Domino Directory Interval
Delete in Person Documents Execute once a day requests at
Delete in Access Control List Interval
Delete in Reader/Author Fields Start executing on
Start executing at

You can delete a hosted organization with the Administration Process by
choosing Hosted Organization - Delete from the Configuration tab in the

Note The “Delete hosted organization” request is generated only if you
select Administration Process as your Processing Type in step 4 of the
procedure to delete a hosted organization.
Triggered by: From the Configuration tab, choosing Hosted
Organization - Delete, and selecting a hosted organization.
Result: Deletes all references to the hosted organization in the
Domino Directory and posts the “Get hosted organization storage
information for deletion” request.
Get hosted organization storage information for deletion

Note The “Get hosted organization storage information for deletion” is
the first administration request generated when you select a Processing
Type of Immediate in step 4 of the delete hosted organization procedure.
Prior to the request being generated, the Domino Administrator (client)
deletes all references to the hosted organization in the Domino Directory.
Triggered by: When AdminP is the Processing Type, this request is
triggered by successful processing of the “Delete hosted
organization” request. If “Immediate” is the Processing Type, this
request is triggered by performing the action to delete a hosted
organization.
Result: Each server checks to see if the hosted organization has
storage on the server. Creates the “Approve Deletion of Hosted
Organization Storage” for itself.

Reference
Approve deletion of hosted organization storage
Triggered by: Successful completion of the “Get hosted organization
storage information for deletion” request.
Carried out: When you open the request and choose “Approve
hosted organization storage deletion.”
Result: Posts the “Delete hosted organization storage” request.
Delete hosted organization storage

Triggered by: Successful processing of the “Approve deletion of
hosted organization storage” request.
Carried out on: The xSP server.
Result: Deletes all file systems belonging to the hosted organization.

You can delete a person’s name with the Administration Process by
initiating a Delete Person action in Notes from the Domino Directory,
Domino Administrator, Web Administrator, or by using the Windows
NT User Manager. The following flowchart shows the sequence of
indicate requests.) The time chart shown at the end of this section
contains the default timing information for each request. You can
customize timing through the Server Tasks - Administration Process tab
on the Server document.

Choose "Actions: Delete Person"
(or click "Delete Person") in the
Domino Directory
Yes Delete No
from Domino Directory
immediately?
Delete in Delete in
1 Hour 1 Hour
Delete
No Delete Delete in Delete in Delete in Delete No mailfile, person No
mail file? Reader/Author Access Control Person mail file? record, and all
Fields List Documents replicas?
Weekly 1 Hour Daily Yes
Yes
Yes
End Delete in End End
Reader/Author
Fields
Weekly, Daily,
Get Information for or Combination
Deletion
Immediately Approve Deletion
of Private Design
Get Information Delete Approve File Elements
for Replica Deletion
replicas
Deletion? Yes
Upon Administrator Approval
Request to Delete
Request File
Private Design
Deletion
Elements
Immediately
Delete Mail File

Delete Private
1 Hour Design Elements
Yes Does mail No

file use
shared mail?
Delete Unlinked
Mail File
2 Weeks
No Delete Yes
replicas of
mail file?
End

Triggered by: Choosing Actions - Delete Person in the Domino
Directory (or clicking Delete Person) and choosing to delay deletion
of the name from the Domino Directory. You can also trigger this
action by choosing Delete Person when viewing a Person document
with the Web Administrator.

Reference
Domino Directory, except from other people’s Person documents,
and posts the “Delete in Person documents” request. If you have
created a “termination” group and set up the administration process
to add deleted users to that group, the name is added to the
“Terminations” group.

Triggered by: Completion of a “Delete in Domino Directory”
request.
Result: The Administration Process removes the name from other
people’s Person documents in the Domino Directory.

name from the Domino Directory when initiating the Delete action or
the completion of a “Delete in Domino Directory” request (if you
chose to delay deletion of the name from the Domino Directory).

Domino Directory) or completion of a “Delete in Person documents”
Directory).
Reader/Author fields” selected. The server scans the databases for
shared agents signed by the deleted person and for Private Design
Elements (folders, views, agents) signed by the deleted person.

Shared agents found are reported in the request’s Response
document. If Private Design Elements are found an “Approve
deletion of Private Design Elements” administration request is
posted.
Get file information for deletion

Triggered by: Completion of the “Delete in Access Control List”
chose to immediately delete all occurrences of the name) or
completion of the “Delete in Domino Directory” request (if you chose
to delay deleting the name from the Domino Directory). You must
also have specified to delete the mail file in which you chose to delete
the person.
Carried out on: The deleted person’s home server.
Result: The person’s home server creates an “Approve file deletion”
request which provides information about the mail file. This appears
in the Pending Administrator Approval view of the Administration
Requests database.
Approve file deletion

Triggered by: Completion of the “Get file information for deletion”
request.
Carried out on: The server on which you approve the request.
Carried out: When you manually approve or reject the request.
Result: If you approve the request, the Administration Process
creates a “Request file deletion” request.
Request file deletion

Triggered by: Approving the “Approve file deletion” request.
Result: Posts a “Delete mail file” request.
Delete mail file

Triggered by: Completion of a “Request file deletion” request.
Result: The Administration Process verifies that the administrator
who approved the deletion has at least Author with Delete
documents access to the Domino Directory. Then, if the mail file

Reference
doesn’t use shared mail, the Administration Process deletes the file.
If the file does use shared mail, then the Administration Process
purges the links to the shared mail database, disables replication,
and creates a “Delete unlinked mail file” request.
Delete unlinked mail file

Triggered by: Completion of a “Delete mail file” request for a mail
file that uses shared mail.
Carried out: According to the “Interval between purging mail file
and deleting when using object store” setting for the Administration
Process in the Server document.
Result: The Administration Process deletes the mail file after waiting
a period of time. This delay provides time for the Object Collect task
to purge any obsolete messages.
Approve deletion of Private Design Elements

Triggered by: Completion of a “Delete in Readers/Authors field”
request and locating Private Design Elements signed by the deleted
person in databases on that server.
Carried out on: Any server in the domain.
Result: The deletion is approved and the “Request to delete Private
Design Elements” administration request is posted.
Request to delete Private Design Elements

Triggered by: The administrator’s approval of the “Approve
deletion of Private Design Elements” administration request.
Result: Posts the “Delete Private Design Elements” administration
request.
Delete Private Design Elements

Triggered by: Completion of the “Request to delete Private Design
Elements” administration request.
Carried out on: The server containing the database with the Private
Design Elements.
Result: Private Design Elements signed by the deleted person are
removed from the databases.

Note If the person requesting the delete action chose to delete all
replicas of a mail file, then a “Get File Information for Deletion” request
is created and processed by all servers in the domain. This request is
posted after completion of the “Delete mail file” request or the “Delete
unlinked mail file” request. For each replica of the mail file found on
servers in the domain, the “Approve file deletion,” “Request file
deletion,” and “Delete mail file” request sequence occurs again.
Timing for deleting user names

Request Timing
Delete person in Domino Interval
Directory
Start executing at
Get File Information for Deletion Immediate
Approve File Deletion Requires administrator approval in
Administration Requests database
Request File Deletion Immediate
Delete Mail File Interval
Delete Unlinked Mail File Interval between purging and deleting mail
file when using shared mail
Approve deletion of Private Required administrator’s approval.
Design Elements
Request to delete Private Design Immediate
Elements
Delete Private Design Elements Interval
Delete policy record in Domino Directory

You can delete an explicit policy using the Administration Process by
performing a Delete Policy action from the Domino Administrator. From
the People & Groups tab, click Policies, select the explicit policy you are
deleting and click Delete Policy.
Triggered by: Initiating an action to delete an explicit policy from the

Reference
Result: Removes all references to the explicit policy form all users’
Person documents.
Delete resource
Approve resource delete
Triggered by: Performing a “Delete Resource” action in the Resource
Reservations database.
Carried out: According to administrator’s approval.
Result: If you approve the request, the administration process
creates a “Remove Resource” administration request.
Delete resource
Triggered by: Approval of the “Approve resource delete” request.
Carried out on: The administration server of the Domino Directory.
Result: Removes the mail-in database resource for the Resource from
Delete Roaming User

You can delete a roaming user in the Domino Administrator just as you
would delete any user name. When you delete a roaming user, the
following administration requests are generated:
Delete Person in Domino Directory

Triggered by: Choosing actions - Delete Person in the Domino
administration Process in the Server document.

Delete in Person Documents
Triggered by: Completion of a “Delete Person in Domino Directory”
request.
setting for the Administration Process in the Domino Directory.
Delete in Access Control Lists

the completion of a “Delete in Address Book” request (if you chose to
delay deletion of the name from the Domino Directory).
administration process in the Server document.
Delete in Reader/Author fields

Triggered by: Completion of a “Delete in Access Control Lists”
Directory.
Administration Process in the Server document. (Hourglass icon
displays.)
posted.

Reference
Get Mail File Information for Deletion
This is generated once, to begin the deletion of the user’s mail file.
the person. You must have selected the option to delete the person’s
mail file.
Carried out on: The user’s mail server.
Result: An “Approve Mail File Deletion” request is generated and
appears on the Pending Administrator Approval view of the
Administration Requests database.

This is generated three times, once for each of these files: Journal.nsf,
bookmark.nsf, and names.nsf.
Triggered by: This request is generated upon completion of the
“Delete in Access Control List” administration request (if you chose
to immediately delete all occurrences of the name) or completion of
the “Delete in Domino Directory” request (if you chose to delay
deleting the name from the Domino Directory).
Carried out on: Server specified as the “roaming server”, that is, the
server on which the roaming files are stored.
Result: An “Approve File Deletion” request is generated and
appears on the Pending Administrator Approval view of the
Approve Mail File Deletion

This is generated once.
Triggered by: Completion of the “Get Mail File for Deletion” request.
Carried out on: The user’s home server.
Carried out: When you manually approve or reject this request.
creates a “Request Mail File Deletion” request.

This is generated three times.
Triggered by: Completion of the “Get Replica Information for
Carried out: When you manually approve or reject this request.
creates a “Request Replica Deletion” request.
Request Mail File Deletion

Triggered by: Approving the “Approve Mail File Deletion” request.
Carried out on: The user’s home server.
Result: Posts a “Delete Mail File” request.

This request is generated three times, once for each of these files:
names.nsf, journal.nsf, and bookmark.nsf.
Triggered by: Approving the “Approve Replica Deletion” request.
Result: Posts a “Delete Replica” request.
Delete Mail File

Triggered by: Completion of the “Request Mail File Deletion”
request.
Carried out on: The user’s home mail server.

Reference
Delete Replica
This request is generated three times, once for each of these files:
names.nsf, journal.nsf, and bookmark.nsf.
Triggered by: Completion of the “Request Replica Deletion” request.
documents access to the Domino Directory. The Administration
Process deletes the file.
If the user has created Private Design Elements, the “Approve Deletion
of Private Design Elements”, “Request to Delete Private Design
Elements”, and “Delete Private Design Elements” requests are generated
and processed.
For more information on how the Private Design Elements requests are
processed, see the topic “Delete person in Domino Directory” in this
chapter.
The administration requests that locate and delete replicas are repeated
until all replicas of roaming user files are deleted. These requests are the
“Get Replica Information for Deletion”, “Approve Replica for Deletion”,
“Request Replica Deletion” and “Delete Replica” requests.
Delete server name in Domino Directory

You can delete a server name using the Administration Process by
performing a Delete Server action in the Domino Directory or from the
Domino Administrator. The following flowchart shows the sequence of
indicate requests.) The timing shown for each request is the default,
which you can customize through the Server Tasks - Administration
Process tab on the Server document.
Note The Administration Process automatically deletes mail-in
database documents and Cross-certificate documents during the Delete
Server process.

Choose "Actions: Delete Server"
Delete
Yes from Domino Directory No
immediately?
Delete in Delete in
1 Hour 1 Hour
Delete in Delete in Delete in

Reader/Author Access Control Person
Fields List Documents
Weekly 1 Hour Daily
Delete in
Reader/Author
Fields
Weekly
Delete server in Address Books

Triggered by: Choosing Actions - Delete Server or clicking Delete
Server in the Domino Administrator and choosing to delay the
deletion of the name from the Domino Directory.
Domino Directory except from Person documents.

Triggered by: Completion of a “Delete in Domino Directory”
request.
Result: The Administration Process removes the name from Person
documents in the Domino Directory.

Reference
name from the Domino Directory when initiating the Delete action,
or the completion of a “Delete in Domino Directory” request (if you
databases for which it is an administration server. Checks to
determine whether a catalog file exists for the enterprise. If so, it
generates a “Delete server from Domino catalog” administration
request.
Delete server from Domino catalog

The “Delete server from Domino catalog” request is generated only
when a catalog file exists for the enterprise.
Triggered by: The existence of a catalog file for the enterprise.
Carried out on: The server that contains the catalog database.
Result: Removes server information from the domain catalog on the
catalog server. The domain catalog is used for domain searching. The
catalog server is the first server in the Local Domain Catalog Servers
group.

Domino Directory) or completion of the “Delete in Person
Documents” request (if you chose to delay deletion of the name from
the Domino Directory).
Result: Each server in the domain deletes the name from the

Timing for deleting server names
Request Timing
Delete server in Domino Directory Interval
Start executing at
Downgrade user from roaming to non-roaming user

You can use the Domino Administrator to downgrade a user from
roaming to nonroaming. The “User can roam” field displays No, and the
roaming files are removed from the roaming server. From the Domino
Administrator choose People & Groups - People. Select the name of the
user you are downgrading and click Tools - People - Roaming.
Remove Roaming User’s Roaming Files

Triggered by: Selecting a roaming user and then choosing Tools -
People - Roaming to downgrade the user to nonroaming via the
Carried out on: The server on which the roaming user files are
stored, that is, the roaming server.
Result: Initiates the “Get Replica Information for deletion” request.
Get Replica Information for deletion

This request is generated a total of three times, one time each for
journal.nsf, bookmark.nsf, and names.nsf.
Triggered by: Successful completion of the administration request
“Remove roaming user’s roaming files.”
Result: Searches the domain and locates any existing replica(s) of the
user’s roaming file(s). Posts an “Approve replica deletion” request
for each roaming file, journal.nsf, names.nsf, and bookmark.nsf.

Reference
This request is generated a total of three times, one time each for
journal.nsf, bookmark.nsf, and names.nsf.
Triggered by: Successful completion of the “Get replica information
for deletion” administration request.
Carried out: When you manually approve the replica deletion
request.
Result: The roaming file replicas are deleted. The “User can roam” in
the Person document is set to No.
Delete replica
Triggered by: Successful processing of the “Approve Replica
Carried out on: The server on which the roaming files are stored.
Result: Deletes all replicas of the user’s roaming files.
Find name in domain

You can locate user names and group names in a domain.
To locate user names or group names, from the Domino Administrator,
choose People & Groups and select the user name(s) or group name(s)
you want to locate. To locate user names, choose - Tools - People - Find
User(s). To locate group name(s) choose Tools - Groups - Find Group(s).
Triggered by: Initiating a Find User(s) or Find Group(s) action from
Result: The administration log document contains fields identifying
the following:
• Occurrences of the user name(s) or group name(s) in Domino
Directory documents
• Occurrences of the user name(s) or group name(s) in Policy
documents
• Occurrences of the user name(s) or group name(s) in database
ACLs

Maintain Trends Database Record
The “Maintain trends database record” request is executed as part of a
mail file or database move action initiated due to resource balancing
initiated by IBM Tivoli Analyzer for Lotus Domino.
This request is generated only when the database move is initiated while
the Tivoli Analyzer is enabled.
If you use the Tivoli Analyzer to generate a resource balancing plan,
Domino Change Control completely manages the migration of databases
from one server to another, once the plan is executed.
For more information on this request, see these topics:
• Move database from a non-cluster server
• Move database from a cluster server
• Move a mail file from one server to another
For more information on the Tivoli Analyzer, see the chapter “Using IBM
Tivolio Analyzer for Lotus Domino.”
Modify CA Configuration in Domino Directory

Triggered by: Creating a new Domino server-based CA from the
Domino Administrator, creating an Internet Certificate, or by
modifying an existing CA Configuration.
Result: Adds a Certifier Configuration document for the new CA or
updates the existing Certifier Configuration document in the Domino
Directory.
Modify ID recovery information in Domino Directory

Triggered by: Updating the ID recovery information in the certifier
ID file in the Domino Directory by adding recovery information or
by deleting it. To add, modify, or delete recovery information from
the Domino Directory, click the Configuration tab, click Certification
- Edit Recovery Information.
Carried out on: Administration server for the Domino Directory
Result: The recovery information in the certifier ID file in the
Domino Directory is updated.

Reference
Modify resource
Modify room/resource in directory
Triggered by: The resource manager performing an Edit Resource
action in the Resource Reservation database.
Result: Modifies descriptive information about the resource in its
mail-in database record in the Domino Directory.
Modify User information stored in the Domino Directory

Triggered by: User making a change to mail encryption preferences
on the User Security panel - Mail tab.
Result: The “When receiving unencrypted mail, encrypt before
storing in your mail file” field on the Basic tab of the Person
document is updated.
Move a mail file from one server to another

You can use the Administration Process to move a person’s mail file from
one server in your domain to another by performing a “Move Mail File”
action in the Domino Directory or the Domino Administrator.
Note For service providers: An additional administration request is
generated in a hosted environment. The “Verify hosted organization
storage” request is generated after either the “Check mail server’s
access” request or the “Promote new mail server’s access” request.
The “Maintain trends database record” request is executed as part of a
mail file move initiated due to resource balancing initiated by IBM Tivoli
Analyzer for Lotus Domino. This request is generated only when the
database move is initiated while the Tivoli Analyzer is enabled. If you
are not using the Tivoli Analyzer, you will not see this request.

Triggered by: The administrator performing a Move Mail File action
from the Domino Administrator or the Domino Directory.
Carried out on: Home server for the mail file as designated in the
Person document.

Result: Checks for a Connection document between the old and new
mail file servers, and sets up the ACLs so that the old and new
servers have Manager access. If it is the administration server of the
mail file, posts the “Create new mail replica” request. If it is not the
administration server for the mail file, posts a “Promote new mail
server’s access” administration request.
Verify hosted organization storage

Triggered by: Successful completion of the “Check mail server’s
access” request or the “Promote new mail server’s access” request.
Carried out on: Destination server.
Result: Verifies whether the destination server hosts the hosted
organization to which the user belongs. Generated the “Create new
mail replica” request.
Promote new mail server’s access

Triggered by: Execution of a “Check mail server’s access”
administration request. The home server is not the administration
server of the mail file.
Carried out on: The administration server of the mail file.
Result: Set up the ACLs so that the old and new mail servers are
listed as having Manager access. Posts a “Create new mail file
replica” administration request.
Create new mail file replica

Triggered by: Successful processing of the “Check mail server’s
access” administration request.
Person document.
Result: Creates a replica copy of the old mail file on the new mail
server. If Tivoli Analyzer is not running on the source server, posts
the “Add new mail file fields” request. If Tivoli Analyzer is running
on the source servers, posts the “Maintain Trends database record”
request on the source server.

Reference
Change the server on which the agent runs
This request is generated only when there is an agent of the source server
that needs to be signed by the destination server prior to running the
agent.
Triggered by: The presence of an agent on the source server that
must be signed by the destination server after the database is moved
and can run on the destination server.
Carried out on: The destination server.
Result: If all access checks succeed, the agent is signed by the
destination server and can be run according to normal processing.

Triggered by: Initiating the mail file move action as a result of
resource balancing recommendations generated by the Tivoli
Analyzer and successful completion of the “Create new mail file
Carried out on: The source server for the mail file being moved.
Result: Copies the database record from the source server to the
destination server. If appropriate, it retires the database record on
the source server.
Add new mail file fields

Triggered by: Completion of the “Create new mail replica”
Result: Posts the “Monitor new mail file fields” administration
request. Creates two fields, “New mail file” and “New mail server”
in the Person document.
Monitor new mail file fields

Triggered by: Completion of the “Add new mail file fields”
Carried out on: The new mail file server.
Carried out: When the router recognizes the new mail server for the
mail file.
Result: Verifies that “New” fields are added to the Person document
on the new mail server and that the router can route the mail to the
server. Posts the “Replace mail file fields” administration request.

Replace mail file fields
Triggered by: Completion of the “Monitor new mail file fields”
request.
Result: New mail server information is added to fields. Removes
“New” fields from the Person document. Places “Old Mail File” and
“Old Mail Server” fields in the Person document. The server sets a
flag in the Person document to update the client.
Note The user must now access their home server through the desktop
so that the Notes Dialup Connection and Location documents in the
Personal Domino Directory are updated with the new mail file and new
mail server information. After the Personal Domino Directory is updated,
Notes creates a “Push changes to new mail server” request, which
initiates the mail file delete sequence on the old mail server. If the user
accesses the home server exclusively through the Replicator, the Personal
Domino Directory is not updated and the “Push changes to new mail
server” request is not created.
Push changes to new mail server

Triggered by: Client authenticating with the home server after a
“Replace mail file fields” request is completed.
Carried out on: The home mail server.
Result: Pushes the last set of changes and mail to the new mail file.
Posts the “Get file Information for Deletion” request.
Get file information for deletion

Triggered by: Completion of the “Push changes to new mail server”
Carried out on: The old mail server.
Result: Gathers the replica ID of the mail file and posts the “Approve
file deletion” administration request.
Approve file deletion

Triggered by: Successful completion of the “Get file information for
deletion” administration request.
Result: Posts the “Request file deletion” administration request.

Reference
Request file deletion
Triggered by: The administrator’s approval of the “Approve file
deletion” request.
Result: Posts the “Delete mail file” administration request.
Delete mail file

Triggered by: Completion of the “Request file deletion”
Carried out on: The original home mail server.
Result: The old mail file is deleted from the original home mail
server.

Triggered by: Completion of the “Delete mail file” request for a mail
Delete obsolete change request

Triggered by: Expiration of the period in which the client’s personal
Domino Directory will be modified with the new mail server’s
information. You can use the “Mail file Names expired after” field in
the Administration Process section of the home server’s Server
document to change the expiration period.
Result: New mail client update flag field is removed from the Person
document.

Timing for moving a mail file from one server to another
Request Timing
Check mail server’s access Immediate
Promote new mail server’s access Immediate
Create new mail replica Immediate
Add new mail file fields Immediate
Monitor new mail file fields When the router recognizes the new mail
server for the mail file
Replace mail file fields Immediate
Push changes to new mail server Immediate
Get file information for deletion Interval
Approve file deletion Administrator’s discretion
Request file deletion Interval
Delete mail file Interval
Delete unlinked mail file Interval
Delete obsolete change request Daily
Move database from a cluster server

You can use the Administration Process to move a database from a
cluster server to another server by choosing Database - Move from the
tools pane. This request creates a replica of the original database on
another server.
Move a Database Inside a

Cluster Using Move Tools
from the Tools Pane
Check Access for

Move Replica Creation
Immediately
Move Replica
Immediately
Monitor Replica Stub
1 Hour
Delete Original Replica

After Move
1 Hour

Reference
Note The “Maintain Trends database record” request is executed as
part of a database move initiated due to resource balancing initiated by
IBM Tivoli Analyzer for Lotus Domino. This request is generated only
when the database move is initiated while the Tivoli Analyzer is enabled.
If you are not using the Tivoli Analyzer, you will not see this request.

Triggered by: Choosing Database - Move from the tools pane.
Carried out on: The source server.
Result: The Administration Process checks that the administrator
initiating the request has Manager with “Delete documents” access
to the database being moved and that the destination server has
Reader access to the database being moved.
Move replica
Triggered by: Completion of the “Check Access for move replica
creation” request.
Carried out on: The destination server (the server to which the
database is being moved).
and the source server have Create Replica access to the destination
server. If so, the Administration Process creates a replica. The replica
is populated with documents the first time any server with the
complete replica replicates with the destination server. If Tivoli
Analyzer is running on the source server, posts the administration
request “Maintain Trends database record.” If Tivoli Analyzer is not
running on the source server, posts the administration request
“Monitor replica stub.”

This request is generated only when there is an agent on the source
server that needs to be signed by the destination server prior to running
the agent.

Triggered by: Initiating the database move action as a result of
Analyzer and successful completion of the “Move replica”
Carried out on: The source server for the database being moved.
the source server.
Monitor replica stub

Triggered by: Creation of the replica on the destination server.
Result: The Administration Process monitors the replica. When it
detects that the replica is initialized (another server has begun
replicating to it), it posts a “Delete original replica after move”
request.
Delete original replica after move

Triggered by: Completion of the “Monitor replica stub” request.
Result: The Administration Process marks the original database for
deletion. The Cluster Database Directory Manager on the source
server then monitors the database for usage. When all user
connections to the database have closed, the Cluster Database
Directory Manager pushes changes to another replica in the cluster
and deletes the database.
Timing for move database from a cluster server

Request Timing
Check access for move replica creation Immediate
Move replica Immediate
Monitor replica stub Interval
Delete original replica after move Interval

Reference
Move database from a non-cluster server
You can use the Administration Process to move a database from a
non-cluster server to another server by choosing Database - Move from
the tools pane. This request creates a replica of the original database on
another server, then creates a request requiring administrator’s approval
to delete the database from the source server.
Note The “Maintain Trends database record” request is executed as
part of a database move initiated due to resource balancing initiated by
IBM Tivoli Analyzer for Lotus Domino. This request is generated only
when the database move is initiated while the Tivoli Analyzer is enabled.
If you are not using the Tivoli Analyzer, you will not see this request.
Move a Database from a
Non-Cluster Server Using
Database-Move from the Tools
Pane
Check Access for

Non-Cluster Move
Replica Creation
Immediately
Non-Cluster
Move Replica
Immediately
Approve Deletion
of Moved Replica
Request to Delete
Non-Cluster
Move Replica
Delete Non-Cluster
Move Replica

Triggered by: Executing the non-cluster move command.
Carried out on: The source server for the database.
the user submitting the request is the Manager of the Domino
Directory and that the destination server has Reader access in the
ACL of the database. Posts a “Non-cluster Move Replica” request.

Non-cluster move replica
Triggered by: Completion of the “Check access for non-cluster move
replica” request.
Carried out on: Source server for the database.
Result: Creates a replica of the original database on the destination
server. If Tivoli Analyzer is not running on this source server, posts
the “Approve deletion of moved replica” request. If Tivoli Analyzer
is running on this source server, posts the administration request
“Maintain Trends database record.”
Update replica settings

Triggered by: The administrator creating a new replica by
replicating the source database to the destination database, where
the database quota is not replicated to the destination database.
Carried out on: Destination server.
Result: Establishes updated replica settings on the new replica, the
database quota field is reset to the same database quota as the source.

This request is generated only when there is an agent on the source server
that needs to be signed by the destination server prior to running the agent.

Triggered by: Initiating the database move action as a result of
Analyzer and successful completion of the “Non-cluster move
Carried out on: The source server for the database being moved.
the source server.

Reference
Approve deletion of moved replica
Triggered by: Completion of the “Non-cluster move replica” request.
Carried out on: The Pending Administrator Approval View of the
Administration Requests database, on any server. The deletion
occurs on the source server.
Result: Posts a “Request to delete non-cluster move replica” request.
Request to delete non-cluster move replica

Triggered by: Completion of the “Approve deletion of moved
replica” request by the administrator’s approval.
Carried out on: The administration server for the Domino Database.
Result: Posts a “Delete non-cluster move replica” request.
Delete non-cluster move replica

Triggered by: Completion of the “Request to delete non-cluster
move replica” request.
Carried out on: Source server for the original database.
Result: Makes one last push replication of the source database to the
destination server and deletes the original database from the source
server.
Timing for move database from a non-cluster server

Request Timing
Check access for non-cluster move Immediate
replica
Non-cluster move replica Immediate
Approve deletion of moved replica According to administrator’s discretion
Request to delete non-cluster move Interval
replica
Delete non-cluster move replica Interval

Move roaming user
You can use the Domino Administrator to move a roaming user’s files
from one server to another server. While performing the procedure to
move a roaming user’s roaming files (journal.nsf, bookmark.nsf,
names.nsf), you have the option to move the user’s mail file as well.
Moving the user’s mail files, in addition to their roaming files, creates
additional administration requests. The administration requests for
moving roaming files are listed here under the heading “Move roaming
files administration requests”, and the administration requests for
moving mails files are listed here under “Move mail files administration
requests”.
To move a roaming user’s files, from the Domino Administrator choose
People & Groups, People - Tools - Move.
If the destination server to which you are moving the roaming user files
is not in the Local domain, the “Promote new roaming server’s access”
request is generated as the second request in the series. Otherwise, the
“Promote New Roaming Server’s Access” is not generated.
Move roaming files administration requests

Check Roaming Server’s Access
Triggered by: Initiating a Move user action from the Domino
Administrator.
Carried out on: The server on which the user’s roaming files reside.
roaming servers and sets up the ACLs so that the old and new
roaming servers have Manager access.
Promote New Roaming Server’s Access

This administration request is generated if the server to which you are
moving the user’s files does not have access to the roaming files.
Triggered by: Execution of a “Check Roaming Server’s Access”
administration request, and a lack of access to the roaming files by
the destination server.
Result: Sets up the ACLs to give the old and new roaming servers
Manager access. Posts a “Create Roaming User’s replica”
administration request. Changes the administration server of the
roaming files to the destination roaming server.

Reference
Create Roaming User’s Replicas
This request is generated one time. It creates three replicas, one for
journal.nsf, one for bookmark.nsf, and one for names.nsf.
Triggered by: Successful processing of the “Check Roaming Server’s
Access” administration request.
Carried out on: User’s roaming server.
Result: Pushes the three databases to the new replicas on the
destination server. Posts the “Monitor roaming server’s field in
Person record” request.
Monitor Roaming Server’s Field in Person Record

Triggered by: Successful completion of the “Create roaming user’s
replicas” request.
Carried out on: Destination server to which the roaming user files
are being moved.
Result: Recognizes the update to the Person record and posts the
“Replace roaming server’s field in Person record” request.
Replace Roaming Servers Field in Person Record

Triggered by: Successful completion of the “Monitor roaming
server’s field in Person record” request.
Carried out on: Administration server for the Domino Directory
only.
Result: New roaming server information is added to the Roaming
Server field on the Basics tab of the Person document.
Push Changes to New Roaming Server

This request is generated three times, once each for journal.nsf,
Triggered by: The client recognizes that a new roaming server is in
place and the Replicator page has been updated with the new
roaming server.
Carried out on: The original roaming server.
Result: Pushes the last set of changes to the new Roaming Server.
Initiates the “Get Replica Information for Deletion” administration
request.

Triggered by: Completion of the “Push changes to new roaming
server” request.
Carried out on: The original roaming server.
Result: Gathers the replica ID of each of the roaming files and posts
the “Approve replica deletion” administration request.

Triggered by: Successful completion of the “Get replica for deletion”
Carried out: According to the administrator’s discretion, that is,
when the administrator approves the deletion.
Result: Posts the “Request replica deletion” administration request.

Triggered by: Administrator’s approval of the “Approve replica
Result: Posts the “Delete replica” administration request.
Delete Replica
Triggered by: Successful completion of the “Request replica
Carried out on: Deletes the replicas on the old roaming server.
Result: The replicas are deleted from the old roaming server.

Reference
Move mail files administration requests
Triggered by: Initiating an action to move roaming files and mail file.
Person document.
mail file servers, and sets up the ACL to provide the old and new
mail servers with Manager access. Posts the “Create new mail file
replica” request.
Create new mail file replica

Triggered by: Successful processing of the “Check mail server’s
access” administration request.
Carried out on: The administration server for the mail file.
Result: Creates a replica copy of the old mail file on the new mail
server. Posts the “Add new mail file fields” administration request.
Add new mail file fields

Triggered by: Completion of the “Create new mail file replica”
Result: Creates a “New mail file” field and an “Old mail file” field in
the Person document. Posts the “Monitor new mail file fields” request.
Monitor new mail file fields

Triggered by: Successful completion of the “Add new mail file
fields” request.
Carried out on: The new mail server.
Carried out: When the router recognizes the new mail server for the
mail file.
Result: Verifies that new fields are added to the Person document on
the new mail server and that the router can route mail to the new
server. Posts the “Replace mail file fields” administration request.

Replace mail file fields
Triggered by: Completion of the “Add new mail file fields”
Result: New mail server information is added to the fields. Removes
“New” fields from the Person document. Places “Old Mail File” and
“Old Mail Server” fields in the Person document. The server sets a
flag in the Person document to update the client.
Push Changes to new mail server

Triggered by: Client authentication with the home server after the
“Replace mail file fields” administration request is completed.
Result: Pushes the last set of changes and mail to the new mail file.
Posts the “Get mail file information for deletion” administration
request.
Get mail file information for deletion

Triggered by: Completion of the “Push changes to new mail server”
Carried out on: The old mail server.
Result: Locates the replica ID of the mail file and posts the “Approve
mail file deletion” administration request.
Approve mail file deletion

Triggered by: Successful completion of the “Get mail file information
for deletion” administration request.
Carried out: When you manually approve or reject the request in the
administration requests database.
Result: Posts the “Request file deletion” administration request.
Request mail file deletion

Triggered by: The administrator’s approval of the “Approve mail
file deletion” request.
Result: Posts the “Delete mail file” administration request.

Reference
Delete mail file
Triggered by: Completion of the “Request file deletion”
Carried out on: The original mail server.
Result: The old mail file is deleted from the original mail server.
Place server’s Notes build number into Server record

Triggered by: A server starting up and recognizing that it’s running
a Lotus Domino Server build that differs from the build running at
the last server startup.
Carried out on: The administration server for the Domino Database.
Result: Populates the “Server build” field on the Server document.
Recertify Certificate Authority in Domino Directory

You can recertify a certificate authority with the Administration Process
by selecting the CA in the Domino Directory and then choosing Tools -
Certification - Certify from the Configuration tab in the Domino
Administrator.
Triggered by: Initiating a recertify CA action from the Domino
Administrator.
Result: Recertifier the certificate authority (CA) in the Domino
Directory. You also have the option of assigning alternate names
during this procedure.
Recertify servers
Triggered by: Initiating the Recertify Server command from the
Actions menu.
Result: The server’s public key is updated, and the Server document
is updated with the new public key.

Recertifying users
Triggered by: Initiating a Recertify Person action from the tools pane
in the Domino Administrator.
Result: Updates the user’s certified public key, and updates the
user’s ID file during the authentication process.
Register hosted organization

Hosted organization registration applies only to hosted environments,
that is, those who have installed and using the Lotus Domino service
provider software.
To register a hosted organization, from the Domino Administrator,
choose Configuration - Registration - Hosted Organization. Hosted
organization registration creates the two administration requests shown
below.
Create hosted organization storage

Triggered by: Initiating hosted organization registration in the
Result: A data directory is created for the hosted organization. This
directory is assigned the name that is specified in the Directory field
on the Storage panel of the Register Hosted Organization interface.
By default, for Win32 systems, the hosted organization’s data
directory is placed directly beneath Domino/data. On UNIX
systems, the default is /local/notesdata. You can specify another
location in the Physical Storage Location field on the Register Hosted
Organization interface. This request also creates the necessary .ACL
file to prevent users in other hosted organizations from accessing the
directory, and it creates the “domino” subdirectory that is beneath
the hosted organization’s directory and populates it with the
necessary Web hosting directories and files.
A mail subdirectory is created beneath the hosted organization’s data
directory.

Reference
Create Mail file
Triggered by: Successful completion of the Create hosted
organization storage request and by selecting “Create mail file in
background” on the Mail tab of the Registration Settings document
selected for this hosted organization.
Result: A mail file for the hosted organization administrator is
created in the mail subdirectory for the hosted organization. The
mail subdirectory resides beneath the hosted organization’s data
directory.
For more information on registering a hosted organization, see the
chapter “Setting Up the Service Provider Environment.”
Remove Certificate from Domino or LDAP Directory

The “Remove Certificate from Domino or LDAP directory” request is
generated when an administrator revokes a certificate and it is removed
from the Domino Directory or LDAP directory. Certificates are revoked if
they can no longer be trusted, for example, if the subject of the certificate
leaves the organization or if the key has been compromised.
Triggered by: Administrator revoking a certificate .
Result: The certificate is removed from the Domino or LDAP
directory.
For more information on to revoking certificates, see the chapter “Setting
Up a Domino Server-based Certification Authority.”
Remove servers from a cluster

Triggered by: Clicking “Remove from cluster” in the Domino
Administrator or by choosing the Remove from Cluster action.
Administration Process in the Server document. (If you choose to
execute the command immediately, the Administration Process is not
used.)
Result: Removes the server from the cluster.

Rename group
You can rename a group using the Administration Process by performing
a Rename Group action from the Domino Administrator or by choosing
Groups - Edit from the tools pane. The following flowchart shows the
sequence of Administration Process requests that occur when you do
this. (Boxes indicate requests). The timing shown for each request is the
default, which you can customize through the Server Tasks -
Administration Process tab on the Server document.
Choose "Actions: Rename

Group"
Rename Group in
Address Book
1 Hour
Rename Group Rename Group

in Access in Person
Control List Documents
1 Hour Daily
Rename Group
in Reader/
Author Fields
Weekly
Rename group in Domino Directory

Triggered by: Choosing Actions - Rename group from the Domino
Administrator or by choosing Groups - Edit from the tools pane.
Result: Updates the group’s name in the Domino Directory except in
Person documents.
Rename group in Person documents

Triggered by: Completion of the “Rename group in Domino
Directory” request.
Result: Updates the name in Domino Directory Person documents.

Reference
Rename group in Access Control List
Triggered by: Completion of the “Rename group in Domino
Result: Each server in the domain updates the group’s name in ACLs
of databases for which it is an administration server.
Rename group in Reader / Author Fields

Triggered by: Completion of the “Rename in Person documents”
request on the administration server for the Domino Directory.
Result: Each server in the domain updates the group’s name in the
Timing for renaming groups

Request Timing
Rename Group in Domino Directory Interval
Rename Group in Person Documents Execute once a day requests at
Rename Group in Access Control List Interval
Rename Group in Reader/Author Fields Start executing on
Start executing at
Rename person
You can rename a user with the Administration Process by choosing
People - Rename from the tools pane of the Domino Administrator. The
following flowchart shows the sequence of Administration Process
requests that occur when you rename a person in the Domino Directory.
(Boxes represent requests.) The timing shown for each request is the
default, which you can customize through the Server Tasks -

Choose "Actions: Rename Person"
Choose "Change Common Name" Choose "Request Move

or "Upgrade to Hierarchical" to New Certifier"
Move Person's
Name in Hierarchy
Upon Administrator Completion
Initiate Rename in
Address Book
1 Hour
Change Request
Expires
Person accepts
No new name before
change request Delete Obsolete
expires? Change
End Requests
Yes
Daily
Rename Person
in Address Book
1 Hour
Rename Person in
Rename in Access Rename in Person
Free Time
Database
1 Hour Daily Immediately
Rename in Rename Person in

Reader/Author Calendar Entries and
Fields Profiles in Mail File
Weekly Immediately
For information on renaming a Web user, see the topic “Rename Web
user” in this appendix.
For information on the administration requests that are generated when a
user refuses a proposed name change, see the topic “Rename person -
Name change refused.”

Reference
Move person’s name in hierarchy
Triggered by: Choosing Actions - Rename Person then Request
Move to New Certifier in the Domino Directory or by choosing
People - Rename from the tools pane of the Domino Administrator.
Carried out on: The server from which you choose Actions -
Complete Move.
Carried out: When you choose Actions - Complete Move, in the
Name Move Requests view of the Administration Requests database,
to move a person’s name to another hierarchy.
Result: Approves the move and triggers the “Initiate rename in
Domino Directory” request.
Initiate rename in Domino Directory

Triggered by: Choosing a rename action.
Result: Adds the new name, certificate, and change request to the
Person document. Prompts the person to accept the new name upon
next server authentication.
Rename person in Domino Directory

Triggered by: Person accessing a server and accepting the new name.
Result: Updates the person’s name in the Domino Directory —
except for Person documents. Posts the “Rename in Person
documents” and the “Rename person in Unread Lists”
Rename in Person documents

Triggered by: Completion of the “Rename person in Domino

Rename person in unread list
Result: Each server in the domain examines every database on the
server and updates the person’s name in any unread lists.
Rename in Access Control List

Result: Each server in the domain updates the person’s name in
ACLs of databases for which it is an administration server.
Rename person in Free Time Database

Carried out on: The person’s home server.
Result: The person’s name is changed in the Calendaring and
Scheduling Free Time Database.
Rename person in calendar entries and profiles in mail file

Triggered by: Completion of the “Rename person in Free Time
Database” request.
Result: The person’s name is changed in their mail file’s Calendar
Profile and appointment documents. If the person’s common name
was changed and the common name is in the title of the mail file, the
mail file title changes to reflect the new name. If the person is the
“chair person” of any future meetings, the name is changed in those
appointment documents.

Reference
Rename in Reader/Author Fields
Carried out: According to the “Delayed Request” setting for the
Delete Obsolete Change Requests

Triggered by: Expiration of the period in which a person can accept
a new name, by default 21 days. When you rename the person, you
can change the expiration period.
Result: The Administration Process deletes the word “Pending”
from the Change Request field from the Person document.
Timing for Rename a user request

Request Timing
Move Person’s Name in Hierarchy Requires administrator approval in
Administration Requests database
Initiate Rename in Domino Interval
Directory
Rename Person in Domino Interval
Directory
Rename in Person Documents Execute once a day requests at
Rename Person in Unread List Execute once a day requests at
Rename in Access Control List Interval
Rename Person in Free Time Immediate
Database
Rename Person in Calendar Immediate
Entries and Profiles in Mail File
continued

Request Timing
Rename in Reader/Author Fields Start Executing On
Start Executing At
Delete Obsolete Change Requests* Execute once a day requests at
* Before the Administration Process carries out a rename person request, the
user whose name is being changed is prompted to accept the name change. If
the user does not accept the name change within a specified period of time, or
grace period, the name change request becomes an Obsolete Name Change and
is entered in the Administration Requests database as a Delete Obsolete Name
Change request.
Rename person - name change refused

If a user refuses to accept a proposed name change, a series of
administration requests are generated. These requests require the
administrator’s attention and one requires the administrator’s approval.
The sequence of requests is generated only when the name change is
refused by the user.
Initiate Rename in Domino Directory

Triggered by: Initiating a name change request for a user that
generates a notice of name change for the user. The user must either
accept or refuse the name change. A user receives notice of a
proposed name changes only if the user has selected the “Ask your
approval before accepting name change” on the Notes name changes
dialog box in the Notes client interface.
Result: Generates an e-mail notice to the user advising of the
proposed name change and asking that user accept or refuse the
request.
Approve refused name change

Triggered by: The users refusing to accept the proposed name
change.
Carried out: When you approve or reject this approval request in the
Result: If you approve this request, a “Retract person’s name
change” request is generated. If you reject the name change refusal,
posts a “Reinitiate rename in Domino Directory” request.

Reference
Retract person’s name change
Triggered by: The administrator approving the “Approve refused
name change” request.
Result: Removes the new information from the Person document
and recovers the user’s information and updates the Person
document.
Reinitiate rename in Domino Directory

Triggered by: The administrator rejecting the name change refusal.
Result: Posts an “Initiate rename in Domino Directory” request. The
user is again notified of the proposed name change.
Rename Web user

You can rename a Web user with the Administration Process by selecting
the Web user you are renaming, and choosing People - Rename from the
tools pane of the Domino Administrator. The timing shown for each
request is the default, which you can customize through the Server Tasks
- Administration Process section of the Server document.
Initiate Web user rename in Domino Directory

Triggered by: Choosing a rename action for a Web user.
Result: Adds the new name, certificate, and change request to the
Person document.
Rename Web user in Domino Directory

Triggered by: Web user accessing a server and accepting the new
name.
Result: Updates the Web user’s name in the Domino Directory —
except for Person documents. Posts the “Rename Web user in Person
documents” and the “Rename Web user in Unread Lists”

Rename Web user in Person document
Triggered by: Completion of the “Rename Web user in Domino
Result: Updates the Web user name in Domino Directory Person
documents.
Rename Web user in unread list

Result: Each server in the domain examines every database on the
server and updates the Web user’s name in any unread lists.
Rename Web user in Access Control List

Result: Each server in the domain updates the Web user’s name in
Rename Web user in Free Time Database

Carried out on: The Web user’s home server.
Result: The Web user’s name is changed in the Calendaring and
Scheduling Free Time Database.
Rename Web user in calendar entries and profiles in mail file

Triggered by: Completion of the “Rename Web user in Free Time
Carried out on: The Web user’s home server.

Reference
Result: The Web user’s name is changed in their mail file’s Calendar
Profile and appointment documents. If the Web user’s common
name was changed and the common name is in the title of the mail
file, the mail file title changes to reflect the new name. If the Web
user is the “chair person” of any future meetings, the name is
changed in those appointment documents.
Rename Web user in Reader / Author Fields

Triggered by: Completion of the “Rename Web user in Person
documents” request on the administration server for the Domino
Directory.
Result: Each server in the domain updates the Web user’s name in
Server registration requests

Create SSL Certificate and Keyring file
Triggered by: During server registration, the administrator chooses
to “Enable SSL ports”.
Carried out on: The new server being registered after the server is
setup, running, and the request has replicated to this server.
Result: Creates the server keyring file and generates an “Enable
server’s SSL ports in Domino Directory” request.
Enable server’s SSL ports in Domino Directory

Triggered by: Successful processing of the “Create SSL Certificate
and keyring file” request.
Result: Enables all SSL ports on the new server. Posts the “Monitor
server’s SSL status in Domino Directory” request.

Monitor server’s SSL status in Domino Directory
Triggered by: Successful completion of the “Enable server’s SSL
ports in Domino Directory” request.
Carried out on: Server being registered.
Result: Monitors for the change in port status being added to the
Domino Directory and then restarts the ports.
Set Directory Assistance Field

Triggered by: Choosing Actions - Set Directory Assistance
Information from the Domino Administrator.
Result: Updates the “Directory Assistance database name” field in
the Basics section of the Server document.
Set directory filename

The Set Directory Filename request adds the file name of a server’s
primary Domino Directory to the hidden view ($Directories). Places the
directory name in the Server document.
Triggered by: A server triggers this request the first time it starts up
in this release and during subsequent startups if it detects a change
to the file name.
Result: Stores the directory name in the Server document.
Set password fields

Triggered by: Initiating the command from the People & Groups tab,
selecting the Person document, choosing Actions - Set Password
Fields.
Result: Updates the Check Password, Request Change, and Grace
Period fields in the Administration section of the Person document.

Reference
Set user name and enable schedule agent
The “Set user name and enable schedule agent” request is generated
when a user with Editor access to their mail file sets the “Out of Office”
agent.
Triggered by: From Notes client mail file, choose Tools - Out of Office.
Carried out on: The server that the mail client is running on when
the user performs the action to enable the agent.
Result: Activates the Out of Office agent for the user whose mail file
was active when the agent was set.
Set Web Admin fields

The Set Web Admin fields request applies only to pre-Rnext servers.
Triggered by: Initial startup of the HTTP server task. When the Web
server is brought up, HTTP creates the Web administration requests
database and generates administration requests to populate the
“Administer the server from a browser” field on the Server
document. The names that populate the field are taken from the
Administrators field on the Administration tab on the Server
document. The Server name is also added to the Administrators field
on the Administration tab of the Server document.
Results: The “Administer the server from a browser” field is
populated with the administrators’ names as well as the server name.
The server name is also added to the Administrators field on the
Administration tab of the Server document. Web administration can
then be done by the administrators listed in that field.
Set Web user name and enable scheduled agent

The “Set Web user name and enable schedule agent” request is generated
when a Web user with Editor access to their mail file sets the “Out of
Office” agent.
Triggered by: Action performed by the user in their mail file from
the Notes client.
Carried out on: The server that the mail client is running on when
the Web user performs the action to enable the agent.
Result: Activates the Out of Office agent for the Web user whose
mail file was active when the agent was set.

Sign database with server’s ID file
Triggered by: Choosing Files tab - Database - Sign to initiate a sign
database action. Signing a database “vouches” for the integrity of
that database.
Carried out on: The server containing the database to be signed.
Result: Signs the selected database with the server’s ID when the
“Active Server’s ID” is chosen in the “What do you want to use”
field on the Sign Database dialog box.
For more information on signing a database, see the chapter “Rolling Out
Databases.”
Store CA Policy Information in the Domino Directory

The “Store CA policy information in the Domino Directory” is issued
during CA recovery, when you modify the list of registration authorities
or certificate authorities in the Domino Directory, when you update the
CA’s ICL attachment or the information that surrounds it in the Domino
Directory.
Triggered by: Modifying the list of Certificate Authorities or
Registration Authorities in the Domino Directory. This request is also
generated when a Certificate Authority’s ICL attachment is modified.
Result: Updates the Certifier document or creates a new one if one
does not exist.
Store certificate in Domino or LDAP Directory

The Store certificate in Domino or LDAP Directory request is generated
when a request for a new Internet certificate is approved by the CA.
Triggered by: The Domino CA Process’s approving an Internet
certificate request which will be published to a Domino Directory or
an LDAP Directory.
Result: The Internet certificate is published in the Person document
in the Domino Directory or in the LDAP directory.

Reference
Store Certificate Revocation List in Domino or LDAP directory
A CRL is a time-stamped list identifying revoked Internet certificates —
for example, certificates belonging to terminated employees. The CA
process issues and maintains CRLs for each Internet certifier. You
configure the CRL when you create a new Internet certifier.
The Domino CA process issues and maintains certificate revocation lists
(CRLs). A certificate revocation list is a list of revoked certificates and the
time of their revocation. CRLs are configured when you create a new CA.
Triggered by: Once a CRL is configured, the CA issues them on a
regular basis and they operate unattended. The CA process
determines that it is time to publish a CRL and generates this request
according to a predetermined schedule. For example, this request is
generated when an Internet Certificate is created.
Result: Certificate revocation list is created in the Domino Directory
or in the LDAP directory.
For more information on CRLs, see the chapter “Setting Up a Domino
Server-based Certification Authority.”
Store directory type in Server record

The Store Directory Type in Server Record request adds a value to a new
field in the Server document called “Configuration Directory Only” to
indicate whether or not the directory is a Configuration directory. The
Server record is updated with a 0 (zero) if it is a standard Domino
Directory, or with a 1 if it is a Configuration Only Directory. A special
replication formula is created to remove the names and groups from the
Domino Directory replica during the next replication.
Triggered by: A server triggers this request the first time it starts up
in this release and during subsequent startups if it detects a change
involving the “Configuration Documents only” replication setting.
Result: Updates the Server document with a 0 or 1 according to the
type of directory it is.

Store server’s CPU count
Triggered by: The CPU count value in the Server document is 0 or
does not match the number of processes on the hardware. The
discrepancy is determined when the server is powered up; it
monitors the Server document, if it locates a discrepancy it posts a
“Store Server CPU Count” request.
Result: Updates the CPU Count field in the Basics section of the
Server document.
Store server’s DNS host name in Server record

Triggered by: The SMTPFullHostName field in the Server document
not containing the server’s DNS host name at server startup.
Carried out: According to the “interval” setting in the
Result: The server’s DNS host name is placed in the
SMTPFullHostName field in the Server document.
Update client information in Person record

Updates the Notes client license information as well as the Notes client
platform, Notes client build, and the Notes client machine.
Triggered by: An incremental update in the client code. It is also
kept up to date by dynamic configuration.
Result: Updates the Notes client license information as well as the
Notes client platform field, Notes client build field, and the Notes
client machine field.

Reference
Update domain catalog configuration
Triggered by: The CATALOG.EXE server task determines that a
catalog is designated as the Domain Catalog and then the task checks
to see if the Domain-wide indexer setting is enabled in the Server
document. If so, the server task then determines whether the server
is in the LocalDomainCatalogServer group and triggers the request if
the server is not in the group.
Result: The server is added to the LocalDomainCatalogServer group
and a verification is made to ensure that the Domain-wide indexer
setting is enabled in the Server document.
For more information on the domain catalog, see the chapter “Setting Up
Domain Search.”
Update external domain information

Triggered by: Choosing “Add External Domain Network
Information” or “Delete External Domain Information” from the
Configuration tab in the Domino Administrator.
Result: If you selected “Add External Domain Network Information”
an External Domain Network Information document is created to
allow connection with a server in another domain. The document is
stored in the Domino Directory. If you selected “Delete External
Network Information” the External Domain Network Information
document and associated information are deleted.
Update license tracking information in Domino Directory

Once each day, an administration request sends to the administration
process, information regarding new users and information regarding
users who have not accessed the server within the last 30 days.
License Tracking must be enabled on the Basics tab of the Server
document.
Triggered by: A user authenticating with a server using the Notes
client, HTTP, IMAP, POP3, SMTP or the LDAP. The user’s full
canonical name, protocol, and time and date of access are collected.

Result: Creates a new User License document in the UserLicenses
database (USERLICENSES.NSF) for each unique (new) user reported
in the administration request. Documents are updated with the new
time and date for those users who already have a document in the
User Licenses database.
Update server’s protocol information

Triggered by: The server recognizing that the Protocol field does not
contain correct information.
Result: Updates the Protocol field in the Notes Network Ports
section of the Ports tab on the Server document.
Update user from non-roaming to roaming user

You can use the Domino Administrator to update a user from a
nonroaming state to a roaming state by selecting the user and choosing
People - Roaming from the tools pane.
Update client information in the Person record

Triggered by: From the Domino Administrator, initiating the action
to upgrade a user from nonroaming status to roaming status.
Result: Updates the User Can Roam field to “In Process” on the
Roaming tab of the user’s Person document in the Domino Directory.
Create roaming user’s replica stubs

Triggered by: The selected user logging into Notes after the
administrator has initiated the action to update the user’s status to
Roaming and the “User can roam” field on the Roaming tab of the
user’s Person document has been changed from “No” to “In
Process.”
Carried out on: The server that will house the roaming files.
Result: Creates replica stubs of the roaming files on the user’s
roaming server.

Reference
Update Roaming User information in Person record
Triggered by: The selected user logging into Notes after the
administrator has initiated the action to update the user’s status to
Roaming and the “User can roam” field on the Roaming tab of the
user’s Person document has been changed from “No” to “In
Process.”
Result: Updates the Personal Address Book field, Bookmarks
filename, and Journal filename fields on the user’s Person document
in the Domino Directory. Generates the “Monitor roaming users
replica stubs” request.
Monitor roaming users replica stubs

Triggered by: Successful completion of the “Update roaming user
information in Person record” request.
Carried out on: The user’s roaming server.
Result: Recognizes when replication occurs, and then generates the
“Update roaming user state in Person document” request.
Update roaming user state in Person document

Triggered by: Successful completion of the “Monitor roaming users
replica stub” request. Successful replication of the roaming files to
the roaming server.
Carried out on: On the administration server of the Domino
Directory.
Result: The “User can roam” field on the Roaming tab of the user’s
Person document is updated from “In Progress” to “Yes.”

Upgrade server to hierarchical
Use the Rename server command from the Domino Administrator to
upgrade a server from a flat server name to a hierarchical server name.
Choose "Actions: Upgrade Server to
Hierarchical" in the Domino Directory
Initiate Rename in
Address Book
1 Hour
Change Request
No Server updates Expires
its ID before
change request
expires? Delete Obsolete
Change Requests
Yes
End Daily
Rename Server in
Address Book
1 Hour
Rename in Access Rename in Person

1 Hour Daily
Rename in
Reader/Author
Fields
Weekly

Triggered by: Performing an upgrade server to hierarchical in the
Domino Directory.
Carried out on: The administration server for the Domino
Administrator.
Result: A new certified public key is assigned to the server and the
Certified Public Key field in the Server document is updated.
Rename server in Domino Directory

Triggered by: The server polls its server document data looking for
its new public key. The “Rename server in Domino Directory”
administration request is triggered by the server recognizing that its
name has changed.

Reference
Result: Update the server’s name in the Domino Directory. Posts a
“Rename in Access Control List” request and a “Rename in Person
documents” request.

Triggered by: Completion of the “Rename server in Domino
Carried out on: All servers with databases that have been assigned
administration servers.
Result: Updates the ACLs with the new server name.

Carried out: According to the “Execute once a day request at” setting
for the Administration Process in the Server document.
Result: Updates the Person documents and posts a “Rename in
Reader/Author fields” request.
Rename in Reader / Author fields

request.
Carried out on: All servers.
Carried out: According to the “Start executing on” and “Start
executing at” settings for the Administration Process in the Server
document.
Result: The Reader/Author fields are updated.
Delete obsolete change requests

Requests are carried out only if change requests have expired according
to the Name_Change_Expiration_Days setting in the NOTES.INI file.
Triggered by: Expiration of the period in which other servers in the
domain can recognize both the old name and the new name of the
server. The default is 21 days, but the administrator can set the
Name_Change_Expiration_Days variable in the NOTES.INI file to a
value between 7 and 60.

Result: The “Change Request” is deleted.
Timing for upgrading server to hierarchical

Request Timing
Initiate Rename in Domino Directory Interval
Rename Server in Domino Directory Interval
Rename in Access Control List Interval
Rename in Person Documents Execute once a day requests at
Rename in Reader/Author Fields Start executing on
Start executing at
Delete Obsolete Change Requests Execute once a day requests at
Web set Soft Deletion Expire Time

Triggered by: A mail file user with a minimum access of Editor,
changes the “Soft Delete Expire Time” on the mail database.
Carried out on: The server on which the mail database resides.
Result: The user can change the number of days between each
deletion session during which the documents marked for deletion
are deleted. The soft Delete Expire Time is the number of days
between each delete documents session.
Cross Domain Administration Requests

With Lotus Domino, you can use the Administration Process to initiate
and run an administration request on one domain and then send that
request to another specified domain for processing on that domain also.
The administration requests detailed in this section are cross domain
administration requests, that is, requests that can be processed across
domains.
Delete Person - cross domain administration request

You can use the Administration Process to delete a person’s name from
the Domino Directory and then send that request to another domain to
remove it from the Domino Directory in that domain.

Reference
Delete person - outbound (source) domain
These requests are generated on the outbound domain when the user
name on the outbound domain is a flat name and you have specified a
non-immediate deletion.

Triggered by: Choosing Actions - Delete Person in the Domino
“Terminations” group. Mails the “Delete person in Domino
Directory” administration request to the inbound domain.

Triggered by: Completion of a “Delete in person Domino Directory”
request.

the completion of a “Delete in Domino Directory” request (if you

Get file information for delete (only if deleting the mail file)
the person.
Result: The person’s home server creates an “Approve file deletion”
request which provides information about the mail file. This appears
in the Pending Administrator Approval view of the Administration
Requests database.
Approve file deletion (only if deleting the mail file)

Triggered by: Completion of the “Get file information for delete”
request.
Carried out on: The server on which you approve the request.
Carried out: When you manually approve or reject the request.
creates a “Request file deletion” request.
Request file deletion (only if deleting the mail file)

Triggered by: Approving the “Approve file deletion” request.
Result: Posts a “Delete mail file” request.
Delete in Reader / Author fields

Directory).

Reference
deletion of Private Design Elements” administration request is posted.
Delete mail file (only if deleting the mail file)

Triggered by: Completion of a “Request file deletion” request.

Triggered by: Completion of a “Delete mail file” request for a mail
Approve deletion of Private Design Elements


Request to delete Private Design Elements
request.

Design Elements.
Note If the person requesting the delete action chose to delete all
replicas of a mail file, then a “Get File Information for deletion” request is
created and processed by all servers in the domain. This request is posted
after completion of the “Delete mail file” request or the “Delete unlinked
mail file” request. For each replica of the mail file found on servers in the
domain, the “Approve file deletion,” “Request file deletion,” and “Delete
mail file” request sequence occurs again.
Delete person - inbound (destination) domain

These requests are generated on the inbound domain.

Triggered by: Receipt of a “Delete person in Domino Directory”
administration request from the outbound domain.
Result: Checks for the flat user name in the Domino Directory. If
found, posts the “Approve delete person in Domino Directory”
administration request. If not found, posts the “Delete in Access
Control Lists” and the “Delete person in Person documents”

Reference
Approve delete person in Domino Directory (only if a matching flat
user name is found)
Triggered by: Completion of an inbound “Delete person in Domino
Directory” request on a sent name.
Carried out on: Any server on which you approve the request.
Result: Post a “Delete person in Domino Directory” administration
request.
Delete person in Domino Directory (only if a matching flat user

name is found)
Triggered by: Administrator approving the “Approve delete person
in Domino Directory” administration request.
Delete person in Person documents

Triggered by: Completion of a “Delete person in Domino Directory”
request.

Triggered by: Completion of the “Delete person in Domino

posted.
Approve Deletion of Private Design Elements

Request to Delete Private Design Elements

request.

Design Elements.

Reference
Create Replica - Cross domain administration request

You can create a database replica across domains using the
Administration Process by selecting a database and then choosing
Database - Create Replica from the tools pane in the Domino
Administrator.
Create Replica - Cross Domain
Source domain Destination domain
Check
No Yes Create
access for
new replica request is Replica
End creation mailed
Create replica - outbound (source) domain

The following request is generated on the outbound domain.

Triggered by: Initiating the Create Replica command from the
Carried out on: The server on which you initiate the action.
Result: Checks for the appropriate Cross-domain Request
Configuration documents and Connection documents. Sends the
Create Replica administration request to the destination domain.
Create replica - inbound (destination) domain

The following request is generated on the inbound domain.
Triggered by: Receipt of the Create replica administration request
from the source domain.
Carried out on: The server designated as the destination server in the
Cross-domain Request Configuration document.
Result: Creates the replica on the designated server.

Delete person - cross domain administration request
If you select Immediate processing, the outbound domain has the
following subset of requests:
• Delete in Access Control List
• Get File Information for deletion
• Approve file deletion
• Delete in Reader/Author fields
• Request File deletion
• Delete mail file
• Approve deletion of Private Design Elements
• Request to delete Private Design Elements
• Delete Private Design Elements
If you select Immediate processing, the inbound domain has the
following subset of requests.
• The same as non-immediate requests
Delete server - Flat server on the outbound (source) domain

When a Delete Server administration request is initiated for a flat server
name on the outbound (source) domain, “Approval” requests are
generated on the inbound (destination) domain. For example, the
“Approve delete server in Domino Directory” is an administration
request that requires the administrator’s approval, and would be
generated on the inbound (destination) domain when a flat server is
selected for deletion on the outbound (source) domain.
The flow of administration requests documented here results when you
are deleting a flat server from the outbound (source) domain, and you do
not select Immediate processing.
Delete server - outbound (source) domain

These administration requests are generated on the outbound (source)
domain.
Delete server in Domino Directory

Triggered by: Initiating the Delete Server command from the

Reference
Result: Posts a “Delete in Person document” request and a “Delete in
Access Control List” request on the outbound server. It recognizes
the cross domain configuration documents, checks for the approved
signers, and then finding them, mails the request to the inbound
domain.

Triggered by: Completion of the “Delete server in Domino
Directory” administration request.
Result: Posts a “Delete in Readers/Authors Fields” request.
Removes references to the server from the Person document(s).

Triggered by: Completion of the “Delete in Person documents”
request.
Carried out: According to the “Delayed Request” setting in the
Result: The server name is deleted from database documents where
the “Delete in Reader/Author fields” check box is selected for the
database.

Result: The server name is removed from the ACLs in any database
that has an administration server assigned to it.
Delete server - inbound (destination) domain

These administration requests are generated on the inbound domain.

Triggered by: Successful completion of the “Delete server in Domino
Directory” request on the outbound (source) domain.
Carried out on: The administration server on the inbound domain.

Result: Determines whether the server name is flat. If so, posts the
“Approve delete server in Domino Directory” request.
Approve delete server in Domino Directory (if flat server name is

found)
Triggered by: Processing of the “Delete server in Domino Directory”
command and recognition of a flat server.
Carried out on: Any server on which the administrator approves the
request.
Carried out: According to the administrator’s approval.
Result: Posts a “Delete server in Domino Directory” request on the
destination server.
Delete server in Domino Directory (if flat server name is found)

Triggered by: Approval of the “Approve delete server in Domino
Result: Posts “Delete in Access Control List” and “Delete in Person
documents” administration requests on the destination server.
Delete server in Person documents

Triggered by: Successful completion the “Delete server in Domino
Result: Posts a “Delete in Reader/Author Fields” administration
request. Deletes all references to the server name in Person
documents.


Reference
Delete in Reader and Author Fields
Triggered by: Successful completion of the “Delete in Person
documents” administration request.
Carried out: According to the “Delayed Request” setting in the
Result: Deletes the server name from database documents where the
“delete in Reader/Author fields” check box is selected for the
database.
Delete server - cross domain administration request

If you select Immediate processing, the outbound domain has the
• Delete in Reader/Author Fields
If you select Immediate processing, the inbound domain has the
• Delete server in Domino Directory
• Approve delete server in Domino Directory (if a flat server name is
found)
• Delete server in Domino Directory
• Delete in Reader/Author Fields
For details on the above processes, see the processes documented above.
Delete Server - Hierarchical server name on the inbound

(destination) domain
This process flow occurs when you do not select the Immediate
processes.
Delete server - outbound (source) domain

These requests are generated on the outbound (source) domain.

Triggered by: Initiating the Delete Server command from the

Result: Posts a “Delete in Person document” request and a “Delete in
Access Control List” request on the outbound server.

Result: Posts a “Delete in Readers and Authors Fields” request.


Carried out: The time each server is set up to run that request.
database.
Delete server - inbound (destination) domain

These requests are generated on the inbound domain.

Triggered by: Receipt of the “Delete server in Domino Directory”
request from the outbound domain.

Reference
Result: Posts “Delete in Access Control List” and “Delete in Person
documents” administration requests on the destination server.


Result: Posts a “Delete in Readers/Authors Fields” request.

Carried out: The time each server is set up to run that request.
database.

Rename person - Cross domain administration request
You can use the Administration Process to rename (upgrade) a flat user
name to a hierarchical user name, change the person’s common name, or
move a user to new organizational hierarchy.
Rename person - outbound (source) domain

The following requests are generated on the outbound (source) domain.

Triggered by: Selecting the person, and choosing People - Rename
on the tools pane in the Domino Administrator, and then choosing
Upgrade to Hierarchical.
Result: Writes the Change Request and new public key to the
Domino Directory.

Triggered by: Person accessing a server and accepting the new
name.
Result: Updates the person’s name in the Domino Directory except
in Person documents. Recognizes the Cross Domain Configuration
Document and checks for appropriate signatures and access. Mails
the request to the inbound domain. Posts the “Rename in Access
Control List”, “Rename in unread list”, and the “Rename in Free
Time database” requests.
Rename in Person document

Posts the “Rename in Reader/Author Fields” administration request.

Reference
Rename in Free Time database

Result: The person’s name is changed in the Calendaring and
Scheduling Free Time Database. Posts the “Rename in Calendar
entries and Profile” administration request.
Rename in unread list

Triggered by: Completion of the “Initiate rename in Domino
Carried out on: Every server in the domain.
setting for the Administration Process in the Domino Directory.
Result: If an Unread List is located for the old name, the Unread List
is then stored with the person’s new name.
Rename person in calendar entries and profiles in mail file

Triggered by: Completion of the “Rename person in Free Time
Result: The person’s name is changed in their mail file’s Calendar
Profile and appointment documents. If the person’s common name
was changed and the common name is in the title of the mail file, the
mail file title changes to reflect the new name. If the person is the
“chairperson” of any future meetings, the name is changed in those
appointment documents.

server and that have the advanced ACL option “modify all
Rename person - Inbound (destination) domain

The following requests are generated on the inbound domain.

Triggered by: Receipt of the request from the outbound domain.
Result: Updates the person’s name in the Domino Directory except
in Person documents. Posts a “Rename in Person document” request.



Reference
Rename in unread lists
Carried out on: Every server in the domain.
setting in the Administration Process section of the Server document.
Result: If an Unread List for the old name is found in the database, a
copy of the Unread List is stored with the new name. Each server in
the domain examines every database on the server and updates the
person’s name in any unread lists.
Rename in Reader/Author fields

Rename server - Cross domain administration request

You can use the Administration Process to rename (upgrade) a flat server
name to a hierarchical server name.
Rename server - outbound (source) domain

The following requests are generated on the outbound domain.

Triggered by: Performing an upgrade server to hierarchical in the
Domino Directory.
Carried out on: The administration server for the Domino
Administrator.
Result: A new certified public key is assigned to the server and the
Certified Public Key field in the Server document is updated.

Triggered by: The server polls its server document data looking for
its new public key. The “Rename server in Domino Directory”
administration request is triggered by the server recognizing that its
name has changed.
documents” request. Mails the request to the inbound domain.



request.
document.

Reference
Rename server - inbound (destination) domain
The following requests are generated on the inbound domain.

Triggered by: Receipt of the request from the outbound domain.
Carried out: According to the “interval” setting in the
Result: If a matching flat server name is located, posts the “Approve
Rename in Domino Directory” administration request.
Approve Rename in Domino Directory (if flat server name is found)

Triggered by: Processing of the “Rename server in Domino
Directory” request and recognition of a flat server.
Carried out on: Any server on which you approve or reject the
request.
Result: Posts the “Rename in Domino Directory” administration
request.
Rename server in Domino Directory (If flat server name is found)

Triggered by: Administrator’s approval of the “Approve Rename in
Domino Directory” administration request.
documents” request.



request.
document.
Time-based execution requests

Time-based requests apply to move database or create replica actions
that are part of a recommended resource balancing plan as determined
by the Tivoli Analyzer. These time-based execution requests enable you
to enter the exact time that the administration request executes, as
opposed to waiting for the standard scheduled processing time.
Each of these requests runs within the set of requests generated for a
specific database move command as indicated in the “Triggered by”
information for each request.

Triggered by: Initiating an action to create a database replica in
another domain.
Carried out on: The server that contains the database being
replicated.
Carried out: Timed
the user submitting the request and the destination server have at
least Reader access in the ACL of the database. If the user and
destination server have the necessary access and if a Connection
document between the source and destination server exists, the

Reference
Administration Process generates a “Create replica” request in the
Administration Requests database of the source server.
For more information on the “Check access for new replica creation”
request, see “Create Replica - Cross domain administration request” in
this appendix.

Triggered by: Executing the move database from a clustered server
command.
Carried out: Timed
initiating the request has Manager with “Delete documents” access
to the database being moved and that the destination server has
Reader access to the database being moved.
For more information on the processing of the “Check access for move
replica creation” request, see “Move database from a cluster server” in
this appendix.

Triggered by: Executing a move mail file command.
Person document.
Carried out: Timed
mail file servers, and sets up the ACLs so that the old and new
servers have Manager access. If it is the administration server of the
mail file, posts the “Create new mail replica” request. If it is not the
administration server for the mail file, posts a “Promote new mail
server’s access” administration request.
For more information on the processing of the “Check mail server’s
access” request, see “Move a mail file from one server to another” in this
appendix.

Triggered by: Executing the move database from a non-clustered
server command.
Carried out on: The source server for the database.
Carried out: Timed

the user submitting the request is the Manager of the Domino
Directory and that the destination server has Reader access in the
ACL of the database. Posts a “Non-cluster Move Replica” request.
For more information on the “Check access for non-cluster move replica”
request, see “Move database from a non-cluster server” in this appendix.

Reference
Appendix G
Novell Directory Service for the IPX/SPX Network
Domino servers and Notes workstations support Novell Directory

Service (NDS) with IPX/SPX.
Novell Directory Service for the IPX/SPX network

To create a Domino server NDS object, you add the Domino server
object class to the NDS schema. Then you use either the Novell
NetWare Administrator with the NetWare Administrator Snap-in
(NDSNOTES.DLL) or the Lotus NDS Manager (NDSMgr) to allow Notes
workstations and Domino servers to use the NDS object to access the
Domino server. The first time you start the Domino server, the SPX port
driver verifies that the Domino server NDS object is present, and then the
Domino server initializes, or updates, the object with the Domino server
IPX/SPX address. After the server object has been initialized,
workstations and other servers can use the object to access the server.
A Domino NDS object is persistent. Therefore, when a Domino server is
down, its corresponding NDS object is still present in the NDS tree.
Notes workstations and Domino servers that use NDS and attempt to
connect to an unavailable Domino server receive a message indicating
that the server is not responding. In addition, because a Domino NDS
object is persistent, it is updated only when one of its attributes changes.
For example, installing a new NIC changes the object’s “network
address” attribute. In some cases, you may need to delete the Domino
NDS object and recreate it so it will reinitialize when the Domino server
restarts.
To view Domino server NDS object names in NDS, use the NetWare
Administrator with the Domino NetWare Administrator Snap-in
(NDSNOTES.DLL), which uses the Domino icon to identify the Domino
server. Other NDS viewers may use a “smiley face” to identify the
Domino server.
G-1
Domino NDS object attributes
To examine the attributes of Domino NDS objects, use either NetWare
Administrator with Domino NetWare Administrator Snap-in
(NDSNOTES.DLL) or the Lotus NDS Manager. The following table
contains attributes for a Domino NDS object.
Attribute Description
Server Name NDS name of Domino server — for example,
CN=Chicago.OU=Sales.O=Acme
Network Address IPX address: network address: node address: socket number
— for example, IPX: 030000508: 00805F685BDA: 506f
Status UNINITIALIZED or INITIALIZED. If UNINITIALIZED, the
Domino server has not updated this object with its network
address. If INITIALIZED, the Domino server has updated
the object. However, if you are using Windows, the status
attribute shows UNINITIALIZED.
Version Domino build number — for example, 143
Description Optional comments about the object — for example, the
administrator’s name and location
Administering Domino server NDS objects

To administer a Domino server NDS object from a workstation, you can
use Novell NetWare Administrator with the Domino NetWare
Administrator Snap-in (NDSNOTES.DLL) or Lotus NDS Manager.
NetWare Administrator
NetWare Administrator is Novell’s standard tool for administering NDS
and all objects in the tree. To access NetWare Administrator, run one of
the following:
• NWADMINNT.EXE if you are using a Windows NT or 2000 client
• NWADMIN95.EXE if you are using a Windows 95, 98, or XT client
Domino supplies a snap-in (NDSNOTES.DLL) to the NetWare
Administrator that allows Domino servers to be administered using one
standard tool. You must configure NetWare Administrator before you
can use the snap-in.
Using NetWare Administrator, you can access menus to determine the
actions that can be performed on the Domino server NDS object. Using
the snap-in, the Domino server becomes an object class. The Domino
server NDS object class and servers are represented by the Domino icon.
G-2 Administering the Domino System, Volume 2

Reference
Lotus NDS Manager
For administration on Windows clients, Domino provides Lotus NDS
Manager (NDSMGR.EXE) which is located in the Domino program
directory and uses DLLs also found in the Domino program directory.
The following table describes the commands to use with Lotus NDS
Manager.
Task Command
Create the Domino server -c
NDS class
Remove the Domino server -r
NDS class
Add a Domino server to the -a
tree For example, this command adds the Domino
server Burke to the tree:
-a cn=Burke.o=Acme
Delete a Domino server from -d
the tree For example, this command deletes the Domino
server Burke from the tree:
-d cn=Burke.o=Acme
Read a Domino server’s -s
object attributes
Configuring the Domino snap-in registry values

Note Before modifying the registry, make sure you can start the
NetWare Administrator on the Notes workstation.
On a Windows NT or 2000 workstation

1. Copy the NDSNOTES.DLL to the directory where NetWare
Administrator resides on the Novell server.
2. From the Start menu on the workstation, choose Run and enter
REGEDT32.EXE (WINNT\SYSTEM32\REGEDT32.EXE).
3. Click HKEY_CURRENT_USERS - Software - Network - NetWare
Administrator - SNAPIN OBJECTs DLL WINNT.
4. From the Edit menu, select Edit, and then select Value and enter
NDSNOTES.DLL in the Value box (leave DATA TYPE: REG_SZ as
is), and click OK.
5. Enter NDSNOTES.DLL in the String box and click OK.
6. Verify NDSNOTES.DLL:REG_SZ:NDSNOTES.DLL is added to the
list of objects and exit the registry.
7. Reload NWADMNT.EXE.
Novell Directory Service for the IPX/SPX Network G-3

On a Windows 95, 98, or XP workstation
1. Copy the NDSNOTES.DLL to the directory where NetWare
Administrator resides on the Novell server.
2. From the Start menu on the workstation, choose Run and enter
REGEDIT.EXE.
3. Click HKEY_CURRENT_USERS - Software - NetWare - Parameters -
NetWare Administrator - SNAPIN OBJECTs DLL WIN95 or
SNAPIN OBJECTs DLL WIN98.
4. From the Edit menu, choose Edit, and then select Value.
5. Type NDSNOTES.DLL in the New Value #1 box (renaming this to
NDSNOTES.DLL).
6. Click the new entry NDSNOTES.DLL and enter NDSNOTES.DLL in
the Value Data box.
7. Verify NDSNOTES.DLL. “NDSNOTES.DLL” is added the list of
objects.
8. Reload NWADMN95.EXE.
9. To check that the NDSNOTES.DLL has been properly installed, in
NetWare Administrator, choose Object - Create. The Domino server
class object should be included in the list.
Using NetWare Administrator to manage a Domino NDS object

The following table describes how to use NetWare Administrator to
manage a Domino server NDS object.
Task Action
Create a Domino server NDS object Choose Tools - Define Notes Class.
class
Delete Domino server NDS object class Choose Tools - Define Notes Class.
Add a Domino server NDS object class Choose Object - Create.
Select Domino server object.
Enter the Domino server name.
Delete a Domino server NDS object Select the Domino server.
Choose Object - Delete.
Read a Domino server NDS object’s Select the Domino server.
attributes
View a Domino server NDS object’s Double-click the Domino server NDS
attributes object.

Reference
Setting up NDS for a Notes workstation
To set up NDS for a Notes workstation, you must configure NDS within
the NetWare client and then configure the Notes workstation to use NDS.
Configuring NDS for a Notes workstation

1. Install a NetWare-compatible client that supports NDS and IPX/SPX.
2. Make sure the user log-in object has at least browse access to the
NDS tree.
3. Specify a Preferred Tree and Default Context. If you are using
Windows, specify these settings in the Control Panel.
4. Log into the NDS tree.
Configuring a Notes workstation to use NDS

1. Start the Notes workstation.
2. If you have not enabled the SPX port, do the following:
a. Choose File - Preferences - User Preferences - Ports.
b. Select SPX and select Port Enabled. The Notes workstation
automatically enables NDS and Bindery Services.
3. If you use only NDS on all Domino servers in your organization, do
the following:
a. Click SPX Options, select Advanced configuration, and then
select NetWare Directory Services to disable Bindery Services
lookup within Domino.
b. Create a Connection document for the home server in each user’s
Personal Address Book. In the Destination server field, enter the
NDS distinguished name for the home server. For example, if a
Domino server name is Chicago/Midwest/Acme, its NDS
distinguished name is CN=Chicago.OU=Marketing.O=Acme.
4. If you use only NDS and want to specify a backup Domino Directory
to use if the user’s home server is unavailable, edit the Location
document in each user’s Personal Address Book and specify a
For more information on naming Domino servers on an NDS network,
see the chapter “Setting Up the Domino Network.”
Setting up NDS for a Domino server

To set up NDS for a Domino server, you must first configure NDS for the
NetWare client or server and then configure the Domino server to use
NDS. To add a class to an NDS schema or add a Domino server NDS
object, you need NDS Administrator privileges.

Configuring NDS for a Domino server
1. Install a NetWare-compatible client that supports NDS and IPX/SPX.
2. Make sure the user log-in object has trustee rights to the directory
tree that include browse, create, compare, read, and write.
3. Log into the NDS tree.
4. For each NDS tree, do one of the following to create a Domino server
NDS object class and add the class to the NDS schema:
• If you are using NetWare Administrator, choose Tools - Define
Notes Class.
• If you are using NDSMgr, enter this command:
ndsmgr -c Notes
5. To add each Domino server NDS object to the NDS tree, do the
following:
• If you are using NetWare Administrator, choose Object - Create -
Notes Server Object and enter the Domino server name. You can
add information to the description if necessary.
• If you are using NDSMgr, enter this command:
ndsmgr -a cn=server_name.o=preferred_tree,
Where server_name is the NDS name of the Domino server and

preferred_tree is the Preferred Tree name.
6. If you want the Domino server to log into NDS automatically when
the server starts, create user log-in objects for the Domino server and
make sure each user log-in object has trustee rights that include
browse, create, compare, read, and write access to the NDS directory
tree.
Configuring a Domino server to use NDS

1. Specify a preferred tree and default context. If you are using OS/2
Advanced Warp Server, specify these settings in the NET.CFG file. If
you are using Windows NT, specify these settings in the control
panel.
2. If you want the Domino server to log in to NDS automatically, edit
the NOTES.INI file to include these settings:
NWNDSUSERID=cn=server_name.o=tree_name
Where server_name is the NDS name of the Domino server and

tree_name is the name of the tree.
NWNDSPASSWORD=NDS_Service_Password
Where NDS_Service_Password is the password the Domino server

uses to log into NDS.

Reference
3. If you have not enabled the SPX port, start the Notes workstation
and choose File - Preferences - User Preferences - Ports. Select SPX
and select Port Enable. Domino automatically enables NDS and
Bindery Services.
4. If you use only NDS on all Domino servers in your organization,
click SPX Options, select Advanced configuration, and then select
NetWare Directory Services (NDS) to disable Bindery Services
lookup within Domino.
5. Open the Server document for this server in the Domino Directory
and add the NDS server name to the Network Address field on the
Ports tab. Include the Domino server’s NDS distinguished name.
6. Exit the Notes workstation.
NOTES.INI settings for Novell Directory Service (NDS)

The following table contains the NOTES.INI settings that pertain
specifically to NDS.
File.”
Setting Description
NWNDSUserID Specifies the NDS Service/UserID, which Domino uses
to log into the NDS tree.
NWNDSPassword Specifies the NDS Service Password, which Domino uses
to log into the NDS tree.
Example of setting up NDS for a Domino server

This example is from a NOTES.INI file that specifies a Domino server
NDS object name. The server name and password are configured so the
Domino server automatically logs into NDS when the server starts.
[NOTES]
KitType=2
Directory=F:\NOTES\data
FileDlgDirectory=F:\NOTES\
NWNDSUSERID=CN=SPXPYTHON.O=ZOO
NWNDSPASSWORD=NOTES

Reference
Appendix H
Accessibility and Keyboard Shortcuts in Domino
Administrator
This appendix contains an extensive list of keyboard shortcuts that are

available in the Domino Administrator as well as other
accessibility-related information and instructions on where to find
additional information.
Accessibility and keyboard shortcuts

The Domino Administrator is accessible to people with physical
challenges. Those with restricted mobility or limited vision can use the
following assistive aids:
• Extended accelerator keys let you navigate through the Bookmark
bar and window tabs using your keyboard. Note that you must
enable extended accelerator keys before you can use them.
• Keyboard shortcuts let you navigate through and perform a variety
of tasks in Domino Administrator.
For more information on accessibility, see:
• The topic, “Customizing Notes for Accessibility” in Lotus Notes 6
Help. If you do not have Help installed, go to the Documentation
Library of the Lotus Developer Domain at
http://www.lotus.com/ldd/doc to download or view Lotus Notes 6
Help.
• The IBM Accessibility Center Web site at
http://www-3.ibm.com/able/
• The W3 Web Accessibility Initiative (WAI) site at
http://www.w3.org/WAI/
H-1
Enabling and using extended accelerator keys
Before you can use extended accelerator keys to navigate through the
Bookmark bar or the window tabs, you must enable the keys.
To enable extended accelerators for the Bookmark bar:
1. Choose File - Preferences - User Preferences.
2. Select Basics.
3. In the Additional Options box, select “Show extended accelerators”
and then click OK.
To use extended accelerator keys in the Bookmark bar

After you enable extended accelerator keys, press ALT+B to display
them in the Bookmark bar. You can use the accelerator keys as follows:
• To navigate, use the UP and DOWN ARROWS, and HOME, END,
PAGE UP, and PAGE DOWN.
• To select a Bookmark icon, press ENTER.
• To remove focus from a Bookmark icon, press ESC.
To enable keyboard navigation of window tabs

1. Choose File - Preferences - User Preferences.
2. Select Basics.
3. In the Additional Options box, select “Show extended accelerators”
and then click OK.
To use extended accelerator keys in window tabs

To use an accelerator key, press ALT+W, followed by the number that
appears next to the window tab.
Keyboard shortcuts
The keyboard shortcuts in this section are based on U.S. standard
keyboards. If you are using a screen reader, you may want to maximize
your window so the tables of shortcuts are completely expanded and
accessible.
H-2 Administering the Domino System, Volume 2

Reference
Keyboard shortcuts for the Domino Administrator user interface
You can use the following keyboard shortcuts to navigate through the
Domino Administrator user interface.
Press To do this
ALT+B, then number (extended Open bookmark on Bookmark bar
accelerators in User Preferences
must be enabled)
ALT+F5 Restore Domino Administrator to default
minimized size
ALT+F7, then ARROW keys, then Move position of active window
ENTER
ALT+F8, then ARROW keys, then Change size of active window
ENTER
ALT+F9 Minimize active window
ALT+F10 Maximize active windows
ALT+underlined letter for menu Access menu item
item
ALT+underlined letter for menu Move to next menu item
item, or ARROW keys
ALT+W, then number (extended Open window tab on task bar
accelerators in User Preferences
must be enabled)
CTRL+BREAK Stop operation in progress
CTRL+L, type URL, then ENTER Go to a Web page
CTRL+Q or ALT+F4 Exit Domino Administrator
CTRL+TAB Move to next window tab
ESC or CTRL+W Close active window
F1 Get Help on current feature
F5 Lock User ID
F6 Move to next pane or frame
F10 or ALT Access menu bar
SHIFT+ALT+S Open search menu
SHIFT+CTRL+TAB Move to previous window tab
continued
Accessibility and Keyboard Shortcuts in Domino Administrator H-3

Press To do this
SHIFT+CTRL, then UP ARROW or Select multiple bookmarks or bookmark
DOWN ARROW folders
SHIFT+DOWN ARROW Select additional items below an already
selected item
SHIFT+F6 Move to previous pane or frame
SHIFT+F10 Access Windows context menus
SHIFT+UP ARROW Select additional items above an already
selected item
Keyboard shortcuts for databases

You can use the following keyboard shortcuts for opening and closing a
database, and for using database features including navigating within
views, folders, and panes.
Press To do this
ARROW keys Move through embedded element
CTRL+N Create new database
CTRL+O Open database
ENTER Select item in embedded outline
ESC Exit embedded element
ESC or CTRL+W Close current database
F9 Refresh current document (in Edit mode),
view or workspace
MINUS (-) key Collapse folder in embedded outline
PAGE DOWN Move to bottom of active page
PAGE UP Move to top of active page
PLUS (+) key Expand folder in embedded outline
SHIFT+CTRL+F9 Update all views in current database
SHIFT+F9 Rebuild current document, view, workspace
(must have Manager access)
SPACEBAR Give focus to embedded element
UP and DOWN ARROW Move through embedded outline

Reference
Keyboard shortcuts for dialog boxes
Standard dialog boxes appear when you perform many tasks in the
Domino Administrator. For example, when you choose File - Database -
Open, the Open Database dialog box appears.
Press To do this
DOWN ARROW or RIGHT Select next item in a list or set of options in
ARROW dialog box
ESC Cancel changes and close dialog box
F1 Get Help on current dialog box
SHIFT+TAB Move to previous option or set of options in
dialog box
SPACEBAR Access default or selected item(s) in dialog
box
TAB Move to next option or set of options in
dialog box
UP ARROW or LEFT ARROW Select previous item in a list or set of
options in dialog box
Keyboard shortcuts for properties boxes

In the Domino Administrator, you can learn about and change the
characteristics of a document, object, or database by opening a properties
box. For example, when you edit a document, choose Text - Text
Properties from the menu to open the Text Properties box.
Press To do this
ALT+DOWN ARROW Open Color box in Font tab
ALT+UP ARROW Close Color box in Font tab
ALT+ENTER Open or close properties box
CTRL+ALT+ENTER Open or close express tools in properties
box
CTRL+END Move to last properties box tab
CTRL+HOME Move to first properties box tab
CTRL+PAGE DOWN Move to next properties box tab
CTRL+PAGE UP Move to previous properties box tab
DOWN ARROW or RIGHT Select next item in a list or set of options in
ARROW properties box
continued

Press To do this
ENTER Activate default or selected item(s) in
properties box
ENTER Close Color box in Font tab and activate
selection
ESC Close Color box in Font tab without
activating selection
F1 Get Help on current properties box
SHIFT+CTRL+END Move to first properties box in list
SHIFT+CTRL+HOME Move to last properties box in list
SHIFT+CTRL+PAGE DOWN Move to next properties box in list
SHIFT+CTRL+PAGE UP Move to previous properties box in list
SHIFT+TAB Move to previous option or set of options in
properties box
TAB Move to next option or set of options in
properties box
UP ARROW or LEFT ARROW Select previous item in a list or set of
options in properties box
Keyboard shortcuts for documents

You can use the following keyboard shortcuts when you work with a
document.
Press To do this
CTRL+DOWN ARROW Move to next highlighted search word in
document appearing in preview pane
CTRL+E Edit document
CTRL+END Move to bottom of document
CTRL+F Find text and replace
CTRL+G Find next occurrence of text
CTRL+HOME Move to top of document
CTRL+P Print selected document
CTRL+PAGE DOWN Move to next tab in tabbed table
CTRL+PAGE UP Move to previous tab in tabbed table
CTRL+UP ARROW Move to previous highlighted search word
in document appearing in preview pane
continued

Reference
Press To do this
ESC Move to previous linked document
F4 or TAB Move to next unread document
LEFT ARROW Move to previous link or object
RIGHT ARROW Move to next link or object
SPACEBAR Activate selected object
SPACEBAR Expand or collapse selected section
SPACEBAR Open selected link to document, view, or
database
Keyboard shortcuts to select and move text in a document

You can use the following keyboard shortcuts when you create or edit a
Mail memo or a document. You must use Edit mode to use these
shortcuts. Press CTRL+E to put your document in Edit mode.
Press To do this
CTRL+A Select all contents of document
CTRL+C Copy selected text or object
CTRL+DOWN ARROW Move item in list or table one row down
CTRL+UP ARROW Move item in list or table one row up
CTRL+V Paste text or object
CTRL+X Cut selected text or object
DELETE Delete selected graphic
DELETE Delete selected text or object
SHIFT+CTRL+DOWN ARROW Select text up to same point of next line
SHIFT+CTRL+LEFT ARROW Select previous word
SHIFT+CTRL+RIGHT ARROW Select next word
SHIFT+CTRL+UP ARROW Select text up to same point of previous line
SHIFT+DOWN ARROW Select text to end of current line, move focus
to next
SHIFT+END Select text to end of current line
SHIFT+HOME Select text to beginning of current line
SHIFT+LEFT ARROW Select previous character
SHIFT+RIGHT ARROW Select next character
SHIFT+UP ARROW Select text to beginning of current line,
move focus to previous

Keyboard shortcuts to move the cursor in a document
Mail memo, a document, or a form. You must use Edit mode to use these
Press To move to
CTRL+LEFT ARROW Beginning of current word
CTRL+RIGHT ARROW Beginning of next word
END End of line
HOME Beginning of line
SHIFT+TAB Previous field in a form
SHIFT+TAB Previous row in table
TAB Next field in a form
TAB Next row in table
Keyboard shortcuts to change text and paragraph properties in a

document
Mail memo, a document, or a form. You must use Edit mode to use these
Press To do this
CTRL+B Bold selected text
CTRL+E Put document in Edit mode (toggle)
CTRL+F Find text and replace
CTRL+G Find next
CTRL+I Italicize selected text
CTRL+J Format paragraphs (alignment, spacing, and
so on)
CTRL+K Format text (font, size, color, and so on)
CTRL+R Show/Hide ruler
CTRL+T Change text style to default (color changes only
if the text style is from a Paragraph Style)
CTRL+U Underline selected text
CTRL+Z Undo last action
F2 Enlarge selected text to next available point
size
continued

Reference
Press To do this
F7 Indent first line in paragraph
F8 Indent entire paragraph
view, or workspace
F11 Cycle through paragraph styles from
Paragraph Styles tab in Text Properties box
SHIFT+CTRL+L Insert page break
SHIFT+F2 Reduce selected text to next available point
size
SHIFT+F7 Outdent first line in a paragraph
SHIFT+F8 Outdent entire paragraph
Keyboard shortcuts when working in views

You can use the following keyboard shortcuts in a view.
Press To do this
CTRL+A Select all documents in view
CTRL+C Copy selected document
CTRL+F Find text in view
CTRL+P Print selected document or view
CTRL+V Paste selected document
CTRL+X Cut selected document
DELETE Delete selected document (place document in
Trash folder)
ENTER Select item in embedded view
F3 Move to next selected document
F4 or TAB Move to next unread document
view, or workspace
SHIFT+CTRL+F9 Update all views in current database
SHIFT+DELETE Delete selected document permanently
SHIFT+F3 Move to previous selected document
SHIFT+F9 Rebuild current document, view, or
workspace (must have Manager access)
SPACEBAR Select or deselect document

Reference
Appendix I
Server.Load Command Language
This appendix describes the commands that you use to create a custom
Server.Load script.
Server.Load commands
Server.Load scripts consist of statements in a simple command language,
the Server.Load specification language. Each command simulates an
aspect of the Notes client functionality. You can build a script containing
a series of these commands to perform a complex task, such as reading
and deleting mail.
Server.Load script conventions

Review the following sample script and the breakdown of its elements to
understand the conventions of the Server.Load command language. This
sample script example creates and initializes mail file(s). Text enclosed
in asterisks (**) indicates comments. Commands are case-insensitive;
therefore, you can enter them in all lowercase, all uppercase, or in mixed
case.
**Changeto specifies the database to use for the test. [MailServer] is the
NOTES.INI setting for the changeto command. NOTES.INI settings are
enclosed in square brackets [ ]. The value of the setting can be in the
NOTES.INI file or you can hard-code it into the script. — for example,
changeto [WFS], where WFS is the name of the mail server. [#] is the
number of the thread, or simulated user.**
changeto [MailServer]!!mail\mail[#].nsf mail60.ntf
*Ensure that the current database contains a defined number of

documents (NumMailNotesPerUser) to use in the test.
populate [NumMailNotesPerUser] $Inbox
*Open the current view

open
I-1
*Close the view
close
drop
@Else command
Use with the @If command in a Server.Load script.
Example
@If[DeleteEntry]
delete 1
@Else
add 1
@EndIf
@EndIf command
Use with the @If command in a Server.Load script.
Example
@If[DeleteEntry]
delete 1
@Else
add 1
@EndIf
@If command
Used in a Server.Load script to execute [Commands] if [Value] is
non-zero. @If is used to execute multiple commands or to use an @Else
condition.
Syntax
@If [Value] [Commands] [@Else [Commands]] @EndIf
Where:
• [Value] — Typically a NOTES.INI setting
I-2 Administering the Domino System, Volume 2

Reference
Example
This example executes the Delete command, only if [DeleteDoc] is
defined in the NOTES.INI file and is non-zero; otherwise, the Add
command is executed:
@If [DeleteDoc]
Delete 1
@Else
Add 1
@EndIf
Add command
Use in a Server.Load script to create new documents in a database
according to the value of a. Each new document consists of: an author
field with the current user’s name; a recipient’s field with the current
user’s name; the ordinal number of the document as a summary item; the
subject (summary) text item; the optional attachment item; and the body
(non-summary) text item.
If no number is specified, one note is created. If b is not specified, the
length of the summary data is a uniform random number between 1 and
100 bytes. If c is not specified, the length of the non-summary data is a
uniform random number between 100 and 300 bytes.
Syntax
Add(a, b, c)
Where:
• a — Number of documents to be added
• b — Length of summary item\“Subject\” (optional; default is \“”)
• c — Length of non-summary item \“Subject\” (optional; default
value is \“”)
Note The body (non-summary) value cannot exceed 65000 bytes.
Example 1
This example adds documents to the default view All Document $all.
changeto [mailserver]!!mail\mail[#].nsf mail60.ntf
-keepopen
add [a]
drop
Server.Load Command Language I-3

Note You need to add a value for the environment variable “a” in the
NOTES.INI file, or you can code it into the script, as below:
changeto [mailserver]!!mail\mail[#].nsf mail60.ntf -keepopen
* Hard coded with value of 10 documents

add 10
drop
Example 2
This example adds documents to the Inbox folder using -f (foldername).
add [a] -f $Inbox
drop
Example 3
This example adds 1 document to the Inbox view with the subject
(Length of summary item) set to 30 bytes and the Body (Length of
non-summary item) is set to 10000 bytes.
add 1 30 10000 -f $inbox
drop
BeginCrit command
Use in a Server.Load script to mark the beginning of a script’s critical
region. A critical region is a series of lines in a script that can only be
executed by one Server.Load simulated user (thread). The critical region
is marked by the BeginCrit and EndCrit pair. There can be a maximum of
6 critical regions per script.
BeginLoop command
Use in a Server.Load script to mark the start of the loop and the point to
which the Rewind statement returns control. A script can have one loop.

Reference
BeginLoop2 command
Use in a Server.Load script to mark the start of the loop and the point to
which the Rewind2 statement returns control.
Break command
Use in a Server.Load script to allow the user to set program control after
an error.
Syntax
Break [x]
Where x is:
• 1 — To terminate program upon error
• 0 — To move on to next line upon error
The default is Break 1.
Cal command
Use in a Server.Load script to schedule an appointment or invitation.
Syntax
Appointment:
cal -a <db> <msgsz> <dur> <startrng> <endrng> <nthiter>
Invitation:
cal -i <db> <msgsz> <dur> <startrng> <endrng> <numrecip>
<nthiter>
Where:
• <dur> — Duration, in minutes
• <startrng> — Lower bound for the number of days ahead to
schedule
• <endrng> — Upper bound for the number of days ahead to
schedule
• <numrecip> — Number of recipients
• <nthiter> — Nth iteration of the script

ChangeTo command
Use in a Server.Load script to set the current database for the test.
Provide the full file name of the database (use server!!file if a remote
database), or specify the keyword MAIL to open the mail database.
The following statements operate on the specified database. If the
database doesn’t exist, a new database is created using template
[database template name]. If the keepopen option is specified (which is
the string “-keepopen”), the database is not closed and reopened if it is
already open.
Syntax
ChangeTo [database name] [database template name]
[-keepopen]
Where:
• [database name] — Full file name of the database
• [database template name] — File name of the template database
• [-keepopen] — Keeps the database open
Example 1
Using changeto to create a local database.
* Create local file using the journal template (journal.ntf)
* NOTES.INI contains setting templateversion=4
changeto journal.nsf journal[templateversion].ntf -KeepOpen
pause 5000
* Populate the view with 10 notes

populate 10
pause 5000
* Open the view collection

open
* Update the view index

index
pause 5000
* Close the view collection

close

Reference
Example 2
Using changeto to create multiple databases on a server. In this example
the thread number is substituted in for the [#] symbol.
* Create one or more databases on Mailserver using (journal.ntf)
* NOTES.INI contains setting templateversion=4
* Creation of multiple databases, based on the number of threads
* All test databases will be placed in the journal directory
changeto [MailServer]!!journals\journal[#].nsf
journal[templateversion].ntf -KeepOpen
pause 5000
* Populate the view with 10 documents

populate 10
pause 5000
open

index
pause 5000

close
Example 3
Create and initialize mail file(s)
Note Uses Script Variable [NumMailNotesPerUser]
* Script to create and initialize mail file(s)
* Make sure there are enough notes in mail database

* Open the current view

open
* Close the view

close
drop

Close command
Use in a Server.Load script to close the current view. The view is opened
with the Open command.
Console command
Use in a Server.Load script to allow you to issue remote server console
commands, similar to the Domino server console in the Domino
Administrator console. You must have administration rights on the sever
you are attempting to issue commands to.
Syntax
Console [server] [command]
Where:
• [server] — The server at which to execute the console command
• [command] — The command executed to the server
Example
This example uses the console command to issue a Show Stat command.
• The console command is analogous to remote console capability
• In this example sh stat is issued. Any server command can be
substituted.
Console [MailServer] sh stat
DbDelete command
Use in a Server.Load script to delete a database (locally or on a server). If
the database is on a server, you must have delete database access.
Syntax
DbDelete [dbname]
Where:
• [dbname] — Full database name. (Use server!!file if remote
database.)

Reference
Delete command
Use in a Server.Load script to delete randomly selected notes from the
current database. Using Delete without any arguments deletes only one
document from the database. To determine how to set the current
database, use the ChangeTo command.
Syntax
Delete [#]
Where:
• [#] — Number of documents to delete
Drop command
Use in a Server.Load script to drop all network connections on the
specified port.
Syntax
Drop [hangup] [port]
Where:
• [hangup] — Causes the connection to be disconnected.
• [port] — The port to be disconnected.
Example 1
Disconnects the connection on the port specified.
pause 1min
drop hangup tcpip
Example 2
Disconnects all user sessions on specified port
changeto [MailServer]!!mail\mail[#].nsf
pause 1min
*Add additional statements here

drop tcpip

EndCrit command
Use in a Server.Load script to indicate a critical region that can be
executed by only one simulated user (thread). The critical region is
marked by the BeginCrit and EndCrit pair. There can be a maximum of
six critical regions per script.
Entries command
Used in a Server.Load script to simulate a user pressing PgUp and PgDn
or pressing Up and Down arrows to traverse a view.
Syntax
Entries [start] [end] <navigation option>
Where:
• [start] — Starting index ordinal position (optional; default is 1)
• [end] — Number of index entries to be read (optional; default is
“All”)
• <navigation option> — One of the navigation options, described
in the Navigate command.
ErrorDelay command
Used in a Server.Load script to set a time delay after a nonfatal error
occurs.
Syntax
ErrorDelay [delay]
Where:
• [delay] — Time to delay, in milliseconds. (Default is 150000 -
20000ms, or 15 to 20 seconds)

Reference
FindByKey command
Used in a Server.Load script to enable you to search index entries by key.
Syntax
FindByKey "[KeyField]#searchstring"
Where:
• key list — List of keys separated by semicolons. Each key is in the
<item>#<value> format, where <item> is the item, name, and
<value> is the value. The FindByKey “key list” argument is the
Field Name of the column searched, and the value of the data as it
appears in the column.
• option list — One or more of the following, each separated with a
space:
NO_ACCENT — Accent insensitive
NO_CASE — Case insensitive
PARTIAL — Partial compare
FIRST_EQUAL — First equal entry
LAST_EQUAL — Last equal entry
GREATER_THAN — All entries greater than
LESS_THAN —All entries less than
UPDATE_IF_NOT_FOUND — Update if not found
Example
Search a view containing a column referencing the field “Status” and
search for those “complete.”
FindByKey "[Keyfield]#complete"
The NOTES.INI setting is is Keyfield=Status. This also appears, and is

set, on the Test Parameters tab.

FindByName command
Used in a Server.Load script to enable you to search index entries by name.
Syntax
FindByName [searchstring] <optionlist>
Where:
• [searchstring] — The search collection whose primary sort key
matches the given null-terminated string
• <optionlist> — See the FindByKey command for <optionlist>
choices.
GetAll command
Used in a Server.Load script to fetch the ID table of all Note IDs from the
database. This command must be used before other commands — for
example, Stamp — that operate on random documents in the database
because those commands pick random notes out of this table. If this
command is not used, the master ID table will start from scratch.
Help command
Used in a Server.Load script to display help text. If [command] is
specified, help text for the command is displayed.
Syntax
Help [command]
@If command
Used in a Server.Load script to execute [Commands] if [Value] is
non-zero. @If is used to execute multiple commands or to use an @Else
condition.
Syntax
@If [Value] [Commands] [@Else [Commands]] @EndIf
Where:
• [Value] — Typically a NOTES.INI setting

Reference
Example
This example executes the Delete command, only if [DeleteDoc] is
defined in the NOTES.INI file and is non-zero; otherwise, the Add
command is executed:
@If [DeleteDoc]
Delete 1
@Else
add 1
@EndIf
ImailCheckForNewMail command
Used in a Server.Load script to purge deleted IMAP messages and check
for new messages.
ImailCloseMailbox command
Used in a Server.Load script to close the currently selected IMAP
mailbox.
ImailFetchEntry command
Used in a Server.Load script to get (UID Fetch) body for specified entry.
Syntax
ImailFetchEntry [navigator]
Where:
• [navigator] — CURRENT, NEXT, NEXT_UNSEEN, or FIRST. If
not specified, default is CURRENT.

ImailFetchOld command
Used in a Server.Load script to get (UID Fetch) Body for specified entry.
Syntax
ImailFetchOld [navigator]
Where:
• [navigator] — CURRENT, NEXT, NEXT_UNSEEN, or FIRST. If
not specified, default is CURRENT.
ImailGetLastEntries command
Used in a Server.Load script to get (Fetch) last page of entries (UID, flags,
envelope) for use with ImailFetchEntry.
ImailGetNewMail command
Used in a Server.Load script to check for new IMAP messages.
ImailHelp command
Used in a Server.Load script to displays all available IMAP (IMail*)
commands with Help text.
ImailListMailboxes command
Used in a Server.Load script to list IMAP mailboxes.
Syntax
ImailListMailboxes [refmbox] [mailbox] [sub]
Where:
• [refmbox] — Root mailbox to list from. If not specified, default is
“”.
• [mailbox] — Root mailbox to list from. If not specified, default is
“”.
• [sub] — If TRUE, lists subscribed mailboxes; if FALSE, lists
non-subscribed mailboxes.

Reference
ImailLogin command
Used in a Server.Load script to log in to a server running IMAP.
Syntax
ImailLogin [host] [user] [password]
Where:
• [host] — The Internet host name of the IMAP server — for
example, company.com
• [user] — The IMAP user name to log in as
• [password] — The password of the user
ImailLogout command
Used in a Server.Load script to log out of a server running IMAP.
ImailOpenMailbox command
Used in a Server.Load script to open (select) an IMAP mailbox (the Inbox
folder of the mail file).
Syntax
ImailOpenMailbox [mailbox]
Where:
• [mailbox] — The name of the mailbox to open
ImailPostMessage command
Used in a Server.Load script to add a message to the specified mailbox.
Syntax
ImailPostMessage [bodysize] [linesize] [mailbox]
Where:
• [bodysize] — Total size of the message
• [linesize] — Length of each line in the message, typically 80

• [mailbox] — Name of the folder in which to locate the message,
typically Inbox
Example
This example dreates a 2000-byte message in the Inbox. Each line in the
message contains 80 characters.
ImailPostMessage 2000 80 Inbox
ImailSetSeen command
Used in a Server.Load script to set current message as seen.
Index command
Used in a Server.Load script to update the currently open collection.
Syntax
Index
Example
Updating a view collection with the Index command. In this example, the
thread number is substituted for the pound symbol [#].
* Create one or more databases on mail server using (journal.ntf)
* NOTES.INI file contains setting templateversion=4
* Creation of multiple databases, based on the number of threads
* All test databases will be placed in the journal directory.
changeto [MailServer]!!journals\journal[#].nsf
pause 5000
* Populate the view with 10 documents

populate 10
pause 5000
open

Reference
index
pause 5000

close
LDAPLookup command
Used in a Server.Load script to perform LDAP lookup for specified user
name.
Syntax
LDAPLookup <username>
Where:
• <username> — Performs cn=username search on host LDAPHost.
Note The NOTES.INI file must contain the setting
LDAPHost=system.domainname — for example, LDAPHost =
Server.acme.com
Lookup command
Used in a Server.Load script to search the Domino Directory
(NAMES.NSF) for names you specify.
Syntax
Lookup (a, b, c)
Where:
• a — Mail server name
• b — Namespace, specified as $users, $servers, $groups,$domain,
$people, $People, $ServerAccess, $CrossCertByRoot,
$CrossCertByName,$Users,$Servers, $Certifiers,
$CrossCertByRoot,$Certifiers, $Connections, $Profiles
• c — Names list; each entry separated by ASCII \0
Example
Lookup performed
Lookup fssaixw/ess $Users John Doe/WAS/Acme

NABRetrievePOP3Mail command
Used in a Server.Load script to retrieve POP3 mail messages for a fixed
user in the Domino Directory (NAMES.NSF).
Syntax
NABRetrievePOP3Mail <msg_num> <hostname> <options>
Where:
• <mst_num> — Message to retrieve. Use the value -1 to retrieve all.
• <hostname> — Host name of the server running SMTP MTA.
• <options> — POP3 retrieval options: USE_SSL uses SSL protocol,
LEAVE_ON_SERVER leaves messages on the server.
NABUpdate command
Used in a Server.Load script to update a number of random documents
of a particular type in the Domino Directory (NAMES.NSF) database.
Syntax
NABUpdate(a,b)
Where:
• a — Type of document to update (Person, Group, or Connection)
• b — Number of documents to update. If b is not specified, one
document is updated.
Navigate command
Used in a Server.Load script to read number of documents as listed in
index.
Syntax
Navigate [<a>[<option>[ASYNC]]]
Where:
• <a> — Number of documents to be read (optional; default is 1)
• <option> — One or more of the following navigation options. You
can string multiple options together as OR options, separated by
the split vertical bar (¦) character.

Reference
NEXT, PREV, CURRENT, PARENT, CHILD, NEXT_PEER,
PREV_PEER, FIRST_PEER, LAST_PEER, CURRENT_MAIN,
NEXT_MAIN, PREV_MAIN, ALL_DESCENDANTS,
NEXT_UNREAD, NEXT_UNREAD_MAIN, PREV_UNREAD,
PREV_SELECTED, PREV_SELECTED_MAIN,
PREV_EXPANDED_UNREAD, PREV_EXPANDED,
PREV_EXPANDED_SELECTED,
PREV_EXPANDED_CATEGORY, PREV_EXP_NONCATEGORY,
PREV_HIT, PREV_SELECTED_HIT, PREV_CATEGORY,
PREV_UNREAD_HIT, PREV_NONCATEGORY, CIRCULAR,
MAXLEVEL, MINLEVEL, WITHIN_MAIN, CONTINUE,
PREV_MAIN_ALWAYS, NEXT_SELECTED,
NEXT_SELECTED_MAIN, NEXT_EXPANDED_UNREAD,
NEXT_EXPANDED, NEXT_EXPANDED_SELECTED,
NEXT_EXPANDED_CATEGORY, NEXT_EXP_NONCATEGORY,
NEXT_HIT, NEXT_SELECTED_HIT, NEXT_CATEGORY,
NEXT_UNREAD_HIT, NEXT_NONCATEGORY
• ASYNC — Flag for opening documents asynchronously
NewMail command
Used in a Server.Load script to poll for new mail.
Syntax
NewMail(a,b,c)
Where:
• a — Name of mail file (default is your mail file)
• b — Number of times to poll (default is 1)
• c — Millisecond delay between polls (default is 1000 ms)
NewReplicateDB command
Used in a Server.Load script to create empty database <target> as replica
of <source>.
Syntax
NewReplicateDB <source> <target>

Where:
• <source> — Full file name of source database. Use the format
server!!file for a remote database.
• <target> — Full file name of new target database; if a database
with the same name exists with a different replica ID, it will be
overwritten.
NoteAdd command
Used in a Server.Load script to add a document with the specified
[Subject], [Body], [Attachment], [MsgCount], [NamedField], and
[FolderID].
Syntax
NoteAdd [-sSubject] [-bBody] [-aFileAttachment] [-cMsgCount]
[-nNamedField] [-fFolderID]
Where:
• Subject — Summary item “Subject”
• Body — Non-summary item “Body”
• Attachment — File name of attachment
• MsgCount — Number of messages to add
• NamedField — Named field
• FolderID — Add document to folder with this ID
Open command
Used in a Server.Load script to open a view collection.
Syntax
Open (a) <option>
Where:
• a — View document ID (optional; default is the default view) or
DESIGN to open the design collection. To open a view other than
the default view, enter the decimal value of last 3 digits in the
View Note ID converted from hex to decimal. To view this
property, open the list of views and select a view, then bring up
the Properties for the item.)

Reference
• <option> — One or more of these options:
noupdate, rebuild, invalidate, verify, do_not_create,
verify_shared_view_note, reopen_collection, associate_unread,
getname_list, noupdateunread, namespace
Can also specify UPDATE, which will open using a separate
update. Values are separated by spaces; default value is NONE.
Pause command
Used in a Server.Load script to wait for a specified number of
milliseconds before performing the next command in the script.
Syntax
Pause (a)
Where:
• a — Number of milliseconds to wait, or any of the forms: (Xsec,
X-Ysec, Xmin, X-Ymin, Xhours, X-Yhours)
Populate command
Used in a Server.Load script to ensure that there are
(NumMailNotesPerUser) documents in the current database. This
command locks the database to prevent other users from simultaneously
performing another Populate command, gets the number of documents
currently in the database, and adds documents as necessary.
Syntax
Populate (NumMailNotesPerUser) [folder]
Where:
• NumMailNotesPerUser — Total number of documents you want
the database to have
• folder — Folder or view to which documents will be added
Example
This example creates and initializes a mail file(s); documents are added
to folder $Inbox.

* Make sure there are enough documents in mail database
* Open the current view

open
* Close the view

close
drop
Quit command
Used in a Server.Load script to terminate the open program.
Syntax
Quit
Read command
Used in a Server.Load script to open and close a specified number of
documents.
Syntax
Read (a)
Where:
• a — Number of notes to be opened and closed
Replicate command
Used in a Server.Load script to replicate with server.
Syntax
Replicate <server> <direction> <files> <options>
Where:
• <server> — Server with which to replicate
• <direction> — One of the following: PUSH, PULL, or BOTH
(optional; default is BOTH)

Reference
• <files> — List of files to replicate — for example,
TESTREP1.NSF|TESTREP2.NSF (optional; default is ALL)
• <options> — One or more of these options. Use the split vertical
bar (|) to separate options.
UPDATE_COLL — Update collections
CLOSE_SESSION — End session with server when done
SUMMARY_ONLY — Only replicate summary fields
TRUNCATE — Truncate long documents
PRI_LOW — Replicate low-priority databases
PRI_MED — Replicate medium-priority databases
PRI_HI — Replicate high-priority databases
RetrievePOP3Mail command
Used in a Server.Load script to retrieve POP3 mail messages for a user.
Syntax
RetrievePOP3Mail <user> <password> <msg_num> <hostname>
<options>
Where:
• <user> — User’s POP3 account name
• <password> — User’s POP3 password
• <msg_num> — Message to retrieve; -1 to retrieve all
• <hostname> — Host name of the server running SMTP MTA
• <options> — POP3 retrieval options (USE_SSL for SSL protocol,
LEAVE_ON_SERVER to leave messages on the server)
Rewind command
Used in a Server.Load script to restart the script file, if one is given, up to
a maximum of n iterations, if n is specified. If the script contains a
BeginLoop statement, the next command executed is the one
immediately following the BeginLoop. Otherwise, the next command
executed is the first command in the script. If n is not specified, the
Rewind command is executed indefinitely.

Syntax
Rewind <n>
Where:
• <n> — Number of times to restart the script
Rewind2 command
Used in a Server.Load script to restart the loop, up to a maximum of n
iterations, if n is specified. If the script contains a BeginLoop2 statement,
the next command executed is the one immediately following the
BeginLoop2 statement. If n is not specified, the Rewind2 command
executes indefinitely.
Syntax
Rewind2 <n>
Where:
• <n> — Number of times to restart the script
RSVPInvitation command
Used in a Server.Load script to send a response (acceptance) to an
invitation (if one exists). RSVP is subject to nthIteration.
SendMessage command
Used in a Server.Load script to create and send a mail message. The
random body text in the message is created by the same method as in
CREATEFILE. Message recipients are selected with a uniform
distribution from the people in the Domino Directory (NAMES.NSF) on
the source driver system. All replicas of the Domino Directory on the
source driver systems and SUT have the same content.
Syntax
SendMessage <message_size> <num_recipients> <nth_iteration>
<attachment>

Reference
Where:
• <message_size> — Size of the body text, in bytes
• <num_recipients> — Number of random users that will receive
the message
• <nth_iteration> — Sends a message every n script iterations
• <attachment> — Name of file to be attached to message
(optional). File is assumed to be in Notes data directory unless a
drive/path specification is provided (e.g., c:\mypath\myfile.txt).
SendSMTPMessage command
Used in a Server.Load script to create and send an SMTP mail message.
Syntax
SendSMTPMessage <message_size> <line_size>
<num_recipients/recipient> <hostname> <domain> <client_host>
<nth_iteration>
Where:
• <message_size> — Size of body text in bytes
• <line_size> — Size in bytes of each line in a multi-line message
• <num_recipients> — Number of random users in the Domino
Directory to receive the message
• <recipient> — A recipient’s e-mail address
• <hostname> — Host name of server running SMTP Listener
• <domain> — Domain of user for recipient addresses
• <client_host> — Client host name
• <nth_iteration> — Send a message every n script iterations
SessionsClose command
Used in a Server.Load script to close all open sessions. This statement
only closes sessions opened with SessionsOpen.
Syntax
SessionsClose

SessionsOpen command
Used in a Server.Load script to create sessions on the specified server,
monitor the time it takes to open num_sessions, and return that value. To
close all of the sessions that you open, include the SessionsClose
command in the script.
Syntax
SessionsOpen <server> <num_sessions>
Where:
• <server> — Server where the sessions will be created
• <num_sessions> — Number of sessions to create
SetContextStatus command
Used in a Server.Load script to set the context iteration status.
SetCalProfilecommand
Used in a Server.Load script to set the Owner and BusyName fields for
the current database.
Stamp command
Used in a Server.Load script to select ’a’ random documents from the list
of Note IDs returned from GetAll. Stamp modifies a summary data field
of length ’b’ in each document with the same random value.
Syntax
Stamp (a, b)
Where:
• a — Number of documents to be stamped
• b — New size of the summary item “Subject” (optional; default
is “”)

Reference
Unread command
Used in a Server.Load script to set the database unread list for the
current collection to contain (a) random documents. This command may
be used before a Navigate with one of the unread navigation options to
simulate reading a specific number of new documents.
Syntax
Unread (a)
Where:
• a — Number of documents to select randomly as unread
Update command
Used in a Server.Load script to update random documents in a database,
based on the value of ’a’.
Syntax
Update (a, b, c)
Where:
• a — Number of documents to be updated. If ’a’ is not specified,
one document is updated.
• b — New size of the summary item “Subject” (optional; default is
“”). If ’b’ is not specified, the length of the summary data is a
• c — Length of non-summary item “Body” (optional; defaults to
“”). If ’c’ is not specified, the length of the non-summary data is a

WebGet command
Used in a Server.Load script to retrieve information from a specified URL.
Syntax
WebGet -[sumonly | alldata] [{-url <urlname> [-walk <depth>
<span>] [-proxy <urlname>] } | { [-file <filename>] | <#
entries to fetch> [-concurrent | -sequential ] } ]
-[holdtime <ct> <st>]
• - [sumonly | alldata} — Retrieves either summary information

(sumonly) or actual data — for example, a graphic image (alldata)
for a specified URL. The summary information is retrieved with
the HTTP HEAD command; the actual data is retrieved with the
HTTP GET command. Summary mode is useful for placing a light
load on the HTTP server, as summary information is typically less
than 300 bytes, versus an HTML document or image which can be
any size.
• [{-url <urlname> [-walk <depth> <span>] [-proxy <urlname>] } |
{ [-file <filename>] | <# entries to fetch> [-concurrent |
-sequential ] } ] -[holdtime <ct> <st>]
After Web content has been retrieved from a URL (for example,
-url www.ibm.com), the -walk switch can be used to traverse
hyperlinks found on each page. The <depth> parameter indicates
the number of hyperlinks to traverse for a given page; for each
HTML document traversed, and is recursively applied to that
page as well. The <span> parameter indicates the maximum
number of pages for a given link that can be traversed before
coming back to the initial request page.
The -walk switch does not traverse links that have previously been
traversed (that is, a “back to home” link will not be selected); this
prevents an endless recursive loop. The -walk command also does
not explore links that lead to other HTTP servers (that is, a link on
www.lotus.com that leads to www.ibm.com will not be selected),
avoiding the endless exploration of HTTP servers. The -proxy
switch should be used when the specified URL is an external site
—that is, one that must be accessed via the specified proxy server.
The -holdtime switch specifies the amount of time WebGet will
wait before completing an HTTP transaction. The sequence of
events required to complete an HTTP transaction is: establish a
connection to an HTTP server, send the command to the HTTP
server, receive back data from the HTTP server.

Reference
The <ct> parameter indicates the amount of time, in milliseconds,
to wait after issuing a command to the HTTP server. This
effectively holds the HTTP server thread/process that has been
dispatched to service the request in an idle state. <ct> should be
less than the HTTP server’s connect time timeout parameter
(typically 2 minutes). The <st> parameter specifies the amount of
time to wait after sending the command to the HTTP server. This
effectively holds the servicing HTTP server thread/process idle,
even though it may be ready to send data.
Example 1
The command [-url www.lotus.com -walk 2 1] is interpreted from a Web
browser’s point of view as, “starting at web page www.lotus.com,” select
two links on the page to click (if the page has at least two links). Click the
first selected link, return back to the initial page, then click the second
link, and return back to the initial page.
Example 2
The command [-url www.lotus.com -walk 1 2] is interpreted from a Web
browser’s point of view as, “starting at web page www.lotus.com,” select
one link on the page to click. Click the link, then apply the same rule
recursively to each new page. Assuming that the first link clicked is
www.lotus.com/notes.htm, the rule then requires WebGet to find one
link on that page and traverse it. The span parameter indicates a
stopping point for the recursive process.
Additionally, -walk 0 0 indicates that WebGet should only request the
page indicated by <urlname> and no more. Equivalent to leaving out the
-walk switch.
Or, something like -walk 10000 10000 (or another large number) indicates
that you want WebGet to traverse every conceivable link on that page,
much like a Web robot.

Reference
Appendix J
Server.Load Scripts
This appendix presents annotated code of Server.Load scripts, as well as

a set of sample scripts that you can modify for use in your own custom
scripts.
Server.Load scripts
You can use any of these scripts with Server.Load:
• Sample scripts
• Idle Workload
• R5 IMAP Workload
• R5 Simple Mail Routing
• R5 Shared Database
• SMTP and POP3 Workload
• Web Idle Workload
• Web Mail Workload
Sample Server.Load scripts

Many of these scripts were created using a specific template that may
change from release to release, so take this into consideration when using
or customizing any of these scripts.
For more information on each command, see the appendix “Server.Load
Commands.”
To add documents to a view

This script adds documents to the default view All Document $all.
-keepopen
add [NumMailNotesPerUser]
drop
J-1
To documents to the Inbox folder
This script adds documents to the Inbox folder using the format -f
foldername.
-keepopen
add [NumMailNotesPerUser] -f $Inbox
drop
To add one document to the Inbox view

This script adds a single document to the Inbox view. In this example, the
document Subject (length of summary item) is set to 30 bytes and the
Body (length of non-summary item) is set to 10000 bytes.
-keepopen
add 1 30 10000 -f $Inbox
drop
To create a local database

This script creates a local database — in this example, a Journal database.
The NOTES.INI file contains the setting TemplateVersion=6. Text
enclosed in asterisks (**) indicates comments.
Changeto journal.nsf journal[templateversion].ntf
-KeepOpen
pause 5000
**Populate the view with 10 documents**

populate 10
pause 5000
**Open the view collection**

open
**Update the view index**

index
pause 5000
**Close the view collection**

close
J-2 Administering the Domino System, Volume 2

Reference
To create multiple databases on a server
This script creates multiple databases on a specified server. In this
example, a Journal database is created; the actual thread number is
substituted for the “#” symbol; and the NOTES.INI file contains the
setting TemplateVersion=6. Text enclosed in asterisks (**) indicates
comments.
**Creation of multiple databases, based on the number of threads; all test
databases will be placed in the journal directory**
Changeto [MailServer]!!journals\journal[#].nsf
pause 5000
To update a view collection

This script updates a view collection. In this example, Journal databases
are created; the actual thread number is substituted for the “#” symbol;
and the NOTES.INI file contains the setting TemplateVersion=6. Text
enclosed in asterisks (**) indicates comments.
Changeto [MailServer]!!journals\journal[#].nsf
pause 5000
**Populate the $All view with 10 documents**

populate 10 $All
pause 5000
open $All
**Update the view index**

index
pause 5000
**Close the view collection**

close
Server.Load Scripts J-3

To create and initialize mail files
This script creates and initializes one or more mail files The variable
NumMailNotesPerUser is used to determine the number of documents in
each mail file.
open
close
drop
To issue remote console commands

This example uses the Console command to issue the Show Stat
command remotely. You can substitute any server command for Show
Stat.
Console [MailServer] sh stat
Idle Workload script

Text enclosed in asterisks (**) indicates comments.
For more information on the Idle Workload script, see the chapter “Using
Server.Load.”
**Wait for other scripts to finish initialization; pause 0 - 3 minutes (3 min.
= 180,000 ms.)**
pause 0-180000
**Open the desired number of sessions**

sessionsopen "[MailServer]" [MaxSessions]
**Wait for other systems (if any) to open additional sessions**

pause 2h
**Close all opened sessions**

Sessionsclose

Reference
R5 IMAP Workload script
IMAP Initialization Workload script
For more information on the IMAPInitialization Workload script, see the
chapter “Using Server.Load.”
**Script to initialize databases for NotesBench IMAP mail script; pause 0
- 5 minutes (5 min. = 300,000 ms.)**
pause 0-300000
**If an error occurs, wait 1 to 5 minutes before retrying**

errordelay 60000-300000
**Create the mail file**

changeto "[MailServer]!!mail[#].nsf" [MailTemplate]
**Set Owner**
Setcalprofile
**IMAP-enable the mail file**

console [MailServer] load convert -m mail[#].nsf
pause 60000
**Ensure there are enough documents in mail database (one time only)**
beginloop
sendssmtpmessage [NormalMessageSize] [MessageLineSize]
mail[#]@[RecipientDomain]
[SMTPHost] [RecipientDomain] [ClientHost]
rewind [NumMailNotesPerUser]
pause 60000
**Open views**
open $FolderInfo
close
open $FolderRefInfo
close
open $Inbox
close
drop

R5 IMAP Workload script
For more information on the R5 IMAP Workload script, see the chapter
**Pause a random interval so multiple processes are well-staggered;
pause 0-3 minutes (3 min. = 180000 ms)**
Pause 0-180000
**Make sure the script doesn’t quit if errors are found.**

if [R5IMAPBreak]
break 0
**If an error occurs, wait 1 to 2 minutes before retrying.**

ErrorDelay 60000-120000
**Begin Outer loop**

BeginLoop
**Establish IMAP connection / Open mail database**

ImailLogin [IMAPHost] Mail[#] NotesBench
**Pause 8 to 12 minutes to let ramp-ups occur**

Pause 480000-720000
**List all mailboxes**

ImailListMailboxes
**Open the INBOX folder**

ImailOpenMailbox INBOX
**Begin Inner loop**

BeginLoop2
**Get the last page of entries in the mailbox**

ImailGetLastEntries
**Wait 5 to 10 seconds to peruse the view**

Pause 5000-10000
**Read 5 messages in the mailbox, delete 2, post 1. Read each for 10 to 20

seconds**
ImailFetchOld CURRENT

Reference
**Pause 10 to 20 seconds**
Pause 10000-20000
ImailFetchOld NEXT
** Pause 10 to 20 seconds**
Pause 10000-20000
ImailFetchOld NEXT
Pause 10000-20000
**Delete current message**

ImailDeleteEntry
Pause 10000-20000
ImailFetchOld NEXT
Pause 10000-20000
ImailFetchOld NEXT_UNSEEN
ImailSetSeen
Pause 10000-20000
**Post (add) message to INBOX**

Imailpostmessage [NormalMessageSize] [MessageLineSize]
INBOX
Pause 10000-20000
**Delete another message**

ImailDeleteEntry
**Pause 10- to 20 seconds**

Pause 10000-20000
**Compose 1 new mail message (taking 1 to 2 minutes to write it)**

Pause 60000-120000

**SEND SMTP Message, perform LDAP lookups for specified # of
recipients**
SendSmtpMessage [NormalMessageSize] [MessageLineSize]
[NumMessageRecipients] [SMTPHost] [RecipientDomain]
[ClientHost] [NthIteration]
**Pause at the desktop for 8+ to 12+ minutes while having a meeting in

office**
Pause 515000-755000
**Check for new mail**

ImailCheckForNewMail
**Repeat Inner loop sequence over again (go back to BeginLoop2

statement)**
rewind2 [R5IMAP_LOOP_N]
**Logout and do something else for 3 to 6 minutes**

IMAILCloseMailbox
ImailLogout
Pause 180000-360000
**Go back to Outer loop (go back again to BeginLoop statement)**

rewind [ScriptIterationLimit]
R5 Simple Mail Routing script

NRPC Mail Initialization Workload script
For more information on the NRPC Mail Initialization Workload script,
see the chapter “Using Server.Load.”
**Pause 0 to 15 minutes**
pause 0-900000

changeto "[MailServer]!![nb_dbdir]mail[#].nsf"
[MailTemplate]

Reference
**Make sure there are enough notes in mail database (one time only)**
populate [NumMailNotesPerUser] $Inbox 100
[NormalMessageSize]
setcalprofile
**Open the current view**

open $Inbox
• **Close the view**

close
R5 Simple Mail Routing script

For more information on the R5 Simple Mail Routing script, see the
**Pause a random interval so multiple processes are well-staggered;
pause 0 to 3 minutes (3 min. = 180000 ms)**
Pause 0-180000

changeto "MailServer]!![nb_dbdir]mail[#].nsf"
[MailTemplate]
**Pause 8 to 12 minutes to let ramp-ups occur**

Pause 480000-720000
**Set the Owner of the database = mail#**

setcalprofile
open $Inbox
getall
**Reset initial document count by deleting a large value of existing

documents**
@If [NBTestReset]
delete [MaxDocToDelete]
@EndIf

**Make sure there are enough documents in mail database (one time
only)**
close

Open $Inbox
**Close the view**

close
**Start the part of the script which loops**

BeginLoop
**Open mail database**

changeto "[Mailserver]!![nb_dbdir]mail[#].nsf"
[MailTemplate] -KeepOpen

open $Inbox
getall
**Read 20 documents from current view**

entries 0 20
**Wait 5 to 10 seconds to peruse the view**

Pause 5000-10000
**Open 5 documents in the mail file and read each for 10 to 20 seconds**
navigate 5
pause 50000 - 100000
**Categorize 2 of the documents**

stamp 2
**Send a memo, taking 1 to 2 minutes to write it**

pause 60000 - 120000
sendmessage [NormalMessageSize] [NumMessageRecipients]
[NthIteration]
**Add 2 items to the Inbox**

add 2 25 [NormalMessageSize] -f $Inbox
pause 60000 - 120000

Reference
**Pause 1 to 2 minutes**
Pause 60000 - 120000
**Schedule an appointment**
cal -appt "[MailServer]!![nb_dbdir]mail[#].nsf" 1000 30
7 14 [NthIteration]
pause 30000 - 50000
**Schedule an invitation**
cal -i "[MailServer]!![nb_dbdir]mail[#].nsf" 1000 60 2 3
[NumMessageRecipients] [NthIteration]
pause 30000 - 50000
**Delete 2 documents**
delete 2
**Pause about 1 minute**

pause 45000 - 75000
**Send a response to an invitation**

rsvpinvitation
**Close the view**

close
**Pause at the desktop for 4 to 12 minutes while having a meeting in

office**
pause 240000 - 720000
**Repeat entire sequence all over again (go back to BeginLoop

statement)**
rewind [ScriptIterationLimit]

R5 Shared Database script
R5 Shared Database script
For more information on the R5 Shared Database script, see the chapter
**Pause a random interval so multiple processes are staggered well.
Pause 0-5 minutes (5 min. = 300000 ms)**
Pause 0-300000
**If an error occurs, wait 1-2 minutes before retrying.**

BeginCrit
**Create a discussion database**

changeto "[MailServer]!![DiscussionDB]" [DiscTemplate]
-KeepOpen
open
**Reset initial document count by deleting a large value of existing

documents**
getall
@If [NBTestReset]
delete [MaxDocToDelete]
@EndIf
**Make sure there are enough documents in mail database (one time
only)**
populate [NumMailNotesPerUser]
close

Open
**Close the view**

close
EndCrit

BeginLoop

Reference
**Open a discussion database**
changeto "[Mailserver]!![DiscussionDB]" [DiscTemplate]
-KeepOpen

open
getall
**Read 20 documents from current view**

entries 1 20
**Wait 5-10 seconds to peruse the view**

Pause 5000-10000
**Page down the view 2 times, spending 3-10 seconds to read each
window**
entries 21 20
pause 3000 - 10000
entries 41 20
pause 3000 - 10000
**Set the unread list to 30 randomly selected documents**

unread 30
**Open next 3 unread documents and read each for 10-30 seconds**
navigate 1 next_unread
pause 10000 - 30000
navigate 1 next
pause 10000 - 30000
navigate 1 next
pause 10000 - 30000
add [DiscDbAddDocRate] 100
**Delete 2 old documents when closing database**

close
**Pause at desktop 4 - 8 minutes while having meeting in office**

pause 240000 - 480000
**Repeat entire sequence over again (go back to BeginLoop statement)**

rewind

SMTP and POP3 Workload script
SMTP and POP3 Initialization Workload script
For more information on the SMTP and POP3 Initialization Workload
script, see the chapter “Using Server.Load.”
**Script to initialize databases for NotesBench SMTP/POP3 mail scripts.
Pause 0 - 15 minutes (15 min. = 900,000 ms.)**
pause 0 - 900000
**If an error occurs, wait 1 - 5 minutes before re-trying**

errordelay 60000 - 300000
**Create the mail file**

**Open views**
open $Inbox
close
SMTP and POP3 Workload script

For more information on the SMTP and POP3 Workload script, see the
**Pause a random interval so multiple processes are staggered well**
pause 0 - 180000
**If an error occurs, wait 1 - 2 minutes before re-trying**

errordelay 60000 - 120000
**Start the part of the script that loops**

**Send an SMTP message**
sendsmtpmessage [NormalMessageSize] [MessageLineSize]
[NumMessageRecipients] [SMTPHost] [RecipientDomain]
[ClientHost] [NthIteration]
pause 240000 - 360000

Reference
**Retrieve all POP3 messages**
retrievepop3mail mail[#] NotesBench 0 [POP3Host]
pause 240000 - 360000
**Repeat entire sequence (go back to BeginLoop Statement)**

rewind
Web Idle Workload script

For more information on the Idle Workload script, see the chapter “Using
Server.Load.”
**Pause a random interval so multiple processes are staggered well**
pause 0 - 180000
**Start the part of the script that loops**

BeginLoop
**Access an icon on the server**

webget -url [httphost]/
pause 360000
**Repeat entire sequence (go back to BeginLoop Statement)**

rewind
Web Mail Workload script

Web Mail Initialization Workload script
For more information on the Web Mail Initialization Workload script, see
the chapter “Using Server.Load.”
**Pause a random interval so multiple processes are well staggered**
pause 0-180000
@If [NBTestReset]
dbdelete "[MailServer]!![nb_dbdir]mail[#].nsf"

@ENDIF
pause 0-60000
pause 0-5000
beginloop
**Populate the mail database by having the thread send Web mail to
itself**
webget -url [httphost]/[nb_dbdir]mail[#].nsf -h 10 10
1000-2000 -mis
[NormalMessageSize] mail[#]/[Domain] 1
rewind [NumMailNotesPerUser]
setcalprofile
** Open the current view**

open $Inbox
**Close the view**

close
drop
Web Mail Workload script

Sentences that are enclosed in asterisks (**) indicate a comment in the
script.
For more information on the Web Mail Workload script, see the chapter
** Pause a random interval so multiple processes are well staggered
pause 0-180000
**Make sure the user preferences are set to have the mail owner =
mail[#]**
@If NOT [WebPreferencesOff]
webget -url [httphost]/[nb_dbdir]mail[#].nsf -mp
@EndIf
**Wait about 30 seconds**

pause 20000-40000

Reference
**Open the Web Mail database, to get Domino Directory info to be used
by all threads**
webget -url [httphost]/[nb_dbdir]mail[#].nsf -mi
drop
**Wait about 60 seconds**

beginloop
**SEND a Message from the Web, taking about 60 seconds to compose

the message**
40000-80000 -mis
**Wait 1 - 3 minutes**
pause 60000-180000
**Read the first 5 Inbox Messages, spending about 1 minute on each

message, deleting first**
40000-80000 -mir 5 1
**Wait 4 - 6 minutes**
pause 240000-360000
**Repeat entire sequence all over again (go back to beginloop

statement)**
rewind

Index
Access protocols replica IDs, 40-10

Symbols mail, 26-5 replication and, 7-6, 63-88
$AdminP View Accessed (in this file) property Resource Reservations
creating, 15-30 performance and, 61-5 database, 8-8, 8-16
$Revisions fields Accessibility roles in, 40-20
size, 61-7 Domino Off-Line Services server groups in, 7-6
$UpdatedBy fields and, 11-23 server names, 40-5
size, 61-7 information about, H-1 setting up, 40-11
$Users view shortcut keys, H-1 setting up Administration Process
in Domino Directory, 27-47 Accounts for, 40-24
@Certificate LDAP, 18-5 terminations group, 40-6
recertification and, 5-80 ACL, 40-1 updating with Administration
@Else command access for Web users, 40-30 Process, 40-23
described, I-2 access level privileges, 40-1, 40-16 user types, 40-1, 40-19
@EndIf command access levels, 40-13, 40-15 viewing all database ACLs on a
described, I-2 adding names to, 40-23 server, 40-27
@If command aliases in, 40-7 Web administrator
described, I-2, I-12 brackets in, 40-20 and, 16-20, 40-24
<ECLOwner> concurrent changes to, 40-25, 58-9 wildcard entries, 40-4
Administration Execution configuring, 40-11 Acquire scripts
Control List, 41-14 creating, 49-4 editing, 4-51
8-bit MIME database libraries, 51-1 making a call with, 4-50
default character set for, 28-131 database security, 40-23 Active Content Filtering
ESMTP extension, 28-96, default entries, 40-2 disabling, 32-8
28-103 to 28-104 deletions, 7-7 Activity Logging
directory, 18-7, 19-10 accessing logged
Domino Change Control information, 57-1
A database, 54-51 to 54-52 agents and, 57-3
Abstract object classes enforcing on replicas, 40-28 analyzing logged
described, 21-2 extended, 25-1 data, 57-1, 57-13, 57-15
Accelerator keys. See Shortcut keys for mail database moves, 54-53 Checkpoint records, 57-2
Access format for entries, 40-4 configuring, 57-12
anonymous, 38-13, 40-8, group names, 40-5 configuring for billing in a hosted
42-25 to 42-26 in a hosted environment, 13-23
denying, 28-90, 38-7, 40-6 environment, 13-5, 14-4 described, 57-1
Access control list. See ACL in mail files, 26-13 enabling, 54-18
Access level privileges LDAP users and, 40-7 example of records
ACL, 40-16 managing, 40-22 generated, 57-11
database, 7-7 modifying for Administration for service providers, 12-14
Access levels Process, 15-13 HTTP and, 57-4
ACL, 40-1, 40-15 modifying multiple IMAP and, 57-4
assigning, 40-11 ACLs, 40-11, 40-25 LDAP and, 57-4, 57-13
database, 7-5 monitoring, 40-27 mail and, 57-6
servers, 7-6 order of evaluation for Notes databases and, 57-8
troubleshooting, 63-19 to 63-20 entries, 40-10 Notes sessions and, 57-7
precedence of, 38-4 passthru and, 57-9
Index-1
POP3 and, 57-10 Administration Execution Control extended, 15-33
replication and, 57-10 List, 41-6, 41-14 for databases, 15-6
SMTP and, 57-10 creating, 41-11 options, 15-4
the log file and, 57-1 default security and, 41-7 Administrator approval
types of information logged, 57-2 Administration preferences administration requests, 15-21
viewing logged setting, 16-5, 16-7 to 16-9, 16-11, Administrator ID-recovery
data, 13-24, 57-13, 57-15 16-24 information
Web servers and, 57-4 Administration Process changing, 39-21
Activity Trends ACL requirements, 15-13 Administrators
data collection, 54-21 and Domino Change allowing access to Web
interpreting profile charts, 54-41 Manager, 54-48 Administrator, 16-20
overview, 54-17 creating replicas with, 7-9 full access, 38-8
profiles, 54-22 to 54-25 customizing, 15-29 restricted system, 38-8
resource balancing, 54-26 to described, 15-1 restricting access, 38-8
54-28, 54-30 to 54-43 error messages, 15-36 server access, 59-1, 38-8
resource balancing, Extension Manager and, 15-30 system, 38-8
overview, 54-34 number of threads, 15-29 Administrators field
resource balancing, password checking with, 39-9 Domino Directory, 19-12
setting up, 54-27 setting up, 15-5 AdminP Mail Notification
setting up, 54-18 setting up directory assistance Agent, 5-57
viewing, 54-47 with, 23-30 ADSync
viewing charts, 54-25 setting up for databases, 40-24 options, 17-29
AD DUS (Active Directory Domino suspending, 15-28 Advanced controls
Upgrade Service), 17-25 Tell commands, A-46 setting, 28-46
Add command troubleshooting, 63-8 Advanced user registration, 5-13
described, I-3 updating the ACL with, 40-23 Agent log
Address Book verifying setup of, 15-7 troubleshooting with, 63-13
deleting groups from, F-11 Administration Process requests Agent Manager
deleting servers from, F-25 described, F-1 capacity, 60-8
deleting users from, F-15 Administration Process performance, 60-6
Address format statistics, 15-35 Tell commands, A-47
Domino domain, 26-21 Administration requests troubleshooting, 63-12 to 63-13
Internet, 27-54 across domains, 15-8 viewing status of, 60-9
outbound mail, 27-54 approving, 15-21 Agents
Address lookup cross-domain, F-70 activity logging, 57-3
for inbound SMTP error messages, 15-36 Averaging, 36-19
messages, 27-47 managing, 15-25 controlling on servers, 28-9
Addresses scheduling, 15-31 creating, 40-17
Domino domain, 26-21 suspending, 15-28 for deleting and archiving
Internet, 27-50, 27-52, 27-57 time-based, F-90 documents, 61-27
mail routing, 26-21, 26-25, 27-42 Administration Requests Purge, 36-15
SMTP, 27-52 database, 15-2 Refresh, 36-18
using group names in, 28-32 described, 15-19 restricting, 40-18
using phrases in, 28-134 icons, 15-23 scheduling, 60-8
Addressing, type-ahead replicating, 19-17 Server.Load, 62-4
disabling, 28-6 size, 15-26 setting time-out for mail, 28-9
troubleshooting, 63-27 troubleshooting with, 63-2 SNMP, 53-1
Adjacent domain document user access, 15-28 troubleshooting, 63-12
creating, 27-23 views in, 15-19 Web Navigator database, 36-11
Admin setting Administration roles Agents, uses for
described, C-2 Domino Directory ACL, 19-10 in Domino Off-Line
Administration document Administration servers Services, 11-19
Web Navigator database, 36-10 Domino Directory, 15-2 to 15-3, offline applications and, 11-19
21-5
Index-2
AIX AMgr_UntriggeredMailInterval Attachments
configuring partitioned setting compressing, 61-6
servers, 2-50 described, C-8 Domain Index and, 10-12
configuring SNMP Agent AMgr_WeekendDays setting format for sending from
for, 53-12 described, C-8 Macintosh clients, 28-133
Alarms Analysis report Attributes
for Server Health Monitor, 54-10 for decommissioning a adding to LDAP schema, E-20
Alias dereferencing server, 59-3 adding to schema, 21-13
Directory Assistance documents Anonymous access described, 21-1, 21-4
and, 23-48 in a hosted environment, 14-4 Authentication
Aliases Internet/intranet users, 42-25 described, 38-1
in ACL, 40-7 LDAP service and, 20-16 to 20-17, examples, 42-21
in DNS, 2-18 20-20 IMAP port, 31-5
Allow_Access setting setting up, 38-13, 38-16 Internet/intranet
described, C-3 SSL, 46-15 clients, 42-3, 42-27
Allow_Access_portname setting virtual servers, 3-42 of hosted organizations, 14-4
described, C-3 Web users and, 40-8 overview, 38-1
Allow_Passthru_Access setting Anti-relay controls password checking with, 39-4
described, C-4 effect on message transfer, 28-85 POP3 port, 30-2 to 30-3
Allow_Passthru_Callers setting setting, 28-81 session-based, 42-6
described, C-4 Anti-spam controls SMTP AUTH
Allow_Passthru_Clients setting settings for, C-101 command, 28-62, 28-69
described, C-5 API SMTP port, 28-59
Allow_Passthru_Targets setting creating event notification, 52-16 SSL, 46-15
described, C-5 AppleTalkNameServer setting SSL client, 46-25, 47-18
Alternate Language Information described, C-8 SSL server, 47-3
document Application design element troubleshooting, 63-104
creating, 20-31 security, 37-15 user names, 40-7
viewing, 20-31 Application security, 37-14 Web Administrator, 63-109
Alternate languages Application templates Web clients and, 42-19, 42-23
described, 5-38 table of, D-1 IMAP service
LDAP service, 20-29 Applications and, 28-60, 31-2, 31-6,
Alternate names for hosted environments, 12-15 Author access
adding to a user ID, 5-40 Approve person’s name change actions, 40-14
certifier IDs and, 5-39 request, F-5 privileges, 40-16
changing, 5-62, 5-57 Archive criteria Authors
deleting, 5-57 for policies, 9-28 displaying for Server Web
in ACL, 40-7 Archive policy settings Navigator, 36-12
AMgr_DisableMailLookup setting creating, 9-25 Authors field
described, C-5 Archives, database updating, 40-29
AMgr_DocUpdateAgentMinInterval accessing, 61-26 AutoDialer task
setting Archiving Network dialup connections
described, C-6 agents for, 61-27 to 61-28 and, 4-40
AMgr_DocUpdateEventDelay databases, 58-37 Notes Direct Dialup and, 4-44
setting deleted documents, 61-25 setting up, 4-42
described, C-6 documents, 61-20 AutoLogoffMinutes setting
AMgr_NewMailAgentMinInterval policies for, 9-22 described, C-9
setting policy settings example, 9-24 Automated client installation, 5-45
described, C-7 transaction log files, 55-5 Autoscale
AMgr_NewMailEventDelay setting viewing document Archiving scaling statistics, 52-37
described, C-7 Log, 61-27 Auxiliary object classes
AMgr_SchedulingInterval setting Assign Policy tool adding to schema, E-17
described, C-7 using, 9-40 described, 21-2
Index-3
Availability threshold using before shutting down the command line switches for, A-9
setting, C-91 server, A-14 commands for, A-9
Averaging agent Browsers CD format. See Notes rich text format
enabling, 36-19 accessing Web server with, 34-5 CDP_Command setting
using for administration, 16-17 described, C-11
Browsing CD-ROM updates
B Web, 36-1 replication and, 7-17
Backing up Build number Central Directories view
databases, 55-2 in Server document, F-47 described, 19-7, 19-9
servers, 63-7 BUSYTIME.NSF Central directory architecture
Basic password authentication purge interval, C-86 described, 19-2
setting up, 42-3 Byte-range serving Extended Directory Catalogs
SSL, 46-15 Web server and, 34-56 and, 19-4
Basic user registration, 5-11 managing, 19-5
Batch file installation planning, 18-2, 19-4
clients, 5-46 C primary Domino Directories
BatchRegFile setting CA key ring and, 19-9
described, C-9 displaying, 45-7 Certificate
BeginCrit command exporting, 45-7 removing from Domino or LDAP
described, I-4 CA policy information directory, F-49
BeginLoop command storing in Domino Directory, F-62 Certificate Authority
described, I-4 CA process CA key ring, 45-2
BeginLoop2 command adding certifiers, 44-7 creating, 45-2
described, I-5 creating certifiers, 44-8 displaying the CA key ring
Benchmarks described, 44-1 file, 45-7
server performance, 60-2 Tell commands, A-48 exporting the CA key ring
Billing viewing certifiers list, 44-24 file, 45-7
in a hosted environment, 12-14 Cache internal, 45-1
BillingAddinOutput setting setting for Server Web merging certificates, 46-10
described, C-9 Navigator, 36-18 recertifying, F-47
BillingAddinRuntime setting Cal command removing as trusted root, 46-21
described, C-10 described, I-5 server-based, 44-1
BillingAddinWakeup setting Calendar and scheduling setting up, 45-1
described, C-10 collecting detailed user setting up SSL on
BillingClass setting information, 8-20 server, 45-5, 44-17
described, C-10 collecting user calendar third-party, 47-10, 47-21
BillingSuppressTime setting information, 8-20 troubleshooting, 63-101
described, C-11 described, 8-1 viewing server certificates, 46-20
Binary tree topology example, 8-2 Certificate Authority administrator
replication and, 4-9 Holiday documents, 8-17 tasks, 44-4
Bindery Service profile command, I-26 Certificate Authority profile
Domino and, 2-30 Server.Load script command, I-5 configuring, 45-4
server names and, 2-31 Call waiting Certificate requests
Binding disabling, 63-49 processing, 44-1
port-to-IP address, 2-46 to 2-47 Capacity planning viewing, 44-24
Bookmarks tools, 60-2 Certificate Requests database
search forms and, 10-18, 10-20 Catalog task creating, 44-14
Break command Domain Catalog Certificate revocation lists
described, I-5 database, 10-2, 10-6 described, 44-2
Broadcast command Catalog, Domain. See Domain CertificateExpChecked setting
described, A-12 Catalog described, C-12
using before restarting the Catalogs, database Certificates
server, A-23 for servers, 51-4 to 51-5 certifier IDs and, 1-7
cconsole, A-8 defined, 39-1
Index-4
deleting, 47-12 Character sets Collector task
described, 39-3 aliases for, 28-131 overview, 52-1
displaying, 39-3 enabling auto-detection of, 28-126 Command line installation, 5-47
in a hosted environment, 13-5 language codes and encoding Commands
Internet, 45-2, 47-10, F-4 for, 28-120 capturing output to file, A-2
managing server, 46-20 specifying for MIME Controller, A-3
merging server, 46-12 messages, 28-118, 28-126 custom, A-6
renewing, 46-21 Web, 34-31, 34-33 entering from the UNIX
revoking, 44-2, 44-23 Checkpoint records command line, A-8
self-certified, 46-22 activity logging and, 57-2 help for, I-12
signing and adding to Domino Client authentication modem command file, 63-48
Directory, 47-7 directory assistance shell, A-3
SSL and S/MIME, 47-5 and, 23-3, 23-14 table of, A-10
SSL server directory catalogs and, 24-9, 24-11 Common Gateway Interface, 34-2
authentication, 47-3 directory search order, 18-15 time-out setting, 34-53
troubleshooting and, 63-83 SSL, 46-1 Common names
trusted root, 46-9, 47-3 Client information Internet, 45-2
Certificates, SSL updating in Person record, F-64 renaming, 5-57
adding for Server Web Client installation, 5-41 server IP name and, 2-16, 2-22
Navigator, 36-8 setting up for users, 5-41 Communication ports
creating a Certificate single user, 5-43 options, 4-47
Authority, 45-2 Clients setting up, 4-34, 4-46
expired, 46-21 setting up for S/MIME, 47-13 COMnumber setting
self-certified, 46-22 setting up for SSL client described, C-14
setting up, 47-3 authentication, 47-18 Compact task
viewing information, 46-20 Clients, mail archiving documents with, 61-20
viewing requests for server, 46-21 POP3, 30-11 IND file, 61-22
Certification routing protocols and, 27-3 options, 61-17
described, 39-2 types of, 26-15 renaming databases, C-74
Certification Log ClockType setting running, 61-16
Administration Process described, C-13 scheduling, 61-23
requirements, 15-3 Close command specifying database path, 61-22
described, 3-28 described, I-8 upgrading database format, 31-28
Certifier documents Clrepl_Obeys_Quotas setting with file reduction, 55-2
modifying, 44-22 described, C-13 Compact_Retry_Rename_Wait
Certifier IDs Cluster failover setting
migrating to CA process, 44-5 configuring for mail described, C-14
modifying, 44-21 routing, 28-40 Compacting
organization, 3-34 directory assistance and, 23-21 databases, 61-13, 61-16,
organizational unit, 3-35 Cluster Replicator 61-21 to 61-23
overview, 1-7 monitoring, C-86 Companies, external
recovering, 44-25 quotas and, C-13 communicating with, 39-27
CertifierIDFile setting Tell commands, A-51 Compound document format. See
described, C-12 Cluster_Replicators setting Notes rich text format
Change Control database described, C-13 Compressing
location, 54-34 Clusters attachments, 61-6
Change HTTP password in Domino Domino Off-Line Services network data, 2-42
Directory request, F-6 on, 3-12 performance and, 61-6
ChangeTo command Free Time database, 8-2 Concurrent retrievers
described, I-6 port setting, C-91 Server Web Navigator, 36-6
Channel encryption option removing servers, F-49 Concurrent transfer threads
directory assistance, 23-43 replication topology and, 4-8 maximum, 60-11
Character encoding workload balancing and, 60-4 Condensed Directory Catalogs
LDAP service, 20-32 client authentication and, 24-10
Index-5
described, 24-2 troubleshooting in TCP/IP, 63-64 Create_Replica_Access setting
full-text indexes, 24-25 Console described, C-17
multiple, 24-33 accessing from UNIX CRL. See Certificate revocation lists
performance settings for, 24-30 platforms, A-8 Cross-certificates, 39-29, 39-38
planning, 24-29 commands, 63-8, A-10, J-4 accessing servers with, 39-27
replicating, 24-32 displaying performance adding, 39-29, 39-33 to 39-34,
servers using, 24-5 events, C-97 39-36, 47-15
setting up, 24-34 to 24-35 monitoring events with, 52-22 creating, 39-29, 39-37 to 39-38
sorting, 24-29 password protecting, A-26, C-92 described, 39-27
Soundex and, 24-30 running server tasks, B-1 displaying, 39-38
Configuration Directories setting attributes, 52-21 examples, 39-27, 39-31
changing to primary, 19-6 XPC, C-121 in a hosted environment, 13-5
configuring remote primary Console command Internet, 39-28, 47-4
directory, 19-7 described, I-8 Person documents and, 39-37
described, 19-2 issuing remotely, J-4 S/MIME messages and, 39-27
directory assistance and, 23-26 Console_Log_Enabled setting Cross-domain administration
Extended Directory Catalogs described, C-15 requests
and, 19-4 Console_Log_Max_Kbytes setting described, F-70
managing, 19-5 described, C-16 Cross-domain Configuration
planning, 18-2, 19-4 Console_Loglevel setting document
showing remote primaries described, C-15 creating, 15-9 to 15-10
for, 19-9 Content categories replicas and, 7-9
Configuration document Domain Catalog, 10-21 Cross-domain processing
Cross-domain, 15-9 to 15-10 Content maps administration requests, 15-8
Configuration Settings document Domain Search and, 10-21 benefits of, 15-10
creating, 27-18 Controller setting up, 15-9
editing NOTES.INI file with, C-1 commands, A-3 CSRV50.NTF
host names, 27-49 described, 16-28 setting up, 46-3
LDAP settings, 20-9, 20-17 starting and stopping, 16-29 CTF setting
for SMTP mail routing, 27-38 Conversion described, C-18
Configuring between message formats, 27-1 Custom Welcome Page
activity logging, 57-12 IMAP mail files, 31-2 creating, 5-87
mail routing, 27-37 MIME messages, 28-122 Customer support
offline applications, 11-11 Convert task contacting, 63-4
Connect scripts. See Login scripts enabling mail files for Customized client installation, 5-47
Connection documents IMAP, 31-2, 31-30
described, 4-1 Corporate hierarchies
Internet servers, 4-22 categorizing users by, 19-14 D
LAN, 4-15 described, 19-13 Data
mail routing Corruption overwriting, 61-5
and, 26-20, 28-36, 28-50 database, 58-25 storing for a hosted
Network Dialup, 4-36, 4-46 Cost reset organization, 13-7
Notes Direct Dialup, 4-35 for connections, 28-39 Data directory
passthru server, 4-29 Country_Language setting certifier IDs and, 1-9
port order and, 2-40 described, C-16 for a hosted organization, 13-5
for replication, 7-20 CPU count value restricting access, 49-4
scheduling mail routing, 28-50 in Server document, F-64 Database access
troubleshooting, 63-39 Create IMAP delegation request, F-7 for SSL clients, 46-19
Connections Create Mail-in database request, F-7 troubleshooting, 63-17,
mail routing, 27-2 Create replica request, F-8 63-19 to 63-20
restricting SMTP inbound, 28-71 Create roaming user Database activity
routing cost and, 28-39, 28-53 administration request, F-9 monitoring, 58-11
SSL, 46-18 Create_File_Access setting reporting, 58-13
tracing, 63-37, 63-77, A-59 described, C-17 statistics, 58-12
Index-6
Database Administrator, 38-8 maintenance tasks, 58-1 replicating, 7-32, 58-6, I-19
Database analysis tasks, 48-1 replicating specific, 7-27
described, 58-37 tools, 58-4 replication history, 58-6
of replication events, 58-6 Database organization replication log, 58-8
running, 58-39 NOTES.INI settings, 49-6 rolling out, 48-1
troubleshooting with, 63-2 Database performance security, 40-19
Database cache improving, 60-9, 61-1, 61-3, 61-12 server crashes and, 63-99
disabling, 61-12, C-74 NOTES.INI settings, 61-29 Server Web Navigator, 36-16
monitoring, 61-10 troubleshooting, 63-16 setting up to receive mail, 48-5
overview, 61-9 Database quotas shortcut keys, H-4
performance and, 63-19 obeying for message signing, 48-7
size, C-74 delivery, 28-10 to 28-11 size, 58-12
Database catalogs setting, 61-24 size, controlling, 28-112, 61-1,
administering, 51-4 Database replicas 61-13, 61-23
assigning categories in, 51-6 creating, I-19 size, monitoring, 61-13
categories in, 10-10 described, 7-1 statistics, 58-11
creating, 51-5 Database view indexes synchronizing, 58-24
excluding databases from, 51-6 purging, 58-23 tools, 58-4
uses for, 51-4 Databases transaction logging, 58-25
Database creator access level privileges, 7-7 troubleshooting, 58-26,
access level, 40-3 access levels, 7-5 63-16, 63-84
Database design access problems, 63-17 updating, I-27
replicating, 63-86 adding documents, I-3, Databases, shared mail
tasks, 48-1 I-20 to I-21 using multiple, 29-2
Database event generator administration servers and, 40-24 Dates
creating, 52-5 analyzing, 58-37 on Web pages, 36-18
Database fields archiving, 58-37, 61-26, Daylight saving time settings
increasing number of, 61-29 Archiving Log, 61-27 described, C-29 to C-30
Database files backing up, 55-2 Dbcache flush
displaying, 58-2 categories in, 10-10 described, A-13
opening, 58-2 compacting, 61-13, 61-16, DbDelete command
Database format 61-21 to 61-23 described, I-8
determining, 61-17 controlling access to, 40-1 DBIID, 55-2
upgrading, 31-28 controlling creation of, 38-14 DDE_Timeout setting
Database instance ID copying to servers, 48-2, 48-4 described, C-18
overview, 55-2 corrupted, 58-25, 63-43 Dead mail
Database libraries creating, J-2 to J-3 described, 28-41, A-39
ACL, 51-1 deleting, 58-36, I-8 holding, 28-40
adding databases, 51-3 deleting documents from, I-9 releasing, 28-44
creating, 51-2 deleting inactive Debug_Outfile setting
defined, 51-1 documents, 61-25 described, C-18
deleting databases, 51-4 excluding from Domain Debug_SSL_Cert setting
local, 51-2 Index, 10-17 described, C-19
location, 51-1 file format of, 61-17 Decommission Server Analysis tool
Database links forcing replication, 7-33 running, 59-3
creating, 49-3 forcing SSL connections, 46-18 Default database security
creating on the Web, 34-27 indexing, 10-7, 50-1 to 50-2 Web Administrator, 16-19
deleting, 49-4 monitoring, 40-27, 58-1 Default Global Domain document
described, 49-2 moving, 54-32, 54-53, 54-62, designating a, 27-55, 27-57
managing, 32-7, 58-5 58-33, 58-35, F-36, F-39 Default group
Database maintenance organizing, 49-1 access level, 40-2
NOTES.INI settings, 58-41 performance problems, 58-11 Default subject
Database management pinning and extended ACL, 25-11
for mail journaling, 28-107 unpinning, 54-32, 54-45
Index-7
Default_Index_Lifetime_Days setting Domino domains, 1-5 restricting to one server, 24-15
described, C-19 Domino environment, 1-14 running, 24-47
Delay notifications guidepost, 1-1 Tell commands, A-53
generating for low-priority naming conventions, 1-12 troubleshooting, 63-25
mail, 28-30 server functions, 1-2 Dircat_Include_Readerslist_Notes
Delegate mail file on administration server names, 1-3 setting
server server services, 1-11 described, C-24
administration request, F-10 Depositor access Directories
Delete command actions, 40-14 Domino server, 3-2
described, I-9 privileges, 40-16 LDAP alternate languages
Delete database Design menu searches, 20-30
administration requests, F-10 hiding, C-71 search order of multiple, 18-15
Delete hosted organization Designer access troubleshooting, 63-21
administration requests, F-14 actions, 40-14 Directories, secondary
Delete Person administration privileges, 40-16 directory services for, 18-12
requests Designer task LDAP service, 18-3
described, F-78 updating databases with, 58-24 Directory assistance
Delete resource Desktop policy settings authenticating, 42-23
administration request, F-21 creating, 9-14 client authentication, 23-3
Delete Server administration Desktop setting compared to directory
requests described, C-20 catalogs, 18-14, 24-4
described, F-25, F-78 Destination servers concepts, 23-12
hierarchical server names, F-81 passthru, 4-28 Configuration Directories
Deletion stubs Dialog boxes and, 23-26
described, 63-90 shortcut keys, H-5 described, 23-1, 23-2
purging, 7-12 Dialup connections directory replicas, 23-36
Deletions described, 4-34 domain names, 23-18
replication and, 7-7 mail routing and, 27-59 examples, 23-51 to 23-53, 23-55
Deletions, soft number of modems for, 4-33 Extended Directory Catalogs
defined, 61-8 troubleshooting, 63-48 and, 23-22, 24-26
effect on quotas, 28-11 DIIOP server task failover, 23-20, 23-22
performance and, 61-8 starting, 34-10 group lookups for database
Delivery DIIOP_Debug_Invoke authorization, 23-6
configuring for mail, 28-8 described, C-22 LDAP directories, 23-5
Delivery controls DIIOPConfigUpdateInterval setting LDAP service and, 20-6, 23-17
setting, 28-9 described, C-21 monitoring, 23-60
Delivery Failure Reports DIIOPCookieCheckAddress setting naming rules, 23-12
troubleshooting, 63-36 described, C-21 Notes mail addressing and, 23-8
Delivery failures DIIOPCookieTimeout setting planning, 18-13
customizing message for, 28-46 described, C-22 preventing LDAP searches of
quotas and, 28-16 DIIOPDNSLookup setting primary Domino
Delivery status notification described, C-22 Directory, 23-27
enabling, 28-96, 28-103 to 28-104 DIIOPIgnorePortLimits setting primary Domino Directory
Delivery threads described, C-23 and, 23-26
setting maximum DIIOPIORHost setting remote primary directories
number, 28-9, 60-11 described, C-23 and, 19-7
Demand sets DIIOPLogLevel setting replicas, 23-20
and database moves, 54-55 described, C-24 search orders, 23-16
Deny_Access setting Dircat server services, 23-3
described, C-19 described, 24-14, 24-8 setting up, 23-29, 23-33, 23-37
Deny_Access_portname setting Dircat task setting up servers to use, 23-30
described, C-20 described, 24-8, 24-45 statistics, 23-60
Deployment pausing, 24-48 troubleshooting, 63-21, 63-40
certifier IDs, 1-7 planning, 24-14 updating name, F-60
Index-8
Directory assistance database selection formulas, 24-20 Disk I/O tuning
creating and replicating, 23-30 servers and, 24-4 performance, 60-15
number of, 23-29 setting up, 24-8, 24-34 to 24-35, Disk space
setting up servers to use, 23-30 24-41 to 24-42 displaying information on, 58-5
Directory Assistance documents sorting, 24-29 monitoring, 28-10
alias dereferencing, 23-48 Soundex and, 24-30 saving, 40-17 to 40-18
Channel encryption option, 23-43 troubleshooting, 63-25, 63-40 troubleshooting, 63-86
creating, 23-33, 23-37 Directory file name Disposition-Notification-To header
described, 23-2 setting, F-60 configuring for return
local directory replicas, 23-36 Directory folders receipts, 28-116
Notes distinguished name creating, 49-2 Distinguished names
attribute in, 23-49 deleting, 49-2 Domino Directory and, 18-8
password in, 23-44 Directory indexer Internet certificates, 45-2
search filters in, 23-46 described, 58-15 LDAP service
Directory Catalog Configuration Directory links and, 20-3, 20-25 to 20-26, 20-31
document creating, 49-3 DNS
additional fields to database corruption and, 2-9 defined, 2-11
include, 24-22 deleting, 49-4 described, 26-25
creating, 24-36, 24-43 described, 49-1 domains, 2-11
directories to include, 24-15 network security and, 2-9 examples of MX records, 26-27
documents to aggregate, 24-17 Directory Profile document mail routing and, 27-49
groups in, 24-19 described, 19-16 multiple domains, 2-16, 2-19, 2-22
performance settings, 24-30 directory catalogs name resolution in NRPC and,
Remove duplicate users, 24-18 and, 24-35, 24-42 2-11, 2-15 to 2-17, 2-19, 2-22
selection formula, 24-20 Directory searches outages in a hosted
sort order for, 24-29 order of, 18-15, 23-16 environment, 14-11
Soundex option, 24-30 Directory servers preventing problems with, 2-56
viewing, 24-48 described, 18-2 verifying connecting hosts
Directory Catalog Status Report Notes clients and, 19-15 in, 28-71
described, 24-49 Directory services verifying sending domain
Directory Cataloger. See Dircat task directory customization, 18-19 in, 28-90
Directory catalogs directory search DNS Blacklist filters, 28-86
client authentication order, 18-15 to 18-17 DNS lookups
and, 24-9, 24-11 international, 18-18 use in controlling inbound SMTP
compared to directory Notes client, 18-10 sessions, 28-71
assistance, 18-14 overview, 18-1 Document tables
controlling what secondary directories, 18-12 forms and, 61-4
aggregates, 24-16 terminology, 18-20 Documents
described, 24-1 Directory setting adding, I-20 to I-21
directories to include in, 24-15 described, C-25 archiving, 61-20
documents aggregated, 24-17 Directory tree archiving from server, 61-27
fields to include, 24-22 verifying for LDAP service, 20-4 archiving with
groups in, 24-19 Directory type agents, 61-27 to 61-28
improving performance storing in Server record, F-63 categorizing for Domain
of, 24-18, 24-20, 24-27, 24-30 Disable_Cluster_Replicator setting Search, 10-21
monitoring, 24-49 described, C-25 concurrent editing of, 58-8
multiple, 24-33 Disable_View_Rebuild_Opt setting Configuration Settings, 27-18
Notes mail encryption, 24-14 described, C-25 deleting, I-9
offline, 11-21 DisabledPorts setting deleting inactive, 61-25
offline applications and, 11-21 described, C-26 finding by Note ID, 63-20
planning, 18-12, 24-9, 24-26, 24-29 DisableLDAPOnAdmin setting Foreign domain, 27-30
removing duplicate users, 24-18 described, C-26 Foreign SMTP domain, 27-32
replicating, 24-32, 24-45 Disclaimers Global domain, 27-55
reports for, 24-49 adding to messages, 32-9 Non-adjacent domain, 27-26
Index-9
DOLS. See Domino Off-Line Domains remote console, A-5 to A-7
Services communication between, 39-27 Replicate command, A-18
Domain Catalog directory assistance, 23-18 Replication tab, 16-15
backing up, 10-18 DNS, 2-11 Route command, A-24
categories in, 10-10, 10-21 finding user names in, 5-85 running Server Setup program
creating, 10-6 mail routing with, 3-18
described, 10-5 and, 26-19, 26-21, 27-20 server list, 16-4
setting up, 10-2 multiple DNS, 2-16, 2-19, 2-22 Server tabs, 16-14
updating, F-65 planning, 1-5 setting local attributes, 52-21
views in, 10-6 restricting mail in, 28-36, 28-55 setting preferences, 16-5, 16-7 to
Domain Catalog server verifying in DNS, 28-90 16-9, 16-11
decommissioning, 59-12 Domains, external setting up, 16-2
Domain documents connecting to, 4-18 shortcut keys, H-3
adjacent domains, 27-23 DOMCFG.NSF, 34-48 Show Directory command, A-30
foreign domains, 27-30 creating, 34-49 Show Diskspace command, A-31
global, 27-55 Domino 5 certificate authority Show Port command, A-33
non-adjacent domains, 27-26 setting up, 45-1 Show Server command, A-36
using multiple Internet domain setting up SSL on the CA Show Stat command, A-37
names, 27-44 server, 45-5 Show Tasks command, A-39
Domain Index signing server certificates, 45-7 shutting down the server
adding databases, 10-7 Domino 5 IMAP Initialization from, A-14
adding file systems, 10-9 Workload script starting, 16-2
backing up, 10-18 sample, J-5 tabs, 16-13
creating, 10-14 Domino 5 IMAP Workload script Tell command, A-46
deleting databases, 10-17 sample, J-6 tools, 16-16
LDAP searches of, 20-36 Domino Administrator troubleshooting, 63-1
location, 10-17 Broadcast command, A-12 user interface, 16-3, 16-13
planning, 10-3 to 10-4 Configuration tab, 16-15 viewing hosted
size, 10-11 to 10-12 configuring mail routing, 27-18 organizations, 14-14
updating, 10-14 creating groups with, 6-2 viewing replication
Domain Indexer task creating replicas, 7-9 topology, 7-34
performance, 10-16 disk space information, 58-5 Web Administrator and, 16-23
setting up, 10-14 displaying directory Domino CA
Domain Search contents, 58-3 configuring application profile
described, 10-1 displaying files, 58-2 for, 45-4
Notes users and, 10-19 Domino Console, Domino creating, 45-2
NOTES.INI settings, 10-23 Controller and, 16-28 in a hosted
performance, 10-16 Drop command, A-14 environment, 12-4, 13-3
policy settings and, 10-19 entering server commands, A-1 server-based certification
security, 10-12 file information, 58-3 authority, 45-1
server requirements, 10-2 Files tab, 16-13, 58-2 Domino CA server
WANs and, 10-3 installing, 16-1 Domino 5, 45-1
Web clients and, 10-20 Load command, A-15 setting up, 45-1 to 45-2
Domain Search forms managing databases with, 58-4 Domino Change Control database
adding categories to, 10-10 managing files with, 58-2 ACLs for, 54-51 to 54-52
customizing, 10-18 managing folders with, 58-5 database moves, 54-56
Domain Search results Messaging tabs, 16-15 location, 54-34
access to, 10-12 monitoring events with, 52-22 Domino Change Manager
Domain Search server monitoring statistics with, 52-31 and database moves, 54-55
decommissioning, 59-12 overview, 16-1 and resource
Domain servers password protecting the balancing, 54-47 to 54-48
denying access, 38-7 console, A-26 maximum current tasks, 54-49
Domain setting People and Groups tab, 16-13 setting up, 54-48
described, C-27 quitting a task from, A-46 Tell ChangeMan command, 54-50
Index-10
Domino Character Console, A-8 server access and, 63-93 application design element, 37-15
Domino Configuration database server registration and, 3-29 overview, 37-1
creating, 34-49 setting access to, 19-9, 20-16, planning, 37-11
Domino Console 20-22 to 20-23 Domino server
starting and stopping, 16-30 setting up primary, 19-2 access, 38-2
Web Administrator and, 16-28 synchronizing with Active anonymous access for Notes
Domino Controller Directory, 17-38 users, 38-13
default TCP port, 2-56 tools for adding entries, 18-7 configuring for NDS, G-6
Domino Data folder tools for managing entries, 18-9 controlling browser client
displaying contents, 58-3 troubleshooting, 63-38 access, 38-22
managing files in, 58-2 updating, I-18 customizing access to, 38-7
Domino Directory upgrading to new default Indic language support, 3-17
ACL, 19-10 template, E-22 installing, 3-1, 3-3
adding Internet/intranet users views in access control lists, 38-4 monitoring databases for, 52-1
to, 42-3 Domino Directory template NDS objects, G-2
address lookup and, 27-47 copying, E-4 planning services and tasks, 1-11
administration server, 15-2 customizing, 18-19, E-22 setting console attributes, 52-21
Administrators field, 19-12 Domino domains Setup program, 3-8,
authenticating Web clients in Internet reply addresses, 27-54 3-17 to 3-18, 3-34
with, 42-23 mail routing and, 26-19 starting and shutting down, 3-46
changing passwords, F-6 planning, 1-5 Domino server event generator
changing type, 19-5 planning directory creating, 52-6
Configuration Settings architecture, 18-2, 19-4 Domino server monitor
document, 27-18 restricting mail, 28-36, 28-55 adding a task, 52-43
creating Internet Domino environment adding servers, 52-44
certificates, 47-10 building, 1-14 described, 52-40
creating subforms in, E-17 Domino LDAP Schema database. See profiles, 52-43, 52-44
cross-certificates, 39-27 Schema database starting, 52-41
customizing, E-1 to E-2, Domino Management Information using, 52-44
E-4 to E-5 Base (MIB) views, 52-41
deleting groups from, F-11 overview, 53-7 Domino SNMP Agent
deleting policy record from, F-20 using with SNMP, 53-21 architecture, 53-5
deleting servers from, F-25, F-78 Domino named network completing configuration
deleting users from, F-15 defined, 27-20 of, 53-18
described, 19-1 mail routing and, 26-19, 27-39 configuring for AIX, 53-12
distinguished names, 18-8 Domino Off-Line Services configuring for Linux, 53-13
domain documents, 27-23, 27-26 accessibility and, 11-23 configuring for Solaris, 53-14
global domain documents, 27-44 administrator tasks, 11-2 configuring for Windows, 53-11
in a hosted environment, 12-2 agents and, 11-19 configuring for zOS, 53-17
lookup command, I-17 creating a security policy, 11-7 manual start and stop, 53-20
mail routing and, 26-9 described, 11-1 overview, 53-1
mapping fields with Active in a hosted system requirements, 53-7
Directory, 17-31 environment, 12-4, 13-20 troubleshooting, 53-24
offline, 11-21 overview, 11-1 Domino statistics
offline use, 32-8 security, 11-10 Windows NT Performance
performance settings, 19-1, 60-9 setting up the server Monitor and, 17-23
replicating, 19-17 for, 3-11, 32-2 Domino system administration
restoring, 14-11 troubleshooting, 11-23 tasks, 48-1
restricting name Domino ORB Domino Web Engine
lookups, 27-47, 28-40 setting up, 34-26, 34-29, 34-31 configuring for Web Site
roles, 19-10 Domino Performance Zone documents, 34-23
scheduled replication and, 7-20 Web site for, 60-1 Domino Web server, 34-1
secondary, 15-7, 23-1, 23-3, 23-8, Domino security configuring, 34-12
23-10, 23-33, C-68 application, 37-14
Index-11
Internet port and protocol End-to-end topology
settings, 34-6, 34-8 to 34-9 E replication and, 4-8
log file, 56-8 to 56-10 ECL End-user installations
logging server requests, 56-8 administration, 41-6, 41-11 with Transform files, 5-50
logging to text files, 56-10 creating a workstation, 41-12 Entries command
running, 34-5 described, 41-1 described, I-10
search results, 34-26 guidelines for creating, 41-6 Error messages
security, 34-8, 34-9 Java applets and, 41-4 Administration
setting to work with other Web JavaScript and, 41-4 Process, 15-36, 63-8
servers, 35-1 security access options, 41-3 Agent Manager and agents, 63-13
setting up, 34-4 updating a workstation, 41-13 Domino Off-Line Services, 11-24
Domino Web server log file workstation security and, 41-3 IPX/SPX network, 63-73
setting up, 56-12 EditExpnumber setting mail, 28-46
troubleshooting with, 63-2 described, C-31 mail routing, 63-38
DominoNoBanner setting EditImpnumber setting meetings and resources, 63-45
described, C-27 described, C-32 modems and remote
DominoNoDirLinks setting Editing connections, 63-50
described, C-28 concurrent, 58-8, 63-91 network dialup
DominoR5IntlURLDecoding setting shortcut keys, H-6 to H-8 connections, 63-74
described, C-28 Editor access OS/2, 63-100
DominoXURLProcess setting actions, 40-14 partitioned servers, 63-78
described, C-28 privileges, 40-16 replication, 63-82
DOMLOG.NSF EDNI document server access, 63-91 to 63-93, 63-95
described, 56-8 creating, 4-18 server crashes, 63-98
viewing, 56-10 updating, F-65 TCP/IP, 63-57, 63-61
Downgrade user from roaming to Effective access Web Administrator, 63-108
non-roaming user, F-28 extended ACLs and, 25-30 Web Navigator, 63-107
Downloading files Effective policies Web server, 63-104
improving performance for Web described, 9-3 ErrorDelay command
clients, 34-56 determining, 9-36 described, I-10
Drop command viewing, 9-37 to 9-38 Escrow agent
described, A-13, I-9 EmptyTrash setting troubleshooting, 63-16
DSAPI described, C-32 ESMTP
values, 11-11 Enable_ACL_Files setting supporting inbound
DSN described, C-33 extensions, 28-96
enabling, 28-96, 28-103 to 28-104 EnableBiDiNotes setting supporting outbound
DST setting described, C-33 extensions, 28-103
described, C-29 Encrypted fields ETRN extension
DST_Begin_Date setting indexing, 50-2 enabling for inbound SMTP
described, C-30 Encryption, 43-1 connections, 27-61, 28-96
DST_End_Date setting certificates, 2-41 Event filters
described, C-30 defined, 43-4 creating, 52-19
DSTlaw setting dual Internet certificates viewing, 52-20
described, C-29 and, 47-17 Event generators
Duplicate names, 24-18 Internet transactions and, 40-31 creating, 52-13
during client authentication, 23-5 mail, 43-4, 43-7 database, 52-5
Duplicate Person documents mail journaling and, 28-111 defined, 52-3
directory catalogs and, 24-18 network data, 46-1 disabling, 52-12
Dynamic cost reset interval outbound mail routing, 24-14, Domino server, 52-6
resetting, 28-39 C-90, C-100 to C-101 mail routing, 33-3, 52-7
Dynamic lookup performance and, 43-4 statistic, 52-9
of host names, 27-49 SSL settings, C-108 task status, 52-10
EndCrit command TCP server, 52-11
described, I-10 viewing, 52-14
Index-12
Event handlers enabling, 25-23 in a hosted
creating, 52-13, 52-17, 52-23 Extended ACLs environment, 12-5
defined, 52-3, 52-14 activity log for, 25-31 External companies
disabling, 52-18 changing, 25-28 communicating with, 39-27
notification described, 25-1, 25-3 External Domain Network
methods, 52-15 to 52-16 directory, 18-7 Information document. See
viewing, 52-20 disabling, 25-31 EDNI document
Event messages effective access and, 25-30 External Internet mail
viewing, 52-20 enabling, 25-23 preventing relaying, 28-75
Event Monitor server task examples of, 25-19 External servers
overview, 52-1, 52-3 Extended Directory Catalogs access levels for, 7-7
Event task and, 24-7 ExtMgr_AddIns setting
monitoring replication, 63-80 in a hosted environment, 13-6 described, C-34
Events LDAP and, 20-20, 25-6
filtering, 52-19 other database security and, 25-2
from SNMP traps, 53-4 planning, 25-22 F
logging, 52-21 privileges for, 25-2 to 25-3, 25-5 Failover
monitoring, 52-2, 52-22 restoring, 14-11 directory assistance, 23-20, 23-22
notification methods, 52-15 schema database and, 25-7 for mail routing, 28-40
severity levels, 52-4 setting up, 25-22, 25-24 Fault recovery, 55-10
types of, 52-16 subjects in, 25-9, 25-17 cleanup script, 55-11
viewing, 52-20 target scope, 25-14, 25-17 enabling, 55-11
Examples targets in, 25-12 to 25-13 operating systems and, 55-10
directory assistance, 23-51 to troubleshooting, 25-30, 63-34 Fields
23-53, 23-55 Extended administration servers customizing in Domino
extended ACL, 25-19 removing, 15-34 Directory, E-2
Extended Directory setting up, 15-33 directory catalogs and, 24-22
Catalogs, 23-53, 23-55 Extended Directory Catalogs LDAP attributes and, 21-4
LDAP service write benefits of, 24-5 Fields, database
operations, 20-26 central directory architecture increasing number of, 61-29
ldapsearch utility, 22-6 and, 19-4 performance and, 61-6
registering a hosted client authentication File format
organization, 13-8 and, 23-3, 24-10 database, 61-17
replication, 7-19 directory assistance and, 23-6, mail, 31-28
xSP server in a hosted 23-8, 23-22, 23-33, 24-26 File names
environment, 12-16 examples, 23-53, 23-55 key ring, 45-2
Execution Control List. See ECL full-text indexes, 24-26 File protection, 34-42
Execution Security Alert dialog groups for database File Protection documents, 34-41
box, 41-2 authorization, 24-27 described, 34-44
trusting signatures, 41-2, 41-13 integrated into primary example, 34-42
Exit command directory, 24-28 File systems
described, A-14 LDAP service, 23-10 searching, 10-9
Expired certificates multiple, 24-33 FileDlgDirectory setting
renewing, 46-21 native documents, 24-7 described, C-34
Explicit policies planning, 24-26 Files
adding, 9-40 replicating, 24-45 compressing when uploading to
assigning, 9-40 setting up, 24-41 to 24-42 Web, 34-29
changing, 9-40 size of, 24-26 displaying, 58-2
described, 9-2 Extended key usage displaying information
removing, 9-40 public keys, 44-13 about, 58-3
Extended accelerator keys. See Extension manager downloading from Web
Shortcut keys Administration Process server, 34-56
Extended access and, 15-30 managing, 58-2
disabling, 25-31 preferences, 16-7
Index-13
protecting from Web customizing in Domino
access, 34-41, 34-44 Directory, E-2 G
replicating specific, 7-27 HTML, 36-5 Gateways
Files/Directories to Replicate performance and, 61-3 routing mail to, 27-30
field, 7-27 Forwarding address GetAll command
Filtering in Person document, 27-42 described, I-12
message, 28-20 Forwarding rules GIF files
Find name in domain request, F-29 enabling and disabling support Web server and, 34-24
FindbyKey command for, 28-9 Global Domain documents
described, I-11 FQDN default, 27-55
FindByName command as server’s common name, 2-19 in a hosted organization, 13-5
described, I-12 specifying in Connection LDAP service and, 20-5
Finger Internet service document, 2-17 Global domains
controlling access to, 36-7 specifying in Server configuring, 27-44
Firewalls document, 2-16, 2-22 defining multiple, 27-55
troubleshooting, 63-105 Frame types Global Web settings document, 34-40
using a relay host, 27-58 IPX, 63-70 creating, 13-21, 34-40
Fixup task TCP/IP, 63-68 described, 13-19, 34-34
BRP files, C-115 Free Time database editing, 13-22
options, 58-28 described, 8-1 Gopher Internet service
running, 58-26, 58-30 troubleshooting, 63-45 controlling access to, 36-7
transaction logging and, 55-2 Free-time lookups, 8-5 Graphics
troubleshooting and, 63-99 in non-adjacent domains, 8-6 Web server format, 34-24
use in preparing mail files for FT_DOMAIN_DIRECTORY_NAME Group documents
IMAP use, 31-29 setting editing, 6-10
Fixup_Tasks setting described, C-35 object classes for, 21-5
described, C-34 FT_DOMAIN_IDXTHDS setting Group members
Flat names described, C-35 registering in Notes, 17-18
converting to FT_Index_Attachments setting Group names
hierarchical, 5-67, F-68, F-84 described, C-36 finding, 6-15, F-29
Folder prefixes FT_Intl_Setting setting in Internet message
IMAP, 31-15, 31-17 described, C-36 headers, 28-131
Folders FT_Max_Search_Results setting Groups
creating, 40-17, 49-2 described, C-36 adding and deleting
deleting, 49-2 FT_No_Compwintitle setting members, 6-6
managing, 58-5 described, C-37 adding to Notes, 17-20
Fonts FT_Summ_Default_Language setting Administrator, 13-7
mapping, C-117 described, C-38 assigning a policy to, 6-9
Windows system, C-121 FTG_No_Summary setting creating and modifying, 6-2
Foreign domains described, C-37 creating with Domino
configuring, 27-30 Full-text indexes Administrator, 6-2
scheduling and, 8-6 creating, 50-2 creating with Web
Foreign SMTP domain documents deleting, 50-7 Administrator, 6-4
creating, 27-32 described, 50-1 database authorization, 18-16,
Internet mail configuration directory catalogs and, 24-7, 24-25 23-6, 24-27
and, 27-58 disabling, C-115 deleting, 6-14, 17-42
Format preference for incoming mail Domain Search and, 10-2 Deny List Only, 6-8
setting for IMAP LDAP service and, 20-15 described, 6-1
users, 31-3, 31-23, 31-35 security and, 50-2 directory catalogs and, 24-19 to
setting for POP3 users, 30-7 size, 50-3 24-20, 24-35, 24-42
Forms updating, 50-3, 50-5 to 50-6 editing, 6-10
and document tables, 61-4 finding members, 6-18
and object classes, 21-3 mail, 28-32
managing, 6-8, 6-16
Index-14
registering, 17-39 specifying in Server passthru, 34-2
renaming, 6-10, 17-41, F-50 document, 2-16, 2-22 HTML login form
renaming immediately Hosted environments customizing, 42-10
throughout domain, 6-13 Domino features in, 12-4 HTML preferences
troubleshooting, 63-20 example, 12-16 in Server Web Navigator, 36-12
Windows NT, 17-16 server options, 12-2 HTTP
Hosted organizations activity logging, 57-4
access to Web sites, 14-12 HTTP proxy
H anonymous access to connecting Server Web Navigator
Headers databases, 14-4 through, 36-3
resent, 28-131 deleting, 14-3, F-14 HTTP server task
Headline monitoring disabling services, 14-4 running, 34-5
controlling, 38-16 distribution of data, 12-9 HTTP servers
performance and, 61-6 Internet Site documents Domino working with the IBM
Health reports for, 13-18, 13-20 HTTP Server, 35-2
for servers, 54-11 to 54-12, loopback addresses, 13-17 setup mode setting, C-99
54-14 to 54-15 mail addressing to, 14-16 HTTP service
for servers, purging, 54-12 maintaining, 14-1 binding to an IP address, 2-49
Health_Report_Purge_After_N_Days managing users, 14-14 controlling access to, 36-7
setting managing users and in a hosted environment, 12-13
described, C-38 groups, 14-16 HTTP sessions
Help moving to other servers, 14-5 tracking, 34-13
customer support, 63-4 on multiple servers, 14-2 HTTPEnableConnectorHeaders
Help command policies for, 9-7, 13-4 setting
described, A-15, I-12 registering, 13-5, 13-8, 13-11 described, C-39
Hierarchical IDs registration, F-48 HTTPLogUnauthorized setting
cross-certification by phone, 39-33 removing from an additional described, C-39
cross-certification through Notes server, 14-10 HTTPS
mail, 39-36 security and, 12-3 controlling access to, 36-7
cross-certification through postal server crash recovery in, 14-11 SSL and, 46-18
service, 39-34 server environments for, 12-1 Hub-and-spoke topology
Hierarchical names setting up Domino Certificate example of, 4-10
converting flat names Authority for, 13-3 limitations of, 4-8
to, 59-10, F-84 setup checklist, 13-3 replication and, 4-6
creating scheme for, 1-3 using the Resource Reservations Hunt group connection document
deleting servers with, F-81 database, 14-12 creating, 4-31
Domino Directory and, 18-8 using the Web Hunt groups
server registration and, 3-29 Administrator, 14-15 described, 4-23, 4-31
Hierarchical organizations viewing, 14-14
certification and, 39-27 viewing Web Site and Internet
communication between, 39-27 Site documents, 13-20 I
Holding undeliverable mail Web Site documents for, 13-18, IBM HTTP Server
in MAIL.BOX, 28-40 13-20 to 13-21 setting Domino to work with,
Holiday documents HostedOrganizationAdmin 35-2
creating, 8-17 group, 13-7 IBM Office Vision
modifying, 8-20 Hosting scheduling and, 8-6
Home pages Java applets, 34-10 IBM Tivoli Analyzer
for virtual servers, 3-42 Hosts files Activity Trends, 54-17
Web server, 63-106 system settings for, 2-13 installing, 54-6
Host names HP OpenView overview, 54-1
DNS and, 26-25 and SNMP traps, 53-21 ICL. See Issued Certificate Lists
mail routing and, 26-12, 27-49 HTML ICMNotesPort setting
restricting inbound connections displaying source for Server Web described, C-40
by, 28-71 Navigator, 36-13
Index-15
Icons ImailOpenMailbox command IMAP_Convert_Nodisable_Folder_
Administration Requests described, I-15 Refs setting
database, 15-23 ImailPostMessage command described, C-41
ID recovery described, I-15 IMAP_Session_Timeout setting
administration request, F-30 ImailSetSeen command described, C-43
ID table described, I-16 IMAPDisableFTIImmedUpdate
Note IDs, I-12 IMAP setting
Idle Workload script activity logging, 57-4 described, C-42
described, 62-14 IMAP attributes IMAPDisableMsgCache setting
running, 62-14 adding to IMAP-enabled mail described, C-42
sample, J-4 files, 31-3 IMAPGreeting setting
IDs IMAP delegation described, C-42
defined, 39-1 administration request, F-7 IMAPNotesPort setting
displaying certificates, 39-3 IMAP Initialization Workload script described, C-43
IMAP users and, 31-23 sample, J-5 IMAPRedirectSSLGreeting setting
multiple-password, 39-6 IMAP protocol described, C-43
password protection, 39-4 Domino mail server IMAPShowIdleStatus setting
passwords for, 39-13 and, 26-5, 31-1 described, C-44
recovering, 39-14, in a hosted environment, 12-13 IMAPSSLGreeting setting
39-17 to 39-18, 39-20 IMAP public folders described, C-44
security and, 37-16 designating, 31-15 Inactive documents
server, recertifying, 59-9 IMAP service deleting, 61-25
IDs, certifier, 1-7, 3-34 to 3-35 and shared mail files, 31-12 Inbound connections
Ignore message priority authenticating options, 31-5 restricting for SMTP, 28-71, 28-86
setting for mail routing, 28-39 binding to an IP address, 2-47 Inbound mail routing
IIOP changing default port restricting, 28-70, 28-75, 28-90
in a hosted environment, 12-13 information for, 31-6 Inbound relay controls
setting up, 34-10 configuring internal thread enforcement of, 28-81
Image display use, 31-19 and message transfer, 28-85
performance and, 61-3 customizing, 31-5 Inbox folder
Web server and, 34-24 greetings, 31-21 adding documents to, J-2
ImailCheckForNewMail command limiting sessions, 31-9 Incoming Mail Sound setting
described, I-13 logging in to server, I-15 described, C-44
ImailCloseMailbox command logging out of server, I-15 Index command
described, I-13 mail commands, I-13 to I-16 described, I-16
IMAILExactSize setting NAMESPACE Index entries
described, C-40 command, 31-12 to 31-13 searching, I-11 to I-12
ImailFetchEntry command setting up, 31-4 Index, Domain. See Domain Index
described, I-13 starting, 31-5 Indexes
ImailFetchOld command time-out setting, 60-12 creating, 50-2
described, I-14 IMAP users deleting, 50-7, 58-23
ImailGetLastEntries command allowing SMTP relays from, 28-82 described, 50-1
described, I-14 creating mail files for, 31-26 Domain Search and, 10-2, 48-7
ImailGetNewMail command enabling mail files for, 31-2, 31-10, encrypted fields, 50-2
described, I-14 31-27, 31-30 replicating, 50-1
ImailHelp command setting acceptable login names security and, 50-2
described, I-14 for, 31-24 size, 50-3
ImailListMailboxes command setting up, 31-22 troubleshooting and, 63-99
described, I-14 setting up Person documents updating, 50-3, 50-5 to 50-6, 58-14
ImailLogin command for, 31-23 Indic languages
described, I-15 IMAP_Config_Update_Interval support for, 3-17
ImailLogout command setting INET_Authenticate_with_Secondary
described, I-15 described, C-40 setting
described, C-45
Index-16
Informational logging, 28-7 cross-certification, 39-37 binding to IP addresses, 2-47
iNotes Web Access enforcing encrypted controlling access to, 36-7
active content filtering for, 32-8 transactions, 40-31 default TCP ports, 2-56
adding disclaimers, 32-9 name-and-password proxies for, 2-7
alternate name support in, 32-10 authentication, 42-1, 42-6 Internet Site documents
configuring, 32-4 security, 38-2, 38-4 configuring for hosted
creating a portal for, 32-3 Internet address organization, 3-40, 13-20
customizing, 32-4, 32-7 to 32-9 changing, 5-73 creating, 3-40
overview, 32-1 Internet addresses and DNS outages, 14-11
registering users, 32-2 to 32-3 adding sender’s in outbound in a hosted environment, 13-18
Sametime and, 3-14 mail, 27-50 IMAP configuration
setting up a server for, 3-13 formats for, 28-134 and, 28-60, 31-6
Install directories LDAP service and, 20-5 overview, 3-37
customizing location of, 5-49 outbound mail, 27-54 POP3 configuration and, 30-3
Installation as reply addresses, 27-52 SMTP configuration and, 28-59
automating client, 5-45 Internet addresses, inbound Internet users
batch file, 5-46 looking up in the Domino renaming, 5-66
client, 5-41 Directory, 27-47 InterNotes server
command line, 5-47 Internet certificates described, 36-1
customizing client, 5-47 adding, F-4 saving HTML source, 36-13
End-user with Transform adding to Domino Directory, 47-7 setting up, 36-2
files, 5-50 creating, 47-14 Intranets
interactive mode, 3-5 creating with Domino name-and-password
multi-user client, 5-46 Directory, 47-10 authentication, 42-1
by scriptable setup, 5-52 deleting, 47-12 Invitations
script mode, 3-7 dual, 47-17 responding to, I-24
setting to multi-user by in a hosted environment, 12-4 IP address configurations
default, 5-49 signing, 47-7 in a hosted environment, 12-5
setting up, 5-42 SSL and S/MIME, 47-5 IP addresses
shared network directory, 5-43 Internet clients binding ports to, 2-46 to 2-47
silent, 3-7 name variations accepted for binding to xSP servers, 13-16
single user, 5-43 login, 31-24 DNS and, 26-25
on UNIX systems, 3-4 Internet cross-certificates multiple, 2-19, 2-22
on Windows systems, 3-3 creating, 47-4 partitioned servers
Installation options described, 39-28 and, 2-21, 2-50
using Transform files, 5-49 Internet domains resolving, 12-14
InstallShield Tuner for Lotus primary vs. aliases, 27-55 restricting inbound connections
Notes, 5-47 Internet mail, 27-38 by, 28-71
InstallType setting restricting inbound, 28-90 using in Connection
described, C-45 restricting documents, 2-18
Interlaced rendering outbound, 28-98 to 28-99 using in Server documents, 2-12
Web images and, 34-24 restricting relays, 28-75 IP names
International characters restricting who can receive, 28-92 specifying in Server
LDAP service and, 20-32 routing, 26-23, 27-6, 27-34, document, 2-16, 2-22
International settings 27-37 to 27-38, 36-9 IPv6 standard
specifying for Web, 34-31 troubleshooting, 63-107 described, 2-25
Internet Internet passwords, 42-24 enabling support for, 2-45, C-110
anonymous security and, 42-24 IPX/SPX
access, 42-25 to 42-26 user registration and, 42-3 assigning sockets, 2-62, C-70
connecting Server Web Navigator Web Administrator, 16-19 frame types, 63-70
through, 36-3 Internet protocols integrating Domino
connecting to, 4-21 to 4-22, 4-40 setting up passwords for, 42-3 with, 2-29, G-1
creating a key ring and certificate Internet services name resolution in, 2-30, 63-72
request, 45-2 accessing, 36-7
Index-17
Notes port for, 2-34 to 2-36, retrieving journaled LANs
2-38 to 2-42, 2-61 messages, 28-113 connecting servers on, 4-15
NOTES.INI settings, 2-64 setting up, 28-106 integrating Domino with, 2-2
security, 2-9 JPEG files network compression and, 2-42
setting up servers on, 2-32, 2-61 Web server and, 34-24 setting up servers on, 2-32
Token-Ring and, 63-71 troubleshooting, 63-55
troubleshooting, 63-70 LDAP accounts
ISpy database K compared to directory
creating mail-in database record Keep alive headers assistance, 23-9
for, F-7 sending to Web server, 34-53 planning, 18-5
ISpy task Key ring files LDAP activity logging
mail routing event generator changing the password for, 46-22 information logged, 57-4
and, 52-7 creating a test version, 46-22 limiting information
starting and stopping, 52-13 creating for internal CA, 45-2 logged, 57-13
TCP server event generators displaying, 45-7 LDAP directories
and, 52-11 entering for server, 46-15 alias dereferencing and, 23-48
troubleshooting with, 63-2 exporting, 45-7 authenticating SSL clients, 46-25
Issued Certificate Lists merging a certificate from an authenticating Web clients
described, 44-2 external CA, 46-9 with, 42-23
merging server certificates authenticating Web users
into, 46-12 with, 40-7
J naming, 45-2 connecting using SSL, 47-23
Java agents viewing certificates, 46-20 described, 23-1
restricting, 40-18 Key usage extensions directory assistance, 23-3, 23-6,
Java applets public keys, 44-12 23-9, 23-11, 23-37, 23-43
hosting, 34-10 Keyboard shortcuts. See Shortcut failover, 23-22
on Web server, 34-2 keys LDAP service referrals to, 20-33
Java servlets KeyFileName setting lookup command, I-17
managing, 34-13 described, C-49 Notes distinguished names
JavaEnableJIT setting Keys in, 23-49
described, C-46 private, 43-1 search filters and, 23-46
JavaJITName setting public, 43-1 server passwords for
described, C-46 KitType setting connecting, 23-44
JavaMaxHeapSize setting described, C-50 LDAP features
described, C-46 overview, 18-3
JavaMinHeapSize setting
described, C-47 L LDAP migration tool, 20-2
LDAP operations
JavaNoAsyncGC setting LAN Connection document extended ACLs and, 25-6
described, C-47 creating, 4-15 LDAP schema
JavaNoClassGC setting LANA numbers
checking, 21-18 to 21-19
described, C-47 NetBIOS ports and, 2-58 described, 21-1
JavaScript Language codes Domino, 21-2
on Web server, 34-2 specifying for a character set
Domino LDAP Schema
JavaStackSize setting group, 28-120 database, 63-34
described, C-48 Language groups extending, 18-19, 21-10, 21-16 to
JavaUserClasses setting configuring font options
21-17, E-3, E-7 to E-9,
described, C-48 for, 28-126 E-16 to E-17, E-20
JavaVerbose setting Languages retrieving, 21-20
described, C-48 choosing default for Web, 34-31
root DSE searches, 21-20
JavaVerboseGC setting Domain Search and, 10-1 viewing, 21-9
described, C-49 LDAP service tags, 20-29 LDAP service
Journaling LANnumber setting
anonymous search
mail, 28-105 described, C-50 access, 20-16 to 20-17, 20-20
methods, 28-109 binding to an IP address, 2-47
Index-18
client setup, 20-34 LDAPBatchAdds setting LocalDomainServers group
condensed Directory Catalogs described, C-51 access level, 7-6, 40-3
and, 20-6 LDAPConfigUpdateInterval setting described, 6-1
configuration, 20-9, 20-37 described, C-51 directory catalogs and, 24-20
described, 20-1 to 20-2 LDAPGroupMembership setting Location documents
directory assistance and, 20-6, described, C-52 Internet addresses in, 27-53
23-10 to 23-11, 23-17 to 23-18 LDAPLookup command Location setting
directory search order, 18-16 described, I-17 described, C-54
directory tree verification, 20-4 LDAPNotesPort setting Log file
disabling, 20-8 described, C-53 accessing, 56-5
distinguished names LDAPPre55Outlook setting activity logging
and, 20-3 described, C-54 information, 57-1, 57-13
Domain Index searches, 20-36 ldapsearch utility Agent Manager and agents, 63-12
Extended Directory Catalogs described, 22-1 analyzing, 56-5
and, 20-6 examples, 22-6 compacting, 56-1
full-text indexes and, 20-15 operational attributes and, 22-5 Domino server, 56-1
in a hosted environment, 12-13 parameters, 22-2 Domino Web server, 56-12
Internet address planning, 18-6 extended ACL, 25-31
formation, 20-5 search filter operators, 22-5 logging modem I/O in, 63-48
Internet Draft supported, 20-42 search filters, 22-4 NOTES.INI settings, 56-2
language tags, 20-29 ldapsearch.exe NSD, 63-96, 63-101
monitoring, 20-37 retrieving schema with, 21-20 passthru connections and, 63-79
name and password Leased-line connections replication events, 58-8
authentication failure, 63-31 connecting to the Internet by, 4-21 replication views, 63-80
name-and-password Librarians Results database, 56-5
security, 20-31 assigning, 51-3 Schedule Manager errors in, 63-47
NOTES.INI settings, 20-41 database libraries, 51-2 searching, 56-5
performance settings, 20-28 Libraries. See Database libraries selecting level of
planning, 18-4 License tracking logging, 28-7, 56-3
ports and port security, 20-12 described, 5-85 troubleshooting with, 63-2
preventing use of primary License tracking information using commands to record
Domino Directory, 23-27 updating in Domino information, 56-3
referrals, 20-33 Directory, F-65 viewing the Domino server, 56-3
RFCs supported, 20-42 Linux Log filters
schema daemon, 21-5, configuring partitioned for events, 52-15
C-88 to C-89 servers, 2-50 Log setting
schema database, 21-7 configuring SNMP Agent described, C-55
search, 20-28 for, 53-13 for log file size, 56-1
secondary directories, 18-4 Listener task LOG.NSF, 28-7
setting up, 20-7 Server document, 27-41 introduced, 56-1
starting and stopping, 20-8 SMTP, 27-41 monitoring servers and, 52-3
statistics, 20-38 Live console Log_AgentManager setting
Tell commands, A-53 Web Administrator and, 16-26 described, C-55
time-out setting, 20-28 LNSNMP service Log_Authentication setting
troubleshooting, 63-31 removing, 53-11 described, C-56
Unicode and, 20-3 LNSNMP.INI file Log_Connections setting
UTF-8 encoding, 20-32 configuring, 53-9 described, C-57
write operations, 20-22 to 20-23, Load command Log_Console setting
20-25 to 20-26 described, A-15 described, C-57
LDAP_MailOnlyGroupOption Load server command Log_DirCat setting
setting running server tasks, B-1 described, C-58
LDAPGroupMembership troubleshooting, 63-91 Log_Replication setting
setting, C-53 LocalDomainAdmins group described, C-59
described, 6-2 troubleshooting and, 63-80
Index-19
Log_Sessions setting held, 28-16 Mail file size
described, C-59 limiting the size of calculating, 28-14
Log_Tasks setting messages, 28-28 Mail files
described, C-60 pending, 28-16 converting for IMAP, 31-2, 31-10,
Log_Update setting polling, I-19 31-29 to 31-30
described, C-60 restricting, 28-70, 28-90 creating, J-4, , 31-26
Log_View_Events setting routing from Web page, 36-9 delegating access
described, C-61 security, 29-4 to, F-9 to F-10, 31-13
LogFile_Dir setting shortcut keys, H-7 to H-8 deleting during Delete user, 5-73
described, C-58 signing, 43-9, 43-11, C-90 encrypting, 31-24, 43-8
Logging tracing connections, 63-37 for hosted organizations, 13-5
configuring for Domino Web virus protection, C-71 initializing, J-4
server, 56-12 Mail activity logging move request, F-31
to the console, 52-21 information logged, 57-6 moving, 5-77, 29-21
informational, 28-7 Mail addresses overview, 26-12
internal server errors, 56-10 formats for Internet, 28-134 POP3 user and, 30-10
phone calls, C-76 Mail addressing quotas, 28-10 to 28-11, 28-15 to
replication, 63-80 directory assistance and, 23-8 28-16, 28-28
Web server requests, 56-8 directory catalogs and, 24-4, 24-29 replication and shared mail, 29-19
Logging level domain names and, 63-40 shared, 31-13
selecting, 28-7 format for sending to another troubleshooting, 63-36
Login names Domino domain, 26-21 Mail files, storage format, 26-13
authentication for Internet and groups, 28-32 setting for IMAP users, 31-3,
clients, 31-24 for hosted environments, 14-16 31-23, 31-35
Login scripts Mobile Directory Catalogs setting for POP3 users, 30-7
editing, 4-51 and, 24-3 Mail journaling
making a call with, 4-50 type-ahead, 28-6 defined, 28-105
Lookup command Mail agents retrieving journaled
described, I-17 controlling, 28-9 messages, 28-113
Loopback addresses Mail clients specifying messages to
creating, 13-17 POP3, 30-11 journal, 28-113
Lotus NDS Manager supported, 26-15 Mail Journaling database
administering Windows clients Mail connections managing, 28-109
with, G-3 routing and, 27-2 setting up, 28-106
for IPX/SPX setup, G-1 Mail conversion utility Mail menu
Lotus Organizer enabling mail files for IMAP, 31-2 hiding, C-72
scheduling and, 8-6 Mail databases Mail Notification Agent, 5-57
Lotus Support Services archive criteria, 9-28 Mail priority level, 28-27
contacting, 63-4 archive log, 9-24 disregarding during
Web site, 63-4 archiving, 9-22, 9-25 routing, 28-39
LotusScript agents IMAP service and, 31-2 Mail protocols
restricting, 40-18 moving, 54-53 in a hosted environment, 12-13
Low-priority mail overview, 26-12 supported, 26-2
generating delay notifications sharing IMAP, 31-13 Mail recipients
for, 28-30 Mail delivery looking up in the Domino
LSCHEMA.LDIF configuring, 28-8 Directory, 27-47
described, 21-2, 21-5 shared mail and, 29-8 restricting, 28-92
Mail encryption administration Mail relays
M request, F-31 and outbound mail routing, 27-33
Mail Mail file quotas restricting, 28-75
blocking, 28-20 enforcing, 28-14, 28-28 Mail reports
encrypting, 28-9, 43-4, 43-7, 47-13,
shared mail and, 29-4 generating, 33-12
47-15, C-90 soft deletions and, 28-14 setting up a Reports
error messages, 28-46 database, 33-4
Index-20
troubleshooting with, 63-2 using a firewall, 27-58 MAIL6EX.NTF
Mail routing using a smart host, 27-43 using, 32-11
configuring, 27-37 using multiple Internet domain Mailboxes
configuring delivery, 28-8 names, 27-44 setting number of, 60-12
connection costs and, 28-53 using multiple mailboxes, 28-4 setting up multiple, 28-3 to 28-4
controlling message workstation setup, 63-42 MailCharSet setting
transfer, 28-26 Mail routing event generators described, C-61
customizing Notes routing, 28-50 creating, 52-7 MailCompactDisabled setting
described, 26-1, 26-8 Mail rules described, C-63
DNS and, 26-25 forwarding, 28-9 MailCompactHour setting
domain documents journaling, 28-113 described, C-63
and, 27-23, 27-26 reloading, 28-21 MailConvertMIMEonTransfer setting
Domino Directory and, 26-9 setting server, 28-20 described, C-63
examples, 27-9 Mail servers Mail-in Database document
forwarding addresses, 27-42 described, 26-1, 26-5 creating, 48-5
improving Mail storage statistics, 52-35
performance, 28-2 to 28-3 formats, 26-13 Mail-in statistics
IP addresses and, 26-10, 26-12 Mail templates using, 52-35
in local Internet MAIL6EX.NTF, 32-11 MailServer setting
domain, 27-4, 27-39 Mail trace described, C-64
logging and, 28-7 troubleshooting with, 63-2 MailSystem setting
mail clients and, 27-3 Mail tracking described, C-65
for mail outside the local Internet configuring servers for, 33-8 MailTimeout setting, 28-37
domain, 27-6, 27-38, 28-85 from the Domino described, C-66
MAIL.BOX databases Administrator, 33-10 MailTimeoutMinutes setting
and, 28-3 to 28-4 overview, 33-1 described, C-66
message priority and, 28-27 troubleshooting with, 63-2 Mailto
Notes protocols and, 26-17, 26-19 Mail Tracking Collector task setting up, 36-9
to 27-20, 28-36 controlling, 33-5 Maintain Trends database record
obeying database quotas, 28-11 Mail usage reports request, F-30
over dialup connections, 27-59 described, 33-2 Manage Groups tool
over SMTP, 26-23, 27-32, 27-34, generating, 33-12 using, 6-16
27-37, 28-57 viewing, 33-16 Manager access
relay hosts and, 27-33 Mail, dead actions, 40-14
requirements, 28-2 described, 28-41, A-39 privileges, 40-16
resolving addresses, 27-42 Mail, undeliverable Map_Retry_Delay setting
restricting for Notes, 27-28, releasing from server, A-39 described, C-66
27-31, 28-55 returning, 28-37 Maps
restricting inbound Internet MAIL.BOX databases replication topology, 7-34
mail, 28-71, 28-90 compacting, 63-43 Master Address Book. See Directory
restricting inbound mail, 28-70 corrupt, 63-43 assistance
restricting inbound relays, 28-75 described, 27-1 Maximum concurrent transfer
restricting message size, 28-28 setting up multiple, 28-3 to 28-4 threads
restricting outbound messages, troubleshooting with, 63-2 setting, 28-33
28-98 to 28-99 undeliverable mail, 28-41 Maximum delivery threads, 28-9
restricting recipients, 28-92 Mail/ID registration options Maximum hops
Route command, A-24 Windows NT and Notes, 17-11 setting, 28-33
routing table and, 26-10 Mail_Disable_Implicit_Sender_Key Maximum message size
scheduling Notes routing, 28-50 setting setting, 28-28
SMTP, 27-41 described, C-64 Maximum transfer threads
SMTP protocol and, 26-21 Mail_Log_To_MiscEvents setting setting, 28-33, 60-11
stopping, 27-5 described, C-64 Maximum Transmission Unit.
topology, 27-2 Mail_Skip_NoKey_Dialog setting See MTU setting
troubleshooting, 63-36 described, C-65
Index-21
Meetings synchronizing with Domino database size, 61-13
troubleshooting, 63-45 Directory, 17-25, 17-38 events, 52-22, 52-24
Memory Microsoft IIS events and statistics, 52-2
displaying, A-32 setting Domino to work headline, 38-16
Memory requirements with, 35-3 mail, 26-17
for servers, 60-3 Microsoft Management Console overview, 52-1
Memory_Quota setting Notes registration and, 17-29 performance, 52-36
described, C-67 MIME messages server activity, 54-17
Message caching 8-bit and ESMTP, 28-96, server connections, 52-6
disabling, C-73 28-103 to 28-104 server tasks for, 52-1
Message conversion converting, 28-122 Server.Load metrics, 62-10
mail routing and, 27-1 converting addresses in, 27-50 setting preferences for, 16-8, 52-25
Message delivery converting to Notes format, 27-1 statistics, 52-9, 52-31
configuring, 28-8, 60-11 Domino mail server and, 26-3 threshold values, in Server Health
Message filtering encrypting, C-100, C-101 Monitor, 54-10
using mail rules for, 28-20 setting character set options tools, 52-1 to 54-2
Message headers for, 28-118 Monitoring Configuration database
MIME, 28-131, 28-134 setting options for described, 52-1
Message journaling. See Mail processing, 28-115 document types, 52-2
journaling Minimal logging, 28-7 location, C-83
Message priority level, 28-27 MinNewMailPoll setting viewing statistics in, 52-32
disregarding during described, C-67 wizards for, 52-13
routing, 28-39 Miscellaneous Events view Monitoring Results database
Message size corruption messages, 58-25 described, 52-1
restricting, 28-28 Mixed-release environments performance statistics and, 52-36
Message tracking log file analysis, 56-7 Move mail file
configuring servers for, 33-8 MMC administration requests, F-31
controlling, 33-5 Notes registration and, 17-29 Move roaming user
from the Domino Mobile directory catalogs administration requests, F-42
Administrator, 33-10 described, 24-3 Move_Mail_File_Expiration_Days
overview, 33-1 multiple, 24-33 setting
in Web Administrator, 16-27 setting up, 24-34 to 24-35 described, C-67
Message transfer Modem command files MT Collector task
controlling, 28-26, 28-33 described, 4-34 controlling, 33-5
Message validation modifying, 4-49 described, 33-1
SSL, 46-1 troubleshooting, 63-48 MTA servers
Messages Modems and interoperability with other
disabling, A-22, A-44 displaying input/output, C-121 mail systems, 26-14
encrypting for delivery, 28-9 logging modem I/O, 63-48 MTC task
MIB number to use, 4-33 controlling, 33-5
overview, 53-7 troubleshooting, 63-48 described, 33-1
using with SNMP, 53-21 Modify CA Configuration in Domino MTCDailyTasksHour setting
Microsoft Active Directory Directory request, F-30 described, C-68
deleting users and groups, 17-42 Modify ID recovery information in MTMaxResponses setting
directory assistance search Domino Directory described, C-68
filters, 23-46 request, F-30 MTU setting
mapping containers to Notes Modify room/resource in Domino troubleshooting, 63-68
certifiers and policies, 17-32 Directory request, F-31 Multilingual applications
mapping fields with Domino Modify user information stored in setting up Web for, 34-32
Directory, 17-31 Domino Directory Multiple replicators
registering existing users, 17-35 administration request, F-31 and scheduled replication, 7-30
registering new groups, 17-39 Monitoring Multiple-password IDs
registering new users, 17-33 checklist for, 63-6 described, 39-6
renaming users and groups, 17-41 database cache, 61-10
Index-22
Multi-user client installation, 5-46 server, deleting, 59-8 NetWareSocket setting
MX records server, finding, 59-11 described, C-70
described, 26-25 Names setting NetWareSpxSettings setting
examples, 26-27 described, C-68 described, C-70
NAMES.NSF, 19-1 Network Address Translation.
customizing, E-22 See NAT
N NAMESPACE command Network connections
NABRetrievalPOP3Mail command enabling support dropping, I-9
described, I-18 for, 31-12 to 31-13 testing, 63-77
NABUpdate command Naming contexts. See Naming rules tracing, 63-77, A-59, C-76
described, I-18 Naming conventions Network Dialup
NAMAGENT.NSF ACL, 40-4 encrypting Connection
Server.Load agents, 62-4 Domino system, 1-12 documents, 4-46
Name and Address Book. See hierarchical, 1-3 setting up servers to use, 4-36
Domino Directory Notes named networks, 2-33 troubleshooting, 63-74
Name change ports, 2-38 Network ports
refusing, F-56 Program documents, B-2 adding, 2-36, 2-60
Name lookups servers, 2-14, 2-29, 2-31 to 2-32 binding to IP
restricting, 27-47 Naming rules addresses, 2-46 to 2-47
restricting to primary directory assistance, 23-12 compressing data on, 2-42
directory, 28-40 LDAP service and, 23-17 configuring, 2-35, 2-58
Name resolution in IPX trusted, 23-14 deleting, 2-40
troubleshooting, 63-72 NAT disabling, 2-34
Name resolution in NRPC using, 2-18 encrypting, 2-41
described, 2-4 Navigate command fine-tuning, 2-34
ensuring DNS resolves, 2-16 to described, I-18 renaming, 2-38
2-17, 2-19, 2-22 NDS reordering, 2-39, 2-45
over IPX/SPX, 2-30 Domino server and, G-1 Server Setup program and, 2-2
over NetBIOS, 2-28 Notes workstations and, G-5 TCP/IP, 2-12, 2-22
over TCP/IP, 2-11, 2-15, 2-44 NOTES.INI setting, G-7 Network protocols
troubleshooting, 63-66 passwords, C-75 compatible with Domino, 2-2
Name services server names and, 2-32 defined, 2-1
Microsoft, 2-13 specifying distinguished specifying, 4-16
NetWare, 2-30 to 2-32, names, 2-62 Networks
2-61 to 2-62 user IDs, C-75 integrating Domino
Notes, 2-4 NDS objects with, 2-1, 2-10, 2-26, 2-29
Name-and-password Domino server, G-1 to G-2 name resolution, 2-4, 2-11
authentication, 42-8, 46-15 managing, G-4 NOTES.INI settings, 2-64
customizing, 42-3 Nested groups security, 2-6 to 2-7
directory assistance and, 23-3 database authorization, 23-7 NewMail command
Internet/intranet clients NetBIOS described, I-19
and, 28-60, 31-2, 42-1 integrating Domino with, 2-26 NewMailInterval setting
LDAP service and, 20-12, 20-31 name resolution in, 2-28 described, C-70
level, 42-19 Notes port for, 2-34 to 2-36, NewMailTune setting
session-based, 42-6, 42-8, 42-10 2-38 to 2-42, 2-58, 2-60 Incoming Mail Sound
setting up users, 42-3 setting up servers for, 2-32, 2-58 setting, C-44
virtual servers, 3-42 Netscape NewReplicateDB command
Names trusted root, 46-11 described, I-19
changing, 5-56 to 5-57 Web Administrator and, 16-23 NewUserServer setting
for Policy documents, 9-32 NetWare described, C-71
for servers, 2-15, 2-17, 2-19, name services, 2-30 to 2-32, NIS
2-22, 59-10, 2-61 to 2-62 preventing problems with, 2-56
Internet authentication and, 31-24 NetWare Administrator NNN. See Notes named networks
NDS, 2-62 Domino and, G-2, G-4
Index-23
No access Notes name lookups NRPC service
assigning, 40-14 directory search order, 18-17 binding to an IP address, 2-46
privileges, 40-16 Notes Name Service default TCP port, 2-55
No_Force_Activity_Logging setting described, 2-4 described, 2-2
described, C-72 Notes named networks encrypting, 2-41
NoDesignMenu setting defined, 2-3 name resolution in, 2-4, 2-11, 2-15
described, C-71 mail routing and, 26-18 to 2-17, 2-19, 2-22, 2-28, 2-30
NoExternalApps setting setting up, 2-33 NSD log file
described, C-71 Notes names troubleshooting
NoMailMenu setting LDAP directories and, 23-49 and, 63-96, 63-101
described, C-72 Notes network ports. See Network NSF_Buffer_Pool_Size setting
NoMsgCache setting ports described, C-73
described, C-73 Notes protocols NSF_DbCache_Disable setting
Nonroaming users mail routing and, 26-3, 26-19, described, C-74
change to roaming, 5-70 27-4, 27-20, 27-32, 28-50 NSF_DbCache_Maxentries setting
Normal logging, 28-7 Notes Remote Procedure Call described, C-74
Note ID service. See NRPC service Null modems
finding documents by, 63-20 Notes rich text format troubleshooting, 63-51
table of, I-12 in mail messages, 26-13, 27-1 Num_Compact_Rename_Retries
NoteAdd command Notes RPC. See NRPC service setting
described, I-20 Notes templates described, C-74
Notes table of, D-1 NWNDSPassword setting
registering Windows NT users, Notes workstations described, C-75
17-1, 17-8, 17-12, 17-14 configuring for NDS, G-5 NWNDSUserID setting
synchronizing with NOTES.INI file described, C-75
Windows NT, 17-2 to 17-3 adding settings, A-25
Notes client editing, 16-27, C-1
authentication with directory NOTES.INI settings O
assistance, 23-6 Agent Manager, 60-6 Object class hierarchy
authentication with directory database maintenance, 58-41 described, 21-1
catalogs, 24-11 database organization, 49-6 Object classes
connecting to servers, 4-55 database performance, 60-9, 61-29 adding to schema, 21-14
directory servers, 19-15 Domain Search, 10-23 described, 21-1, 21-3
directory services, 18-10 iNotes Web extending, 21-11
installation in a shared Access, 32-8 to 32-9 for Group documents, 21-5
directory, 5-43 LDAP service, 20-41 for Person documents, 21-4
LDAP service and, 20-34 log files, 56-2 Object collect task
Notes Direct Dialup mail, 63-43 use in generating shared mail
Connection documents, 4-35 NDS, G-7 statistics, 29-13
described, 4-34 networks, 2-64 use in resynchronizing mail
setting up, 4-44 scheduling server tasks, B-2 files, 29-22
Notes domains. See Domino domains schema daemon, 21-21 Object Link command
Notes IDs server performance and, 60-4 use in managing shared mail, 29-15
about, 39-1 to 39-2 UNIX server, 60-14 Object Request Broker. See Domino
Notes items NotesBench ORB
sending in Internet message described, 60-2 Object store
headers, 28-134 Novell Directory Service. See NDS defined, 29-1
Notes mail NRPC managing growth
condensed Directory Catalogs mail routing and, 26-3, 26-17 of, 29-10 to 29-11
and, 24-29 troubleshooting, 63-55 Offline Security Policy document
directory assistance and, 23-8 NRPC Mail Initialization Workload creating, 11-7
directory catalogs and, 24-1, script Offline Subscription Configuration
24-3 to 24-4, 24-14 sample, J-8 profile document
creating, 11-11
Index-24
editing, 11-11 IP addresses and, 2-21, 2-50, 2-53 PC-Pine client
Offline subscriptions multiple Web sites configuring, 31-39
overview, 11-1 and, 2-49, 34-20 PEER Agent
Offline users performance, 60-5 and SNMP Agent, 53-14
security, 11-7 port mapping, 2-53 Peer-to-peer topology
tracking, 11-22 removing, 59-13 example of, 4-11
OID for LDAP SNMP and, 53-9 replication and, 4-8
described, 21-12 troubleshooting, 63-78 People
On-demand cross-certificates, 39-32 Passthru connections registering Internet/intranet, 42-3
Online Meeting Place activity logging through, 57-9 Performance
in the Resource Reservations hangup delay setting, C-76 database cache and, 61-9
database, 8-9 troubleshooting, 2-12, 63-79 directory catalogs, 24-18, 24-20,
Open command Passthru HTML, 34-2 24-27, 24-30
described, I-20 Passthru servers Domino Directory, 19-1
Open relays as application proxies for Domino Performance Zone Web
defined, 28-76 NRPC, 2-8 site, 60-1
preventing, 28-76 configuring, 4-27 encryption and, 43-4
OpenView for Windows Connection documents, 4-29 improving, 60-1, 60-3, 61-12
and SNMP traps, 53-21 controlling access to, 38-17 LDAP service, 20-28
ORB. See Domino ORB creating a topology, 4-25 mail, 26-17 28-3, 28-6
Organization certifier IDs, 1-8 described, 4-23 mail routing, 28-2
creating, 3-34 destination servers and, 4-28 monitoring, 52-36
Organization hierarchy topology example, 4-26 networks, 2-42
moving user names in, 5-61 using with hunt groups, 4-24 optimizing, 61-1, 61-3
Organizational policies Passthru_Hangup_Delay setting Server Health Monitor, 54-12
described, 9-2 described, C-76 sources for improving, 60-15
Organizational unit Passthru_LogLevel setting tools, 60-2
certifier IDs, 1-8 described, C-76 troubleshooting, 63-16
creating, 3-35 Password quality scale tuning disk I/O, 60-15
Organizational units described, 39-7 UNIX server, 60-14
Internet, 45-2 levels, 39-4 view indexes and, 58-23
restricting mail based Password recovery. See IDs, Web server, 34-52
on, 28-55 recovering Windows server, 60-13
Organizations Passwords Person documents
restricting mail based assigning, 39-4, 39-8, 42-3 changing during
on, 28-55 change intervals for, 39-10 synchronization, 17-5
OS/2 changing, F-6 IMAP users and, 31-23
error codes, 63-100 checking during authentication, Internet Address
troubleshooting, 63-100 39-8, 39-12, F-60 field, 27-50, 27-53
OS/390. See zOS console, A-26 mail routing and, 26-10
OtherDomainServers group Directory Assistance object classes for, 21-4
access level, 7-6, 40-3 documents, 23-44 password checking, F-60
described, 6-1 IDs and, 39-4 POP3 users and, 30-7
directory catalogs and, 24-20 Internet, 42-24 SSL clients, 47-20
Over quota enforcement for key ring file, 45-2, 46-22 Personal Address Book
configuring, 28-17 multiple, 39-6, 39-13 missing views and, 63-42
NDS, C-75 PhoneLog setting
P recovering. See IDs, recovering described, C-76
Packing density server console, C-92 PHP
condensed Directory troubleshooting, 63-104 configuring a Web site for, 34-40
Catalogs, 24-31 verifying, 39-8, 39-11 Pin lists
Partitioned servers Pause command creating, 54-32
described, 1-6 described, I-21 Ping, 27-38
in a hosted environment, 12-2 troubleshooting and, 63-77
Index-25
Pipelining commands Policy viewer Populate command
supporting via ESMTP, 28-96, described, 9-37 described, I-21
28-103 to 28-104 using, 9-38 Port mapping
PKCS11_Library setting Policy-based registration on partitioned servers, 2-53
described, C-77 with Notes synchronization, 17-6 Portals
Platform command POP3 Initialization Workload script creating for iNotes Web
described, A-16 running, 62-27 Access, 32-3
using, 52-28 sample, J-14 portname_MaxSessions setting
Platform statistics POP3 protocol described, C-80
disabling, 52-30, C-77 Domino mail server and, 26-5 troubleshooting
displaying, 52-27 in a hosted environment, 12-13 and, 63-59 to 63-60
evaluating, 52-28 POP3 service Ports
overview, 52-26 authentication and, 30-2 adding, 2-36, 2-60
troubleshooting, 63-52 binding to an IP address, 2-47 binding to IP
viewing, 52-30 changing default port addresses, 2-46 to 2-47
Platform_Statistics_Disabled setting information for, 30-3 cluster servers and, C-91
described, C-77 clients, 30-11 compressing data on, 2-42
Policies described, 30-1 configuring, 2-35, 28-66, 30-3, 31-5
assigning, 9-6, 9-40 DNS lookups, C-78 controlling access to, 38-14
child policy, 9-4, 9-34 Internet domain names, C-79 deleting, 2-40
creating, 9-7 mail commands, I-18, I-23 disabling, 2-34
examples, 9-4 marking messages as read, C-79 dropping connections, I-9
exceptions, 9-3 message caching, C-78 to C-80 enabling, C-81
for hosted organizations, 9-7, 12-4 Notes port for TCP/IP, C-80 encrypting, 2-41
with Notes synchronization, 17-6 setting up, 30-2 for LDAP service, 20-12
overview, 9-1 starting, 30-3 maximum sessions, C-80
planning, 9-6 updating configuration, C-78 names, 2-38
troubleshooting, 63-109 POP3 users renaming, 2-38
types of, 9-2 activity logging, 57-10 reordering, 2-39, 2-45
viewing, 9-37 to 9-38 allowing SMTP relays from, 28-82 Server Setup program
Policy documents creating mail files for, 30-10 and, 2-2
child policy, 9-34 enabling to send mail, 30-1 SMTP, C-104
creating, 9-32 setting up, 30-7 specifying, 4-16
deleting, 9-35 POP3 Workload script SSL, 46-15, 2-55
in a hosted environment, 13-4 described, 62-26 starting and stopping, A-22
names in, 9-32 running, 62-28 TCP, 2-55, C-110 to C-111
Policy hierarchy sample, J-14 Ports setting
effective policy, 9-36 POP3_Disable_Cache setting described, C-81
examples, 9-4 described, C-78 Ports, communication
Policy settings POP3_Enable_Cache_Stats setting options, 4-47
deleting, 9-35 described, C-79 setting up, 4-34
described, 9-1 POP3_Message_Stat_Cache_NumPer POST command
desktop, 9-14 User setting restricting, 34-29
editing, 9-35 described, C-80 Pre-delivery agents
groups, 6-9 POP3ConfigUpdateInterval setting controlling, 28-9
inheritance, 9-4 described, C-78 Preferences
registration, 9-7 POP3DNSLookup setting Domino Administrator, 16-5, 16-7
security, 9-19 described, C-78 to 16-9, 16-11
setup, 9-12 POP3Domain setting Web Administrator, 16-24
viewing, 9-38 described, C-79 Primary Domino Directory
in Web Administrator, 16-25 POP3MarkRead setting changing to Configuration
Policy Synopsis tool described, C-79 Directory, 19-5
using, 9-36 POP3NotesPort setting directory assistance
described, C-80 for, 23-26, 23-33
Index-26
excluding from LDAP cross-certification and, 39-33
searches, 23-27 described, 38-1, 39-2 R
Extended Directory Catalog encryption and, 43-1, 43-4 R5 IMAP Initialization Workload
in, 24-28 lost or stolen, 39-22 running, 62-17
preventing use as remote mailing, 39-25 R5 IMAP Workload script
primary, 19-8 replacing in address book, 39-23 described, 62-15
Priority restricting, 44-12 running, 62-18
mail routing and, 28-27 verifying, 39-25 sample, J-6
Private design elements Publishing R5 NRPC Mail Initialization script
notifying user of change to, 5-57 to database libraries, 51-3 running, 62-21
Private keys LDAP schema, 21-20 R5 Shared Database script
encryption and, 43-1 PUBNAMES.NTF described, 62-24
Notes certification, 39-2 copying, E-4 running, 62-25
Privileges customizing, E-1 sample, J-12
access level, 40-16 upgrading, E-22 R5 Simple Mail Routing script
extended ACL, 25-3, 25-5 Pull routing described, 62-20
Probes. See Event generators configuring for dialup running, 62-23
Profiles connections, 27-60 sample, J-9
Activity Trends, 54-22 to 54-25 Pull server command, 7-31 RA. See Registration Authority
Server Health Monitor, 54-13 described, A-17 Ratings
Server monitor, 52-43, 54-13 Pull-only replication Server Health Monitor, 54-5
statistic, 52-39 specifying, 7-23, C-95 Read command
Program document Purge agent described, I-22
to compact ADMIN4.NSF, 15-27 enabling, 36-17 Reader access
naming conventions for, B-1 Server Web Navigator, 36-15 actions, 40-14
for scheduling Updall, 50-5 Purge interval privileges, 40-16
ProgramMode setting deletion stubs and, 7-12 Readers field
described, C-81 setting, 28-33 updating, 40-29
Progressive rendering Purge/Compact Realms
Web images and, 34-24 method for managing size of Mail authentication and, 63-104
Properties boxes Journaling database, 28-112 Receipts
shortcut keys, H-5 Push server command configuring Internet, 28-116
Proxies described, A-19 Recertify Certificate Authority in
defined, 2-7 Push-only replication Domino Directory
Domino passthru servers as, 2-8 specifying, 7-23, C-95 administration request, F-47
HTTP, 2-7 Recommendation documents
Internet connections and, 4-22 Web Navigator
specifying for Server Web Q database, 36-11
Navigator, 36-3 Quick console Recovery. See IDs, recovering
PTR records Web Administrator and, 16-26 Redirect URL command
in DNS, 28-71 Quit command finding links with, 34-27
Public access, 40-18 described, A-20, I-22 Referrals
assigning, 40-18 Quotas LDAP service and, 20-33, 23-11
Public Address Book, 19-1 database, 61-23 to 61-24 Refresh agent
passthru access, 38-17 enforcing, 28-16 enabling, 36-18
server access, 38-4 mail, 28-10 to 28-11, 28-15 using, 36-18
Server documents, 39-25 memory, C-67 Register hosted organization
Public documents, 40-18 replication and, C-13, C-83 administration requests, F-48
access to, 40-18 setting Router controls for, 28-17 Registration
Public folders soft deletions and, 28-14 customizing options, 17-8
IMAP, 31-13, 31-15 Quotas, mail existing Active Directory
Public keys shared mail and, 29-4 users, 17-35
copying, 58-26, 63-96, F-6 group member in Notes, 17-18
creating, 39-23 to 39-24
Index-27
hosted organizations, 13-5, Replica stubs multiple replicators, 7-30
13-8, 13-11 described, 63-88 NewReplicateDB
IMAP users, 31-23 troubleshooting, 63-89 command, I-19
Internet/intranet users, 42-3 Replicas non-document elements, 7-15
Microsoft Management Console access levels, 7-6 one-way, A-17, A-19
and, 17-29 concurrent changes to, 58-8 preventing, 7-31, C-94
new Active Directory controlling changes, 40-5 priority, 7-26, 7-28
groups, 17-39 controlling creation of, 38-14 Replicate command, A-20
new Active Directory copying to servers, 48-2 scheduling, 7-24
members, 17-33 creating, 7-9, F-8, I-19 selective, 7-12, 11-22, 15-27
setting preferences, 16-9 creating for multiple server, I-22
from a text file, 5-22 domains, F-77 setting up, 7-20
Windows NT deleting, 58-36 settings, 7-17 to 7-18
users, 17-1, 17-8, 17-12, 17-14 deleting documents from, 7-12 specific databases and, 7-27
Registration Authority deletions, 63-89, 63-90 specifying a group of
tasks, 44-4 described, 7-1 servers, 7-20
Registration policy settings limiting content, 7-12, 7-16 specifying dates, 7-13
creating, 9-7 size of, 63-87 statistics, 63-80
Registration settings documents Replicas, directory strategies, 4-6, 4-8
with Notes synchronization, 17-6 directory assistance time limits, C-82
Relay hosts, 28-85 and, 23-20, 23-36 troubleshooting, 63-80
configuring, 27-58 Replicate command Web applications, 11-22
defined, 27-8 described, A-20, I-22 Replication conflicts
restricting, 28-75 to 28-76, 28-81 Replicate server command, 7-31 consolidating, 58-10
using multiple, 27-33 Replication described, 58-8
Remote connections access levels, 7-6 Replication events
setting up, 4-36 activity logging, 57-10 troubleshooting with, 63-2
troubleshooting, 63-48 CD-ROM updates, 7-17 Replication formulas
types of, 4-34 customizing, 7-11, 7-22 using, 7-14
Remote console database design and, 63-86 Replication history
Web Administrator and, 16-26 deleted documents, 7-7 directory catalogs, 24-39, 24-45
Remote primary directories described, 7-1, 7-3 specifying dates, 7-13
described, 18-2 to 18-3 direction, 7-23 troubleshooting
preventing as, 19-8 directory catalogs, 24-32 with, 63-2, 63-80, 63-85
how servers locate, 19-7 disabling, 7-16, 7-32, 63-89 Replication priority
Remote server console document size and, 7-14 assigning, 7-16
entering server commands, A-1 from Domino Replication topology
Remote servers Administrator, A-19 binary tree, 4-9
number of modems for, 4-33 Domino Directory, 19-17 clusters, 4-8
topology, 4-3 editing conflicts, 63-91 end-to-end, 4-8
topology example, 4-14 enabling, 7-32 hub-and-spoke, 4-6
Remove certificate from Domino or end-to-end topology, 4-8 peer-to-peer, 4-8
LDAP Directory request, F-49 enforcing consistent ACL, 40-28 ring, 4-8
Rename person error tolerance setting, C-82 troubleshooting and, 63-80
refusing name change, F-56 examples, 7-19 viewing, 7-34
Rename Web user administration forcing, 7-33 ReplicationTimeLimit setting
requests, F-57 full-text indexes, 50-1 described, C-82
Repl_Error_Tolerance setting graphical display of Replicator task
described, C-82 topology, 7-34 running concurrently, C-82
troubleshooting and, 63-80 history, 58-6, 58-7 Replicators setting
Repl_Obeys_Quotas setting limiting time for, 7-29 described, C-82
described, C-83 log file, 58-8 Reply addresses
Replica IDs manual, 7-31 in Internet mail, 27-52
assigning access by, 40-10 monitoring, 58-6
Index-28
Report_DB setting Resource Reservations database move request, F-42
described, C-83 access rights, 8-8, 8-16 registering, 5-13
Reporter task creating, 8-7 updating from non-roaming, F-66
sending statistics, C-83 in a hosted environment, 14-12 Roles, 40-20
Reports synchronizing with Domino creating, 40-21
directory catalog, 24-49 Directory, F-5 Domino Directory, 19-10
mail usage, 33-2 troubleshooting, 63-46 troubleshooting, 63-20
REPORTS.NSF (Reports database) using with a Web browser, 8-16 Web Administrator
creating, 33-4 Resources and, 16-20 to 16-21
ReportUseMail setting modify in directory request, F-31 Room resources
described, C-83 troubleshooting, 63-45 in the Resource Reservations
Requests types of, 8-9 database, 8-9
managing certificate, 46-20 Response hierarchy modify in directory request, F-31
Web server, 34-55 performance and, 61-5 setting up, 8-9
Resent headers Response Log documents, 15-36 Root DSE
using, 28-131 Response time searching, 21-20
Reservations server, 60-3 Roots
deleting, 8-17 Restart port command default trusted, 46-11
editing, 8-17 described, A-22 Route command
Resource balancing Restart server command unscheduled mail and, A-24
in Activity Trends, 54-26 described, A-23 Router task
in Activity Trends, Restart Task described, 26-6
setting up, 54-27 described, A-23 reloading configuration of, 27-22
additional statistics, 54-46 Results database server crashes and, 63-100
analyzing distributions, 54-37 database analysis, 58-38 stopping and starting, 27-4
approval profile for, 54-59 from decommissioning a RouterAllowConcurrentXFERToALL
charting options, 54-28 server, 59-3 setting
comparing, 54-39 log events, 56-5, 56-7 described, C-84
creating plan constraints, 54-62 RetrievePOP3Mail command transfer threads and, 28-36
customizing, 54-36 described, I-23 RouterDisableMailToGroups setting
database and server Retry interval described, C-84
locations, 54-27 setting, 28-33 RouterDSNForNULLReversePath
database Return receipts setting
moves, 54-32, 54-53, 54-55 configuring, 28-116 described, C-85
and decommissioning a Return-Receipt-To header RouterEnableMailByDest setting
server, 54-43 configuring for return described, C-85
and Domino Change receipts, 28-116 Routers
Manager, 54-48 to 54-49 Reverse DNS lookups configuring delivery
editing server properties, 54-43 use in controlling inbound SMTP by, 28-8 to 28-9
evaluating server activity, 54-39 sessions, 28-71 connection costs and, 28-53
filtering servers, 54-45 Rewind command described, 26-8, 26-21, 27-1
goals, 54-30, 54-31 described, I-23 mail file quotas
interpreting profile charts, 54-41 Rewind2 command and, 28-16 to 28-17
overview, 54-34 described, I-24 MAIL.BOX databases and, 28-3
plan constraints explained, 54-61 RFCs obeying database quotas, 28-10
plan documents for, 54-53, 54-57, LDAP service, 20-42 shutting down, 27-5
54-60 to 54-64 Ring topology SMTP, 27-37
plan variables, 54-63 replication and, 4-8 Tell commands, A-54
proposals for, 54-38, 54-47 Roaming files TRACERT command and, 63-67
viewing, 54-47 moving, 5-77 updating configuration, 27-22
Resource document Roaming users, 5-9 Routing costs
creating, 8-9 change from nonroaming, 5-70 setting, 28-39, 28-53
editing and deleting, 8-13 change to nonroaming, 5-69 Routing table
plan notification messages, 54-64 deleting, F-21 described, 26-10
Index-29
recalculating, 27-22 Scheduling Notes routing, 28-50 Search results
Routing task Schema access to, 10-12
described, 27-1 adding attributes, 21-13 to 21-14 filtering, 10-13
Routing. See Mail routing adding syntaxes, 21-15 titles in, 10-19
RSA checking, 21-18 to 21-19 Web server, 34-26
trusted root, 46-11 described, 21-1 Searching
RSVP Domino, 21-2 domains, 10-1
command for, I-24 extending, 21-10, 21-17, E-3, E-7 encrypted fields, 50-2
RSVPInvitation command to E-9, E-14, E-16, E-20 file systems, 10-9
described, I-24 publishing, 21-20 SearchMax
RTR_Logging setting root DSE searches, 21-20 number of documents to
described, C-86 viewing, 21-9 display, 34-26
Rules Schema daemon Secondary directories
mail, 28-113 described, 21-5 directory services for, 18-12
NOTES.INI settings, 21-21 LDAP service, 18-4
Schema database Secondary Domino Directory
S deleting documents, 21-17 Administration Process
S/MIME described, 21-7 support, 15-7
encrypted, 47-13 to 47-15 extended ACLs and, 25-7 described, 23-1
setting up clients for, 47-1, 47-13 extending schema directory assistance
Sametime with, 21-13, to 21-17 and, 23-3, 23-8, 23-33
setting up for iNotes Web views, 21-8 to 21-9 LDAP service, 23-10
Access, 3-14 Schema entry name lookups, C-68
Save conflicts searching, 21-20 Secondary name servers
consolidating, 58-10 Schema_Daemon_Breaktime setting adding in Notes, 2-44
described, 58-8 described, C-88 Secure_Disable_FullAdmin setting
Sched_Dialing_Enabled setting Schema_Daemon_Idletime setting described, C-90
described, C-86 described, C-88 SecureMail setting
Sched_Purge_Interval setting Schema_Daemon_Reloadtime setting described, C-90
described, C-86 described, C-88 Security
Schedule Manager Schema_Daemon_Resynctime setting adding cross-certificates on
statistics, C-87 described, C-89 demand, 39-32
Tell commands, A-55 SCOS. See Shared mail anonymous access, 42-25
troubleshooting, 63-47 SCRIPT.DAT file application, 37-14
validation settings, C-87 UNIX installation, 3-7 application design element, 37-15
Schedule_Check_Entries_When_ Scriptable setup authenticating
Validating setting setting up Notes with, 5-52 clients, 31-24, 46-25
described, C-87 Scripts certificates, 39-2
Schedule_No_CalcStats setting commands, 4-53 certifier IDs and, 1-9
described, C-87 editing acquire and login, 4-51 database, 10-12, 40-19
Schedule_No_Validate setting keywords in, 4-52 database access for SSL
described, C-87 making a call with, 4-50 clients, 46-19
Scheduled replication Server.Load, I-1 databases, 38-14
troubleshooting, 63-80, 63-84 Search filters directory links, 49-1
Scheduled reports Directory Assistance Domino Directory and, 18-7, 19-9,
mail, 33-15 documents, 23-46 20-16, 20-22 to 20-23
Schedules Search forms Domino Off-Line Services, 11-7
replication, 7-24 adding categories to, 10-10 encryption, 2-6, 43-1
viewing for replication, 7-34 bookmarks and, 10-18, 10-20 encryption defined, 43-4
Scheduling customizing, 10-18 full-text indexes and, 50-2
example, 8-2 Web clients and, 10-20 ID recovery, 39-14, 39-17
server programs, B-2 Search order IDs and, 37-16, 39-1
setting up, 8-5 directories, 18-15 to 18-17 for Internet/intranet clients, 31-24
troubleshooting, 63-45 directory assistance, 23-16 in a hosted environment, 12-3
Index-30
iNotes Web Access, 32-1, 32-8 workstation, 41-1 fault recovery, 55-10
Internet passwords and, 42-24 Security policy settings hosted organizations and, 14-11
Internet transactions and, 40-31 creating, 9-19 troubleshooting, 63-96
Internet/intranet clients, 42-27 Selection formulas Server documents
keys, 39-2, 43-1 directory catalogs and, 24-20 access lists, 38-2
mail, 21-5, 28-68, 29-4 Selective replication build number in, F-47
mail encryption, 43-7 setting up, 11-22 CPU count field, F-64
mail journaling and, 28-110 Selective replication formulas creating for NDS, G-7
name-and-password access, 42-19 preventing replication of database creation, 38-14
name-and-password ADMIN4.NSF, 15-27 directory catalogs and, 24-8
authentication for Web Self subject DNS resolves in NRPC and, 2-12
clients, 42-6 extended ACL, 25-11 network settings in, 2-36
network, 2-6 to 2-7, 2-9 Self-certified certificate, 46-22 protocol field, F-66
Notes IDs and, 39-1 to 39-2, 39-25 Send copy to mail rule specifying international
offline users, 11-7, 11-10 disabling, 28-9 settings, 34-31
overview, 37-1 SendMessage command time-out settings for Web, 34-53
passwords, 39-4 described, I-24 troubleshooting, 63-39
planning, 2-6, 37-11 SendSMTPMessage command verifying public keys, 39-25
port access, 38-14 described, I-25 Server failures
public and private keys, 39-2 Server access customizing message for, 28-46
public keys, 39-22, 43-4 anonymous, 38-13 Server files
renewing an expired customizing, 38-7 controlling Web browser access
certificate, 46-21 data directory, 49-4 to, 38-23
server, 38-23 denying, 38-4, 38-7 Server Health Monitor
server key ring file, 46-3 passthru, 38-17 configuring, 54-6
Server Web Navigator, 36-8 troubleshooting, 63-91 excluding servers, 54-15
setting up, 37-1 Server administrators overview, 54-2
setting up a Domino 5 certificate changing name of, 59-1 performance of, 54-12
authority, 45-1 Server certificates profiles, 54-13
setting up a Domino CA changing expiration date, 3-32 ratings, 54-5
server, 45-1 merging into key ring file, 46-12 reports, 54-11 to 54-12
setting up anonymous Server Certificate Administration selecting server components, 54-9
access, 42-26 requesting certificate, 46-5 setting up, 54-7
setting up clients for setting up, 46-3 starting, 54-8
S/MIME, 47-13 Server commands statistics, 54-3, 54-13, 54-16
setting up clients for SSL client Agent Manager and agents, 63-12 threshold values, 54-10
authentication, 47-18 entering from the UNIX using, 54-8
setting up clients for SSL server command line, A-8 viewing in Domino server
authentication, 47-3 redirecting command monitor, 54-14
setting up Person documents for output to, A-2 Server IDs
Internet clients using SSL table of, A-10 defined, 39-1
client authentication, 47-20 troubleshooting with, 63-2 overview, 39-1
setting up SSL server Server comparisons recertifying, 59-9
authentication using when decommissioning a replacing, 63-96
SMTP, 47-22 server, 59-5 security and, 39-25
signatures and, 43-11 Server console server access and, 63-95
SNMP, 53-5 commands, I-8 specifying, C-92
SSL, 46-1 described, A-1 Server key ring files
SSL server certificate, 46-5 using at server, A-2 creating, 46-3
trusted root certificates, 47-3 Server Console Configuration Server monitor
verifying passwords, 39-8 document adding a task, 52-43
verifying public keys, 39-25 settings in, 52-21 adding servers, 52-44
virtual Web servers, 3-42 Server crashes changing default settings, 16-8
Web Administrator, 16-18 database indexes and, 63-99 overview, 52-40
Index-31
profiles, 41-13, 52-44, 54-13 setting cache options, 36-18 Server-based certification authority
Server Health monitor, 54-2 setting up, 36-2 creating an Internet CA, 44-8
starting, 52-41 starting and stopping, 36-3 ServerKeyFileName setting
using, 52-44 Server.Load described, C-92
views, 52-41 agents, 62-4 ServerName setting
Server names capacity planning with, 60-2 described, C-94
deleting, 59-8 changing script variables, 62-10 ServerNoReplRequests setting
finding in domain, 59-11 described, 62-1 described, C-94
IP names and, 2-14, 2-22 metrics, 62-7, 62-10 preventing replication with, 7-31
upgrading to hierarchical, 59-10 modifying built-in scripts, 62-11 ServerPullReplication setting
Server ports setting stop condition, 62-10 described, C-95
access to, 38-14 setting up, 62-12 ServerPushReplication setting
Server programs test parameters, 62-6 described, C-95
SSL and, 46-1 testing commands, 62-11 Servers
Server protocol information troubleshooting, 63-110 access, 38-2, 38-4
updating, F-66 Server.Load scripts access levels for, 7-6, 40-13
Server registration built-in, 62-2, 62-11, 62-14 to access to databases, 7-5
administration requests, F-59 62-15, 62-20, 62-24, 62-26, adding hosted organizations
Server security, 38-23 62-30 to 62-31 to, 14-2
Server setup profiles commands, 62-11, I-1 adding to clusters, F-5
creating, 3-21 critical region, I-4, I-10 administering, 16-4
silent, 3-25 custom, 62-3, 62-11 backing up, 63-7
using, 3-22 list of, 62-2, J-1 capacity, 60-3
Server Statistic Collection loops, I-4 to I-5 changing administrator of, 59-1
document pausing, I-21 configuring for LANs, 2-19, 2-32,
creating, 52-25 restarting, I-23 to I-24 2-43, 2-58, 2-61
Server tasks running, 62-3, 62-11, 62-14, 62-17 configuring for NDS, G-6
adding, 52-43 to 62-18, 62-21, 62-23, 62-25, connecting, 4-1, 4-4
monitoring, 52-1, 52-44 62-27 to 62-28, 62-30, 62-34 database creation, 38-14
running, B-1 samples, J-1 decommissioning, 54-43, 59-3,
scheduling, B-2 stop conditions, 62-10 59-12
settings for, C-97 to C-98 variables, 62-10 delete requests
SSL and, 46-1 Server_Availability_Threshold for, F-25, F-78, F-81
status level, 52-42 setting deleting hosted organizations
table of, B-3 described, C-91 from, 14-3
Server topology Server_Cluster_Default_Port setting Domain Search requirements,
planning, 1-2 described, C-91 10-2
Server Web Navigator Server_Console_Password setting editing properties for resource
about the Averaging agent, 36-19 described, C-92 balancing, 54-43
access to Internet services, 36-7 Server_Max_Concurrent_Trans encrypting mail files, 43-8
changing appearance of setting environment for service
pages, 36-12 described, C-93 providers, 12-1
controlling access to sites, 36-6 Server_MaxSessions setting evaluating for resource
customizing, 36-6 described, C-93 balancing, 54-39
described, 36-1 troubleshooting filtering for resource
displaying authors, 36-12 and, 63-59 to 63-60 balancing, 54-45
displaying HTML source, 36-13 Server_Restart_Delay setting functions, 1-2
managing size of database, 36-16 described, C-96 Health reports, 54-11 to 54-12
moving out of data Server_Restricted setting hierarchical names, C-94
directory, 36-14 described, C-96 installing, for hosted
private page access, 36-5 Server_Session_Timeout setting environments, 13-2
proxies, 36-3 described, C-96 limiting replication time, 7-29
renaming database, 36-14 Server_Show_Performance setting limiting transactions, C-93
retrieval settings, 36-6 described, C-97 managing, 59-1
Index-32
maximum sessions, C-93 server options, 12-2 Shared installation, 5-43
naming, 1-3, 2-14 to 2-17, 2-19, setting up environment for, 13-1 Shared mail
2-29, 2-31 to 2-32 using the Resource Reservations clusters and, 29-20
partitioned, 1-6, 2-21, 2-53, 59-13 database, 14-12 described, 29-1, 29-5
passthru, 2-8, 4-23, 38-17, Web Administrator and, 16-26 disabling, 29-25
password checking on, 39-12 Servlets excluding mail files, 29-17
performance, 60-3 managing on Web server, 34-13 including mail files, 29-17
performance tools for, 54-2 Sessions linking mail files to, 29-15
proxy, 2-7 closing, I-25 managing, 29-11, 29-21
recertifying, F-47 IMAP, 31-9, 31-19 moving mail files and, 29-21
registering, 3-29 opening, I-26 object store, 29-1
remote connections, 4-3, 4-34 SessionsClose command replicated mail files and, 29-19
removing from cluster, F-49 described, I-25 restoring, 29-23
renaming, F-68, F-87 SessionsOpen command security, 29-4
replicating groups of, 7-20 described, I-26 settings, C-100
restarting, A-23, C-96 Set Configuration command statistics, 29-13
secondary name, 2-44 described, A-25 troubleshooting, 63-39
setup address, C-99 troubleshooting, 63-91 using for transfer and
setup name, C-99 Set directory filename request, F-60 delivery, 29-8
SSL connections, 46-18 Set Rules command Shared mail databases
swap file, C-109 described, A-25 deleting, 29-24
time-out setting, C-96 Set SCOS command inactive, 29-2
topology, 4-6, 4-9 described, A-25 purging obsolete messages
tracing connections, 63-77 Set Secure command from, 29-22
troubleshooting mail described, A-26 setting up, 29-5, 29-9 to 29-11
routing, 63-43 Set Statistics command using multiple, 29-2
UNIX performance, 60-14 described, A-27 Shared_Mail setting
verifying public keys, 39-25 Set user name and enable schedule described, C-100
viewing health of, 54-14 agent request, F-61 Shell commands
Windows, performance, 60-13 Set Web admin fields using, A-3
Servers, external request, F-61 Shortcut keys
access levels for, 7-7 Set Web user name and enable for accessibility, H-1
Servers, partitioned scheduled agent, F-61 for cursor, H-8
SNMP and, 53-9 SetCalProfilecommand database, H-4
ServerTasks setting described, I-26 dialog box, H-5
described, B-2, C-97 SetContextStatus command document, H-6, H-7, H-8
ServerTasksAt setting, B-2 described, I-26 Domino Administrator, H-3
ServerTasksAt2 setting, 50-4 Setup policy settings properties box, H-5
ServerTasksAthour setting creating, 9-12 views, 58-21, H-10
described, C-98 Setup profiles Show Allports command
Service providers creating, 3-21 described, A-27 to A-28
Activity Logging silent, 3-25 Show Cluster command
for, 13-23 to 13-24 using, 3-22 described, A-29
and DNS outages, 14-11 Setup program. See Domino server Show Configuration command
Domino features for, 12-4 Setup setting described, A-29
environment example, 12-16 described, C-98 Show Directory command
Global Web Settings documents Setup=AT command described, A-30
for, 13-21 troubleshooting and, 63-48, 63-51 Show Diskspace command
mail and directory protocols SetupDB setting described, A-30
for, 12-13 described, C-99 Show Heartbeat command
managing users, 14-14 SetupServerAddress setting described, A-32
security for hosted described, C-99 Show Memory command
organizations, 12-3 SetupServerName setting described, A-32
server environment for, 12-1 described, C-99
Index-33
Show Opendatabases command Extended Directory sample, J-14
described, A-32 Catalog, 24-26 SMTP Listener task
Show Performance command increasing database, 61-23 enabling or disabling, 27-41
described, A-33 index, 50-3 starting and stopping, 28-57
Show Port command Java heap, C-46 to C-47 SMTP protocol
described, A-33 Java stack, C-48 DNS and, 26-25
Show Schedule command mail file, 28-11 Domino mail server and, 26-3
described, A-34 MIME message, C-40 mail routing and, 26-21, 27-37
Show SCOS command NSF buffer pool, C-73 SMTP routing
described, A-35 replica, 7-12, 63-87 configuring multiple relay
Show Server command Server Web Navigator hosts, 27-58
described, A-36 database, 36-16 customizing, 28-57
Show Stat command transaction log, C-113 relay hosts and, 27-33
described, A-37 SIZE extension SMTP Workload script
using, 52-28, J-4 enabling, 28-96, 28-103 to 28-104 described, 62-26
Show Stat Platform command Size quotas running, 62-28
described, A-38 database, 61-23 to 61-24 sample, J-14
using, 52-27 mail, 29-4, 28-10, 28-15 to 28-16, SMTP_Config_Update_Interval
Show Tasks command 28-28, 28-55 setting
described, A-39 Smart hosts described, C-102
Show Transactions command for mail routing, 27-5, 27-43 SMTPAllHostsExternal setting
described, A-39 SMIME_Strong_Algorithm setting described, C-101
Show Users command described, C-100 SMTPDebug setting
described, A-41 SMIME_Weak_Algorithm setting described, C-102
Show Xdir command described, C-101 SMTPDebugIO setting
described, A-41 SMTP described, C-103
directory assistance and, 23-60 activity logging, 57-10 SMTPExpandDNSBLStats setting
Signatures binding to an IP address, 2-47 described, C-103
described, 43-9 changing default port SMTPGreeting setting
sent mail and, 43-11 information described, C-104
Signing for, 28-58, 28-60, 28-66 SMTPMaxForRecipients setting
databases and templates, 48-7 IMAP clients and, 31-1 described, C-105
defined, 43-9 in local Internet domain, 27-39 SMTPMTA_Space_Repl_Char setting
documents and mail, 43-9 mail commands, I-25 described, C-105
dual Internet certificates requirements for routing, 28-2 SMTPNotesPort setting
and, 47-17 restricting inbound connections, described, C-104
Silent install 28-71, 28-75 SMTPNoVersionInRcvdHdr setting
UNIX, 3-7 setting up SSL server described, C-104
Single sign-on authentication, 47-22 SMTPRelayAllowHostsandDomains
configuring, 42-13 to 42-14, 42-18 setting up SSL server setting
configuring for a Web Site, 42-17 authentication for Notes and described, C-106
Domino and WebSphere, 42-12 Domino using, 28-68 SMTPSaveImportErrors setting
troubleshooting, 63-106 using inside the local Internet described, C-106
Single-copy object store. See Shared domain, 26-23 SMTPStrict821AddressSyntax setting
mail using outside the local Internet described, C-107
Site documents. See Internet Site domain, 26-24, 27-38 SMTPStrict821LineSyntax setting
documents SMTP addresses described, C-107
Site Profile document inbound lookup, 27-47 SMTPTimeoutMultiplier setting
creating, 8-9 SMTP configuration described, C-108
Size updating, 27-65 SMUX protocol
attachments, 7-14 SMTP connection documents and SNMP Agent, 53-14
Console Log file, C-16 creating, 27-34 Snap-in registry values
database, 61-12 to 61-13 SMTP Initialization Workload script configuring, G-3
database cache, 61-9, C-74 running, 62-27
Index-34
SNMP LDAP directories and, 23-43 Stamp command
Domino events, 53-4 LDAP lookups, 47-23 described, I-26
floating-point support, 53-7 LDAP service and, 20-12 Start Consolelog command
INI file configuratrion, 53-9 merging certificates, 46-9 described, A-43
MIB, 53-5 merging server certificates, 46-12 Start Port command
on partitioned servers, 53-9 NOTES.INI settings, 46-19 described, A-44
overview, 53-1 overview, 46-1 STARTTLS extension
security, 53-5 passwords, 42-3, 42-24 enabling for SMTP, 28-68
traps, 53-21 to 53-23 Person documents for client enabling for SMTP
troubleshooting, 53-10 authentication, 47-20 inbound, 28-96
using Domino MIB with, 53-21 resuming sessions, 46-19 Stash files
SNMP Agent server authentication and, 47-3 setting up for SSL, 46-5
alerts, 53-2 server authentication using Statistic alarms
Sockets SMTP, 47-22 reporting, 52-9
IPX/SPX addresses and, 2-62 server certificate request, 46-5 for Server Health Monitor, 54-10
SOCKS proxy server tasks, 46-1 Statistic Collector
connecting Server Web Navigator setting up clients for, 47-1 Tell commands, A-57
through, 36-3 setting up for Web Statistic Collector task
Soft deletions Navigator, 36-8 described, 52-24
defined, 61-8 setting up test site, 46-22 Statistic documents
effect on quotas, 28-14 virtual servers and, 3-42 creating, 52-32
expiration time, 61-8, F-70 SSL certificates Statistic event generator
Solaris client, 47-3, 47-21 creating, 52-9
configuring partitioned creating a Certificate Statistic profiles
servers, 2-51 Authority, 45-2 charting, 52-37
configuring SNMP Agent marking as trusted root, 46-21 creating, 52-31, 52-36
for, 53-14 publishing in Person modifying, 52-39
Soundex records, 47-21 Statistic thresholds
directory catalogs and, 24-30 removing trusted roots, 46-21 viewing, 52-32
Space Saver settings renewing, 46-21 Statistics
in Administration Requests viewing information, 46-20 Activity Trends, 54-22
database, 15-27 SSL ciphers Administration Process, 15-35
Spamming restricting, 46-23 charting, 54-16, 54-25, 52-36
preventing, 28-20, 28-70, 28-75, SSL key rings creating documents for, 52-32
28-90, C-101 creating a key ring and certificate database activity, 58-12
Spoofing request, 45-2 database archives and, 61-26
preventing, 28-71 creating a self-certified key database cache, 61-10
SPX. See IPX/SPX ring, 46-22 default thresholds, 52-32
SSL SSL server authentication directory assistance, 23-60
authenticating clients, 9-37, 28-60, setting up clients for, 47-3 exporting to spreadsheet, 52-34
31-2, 31-6, 46-25, SMTP, 28-96, 34-23, 47-22 LDAP service ports, 20-38
Certificate Authority server trusted root certificate for, 47-3 mail-in, 52-35
and, 45-5 SSL servers modifying, 52-32
client authentication, 47-18 protocol version, 46-15 monitoring, 52-24, 52-31
creating a self-certified key setting up application, 46-3 platform, 52-26, 52-28, 52-30
ring, 46-22 setting up on server, 46-2 for resource balancing, 54-46
database access for clients, 46-19 setting up test site, 46-22 Server Health
default Domino trusted SSL_Resumable_Sessions setting Monitor, 54-3, 54-13
roots, 46-11 described, C-109 Server.Load, 62-7
features, 46-1 SSL_Trace_KeyFileRead setting Set Statistics command, A-27
forcing connections, 46-18 described, C-109 setting preferences
in a hosted SSLCipherSpec setting for, 16-11, 52-25
environment, 12-4 to 12-13 described, C-108 shared mail, 29-13
Internet security and, 40-31 viewing, 52-28, 52-30, 52-32
Index-35
Windows NT Performance System and application templates Tell commands
Monitor, 17-23 table of, D-1 Administrator Process, A-46
Statistics Collector System mail rules Agent Manager, 63-12, A-47
overview, 52-1 setting, 28-20 CA process, A-48
Statistics reports Change Manager, A-50
viewing, 52-31 Cluster Replicator, A-51
Statlog task T described, A-45
database activity Tables Directory Cataloger, A-53
reporting, 58-11, C-72 forms and, 61-4 LDAP service, A-53
statistics, 58-12 Targets Router, 27-5, 27-22, A-54
user activity reporting, 58-13 extended ACL, 25-12 to 25-14, Schedule Manager, A-55
STH files 25-17, 25-30 SMTP, 27-65, A-56
setting up for SSL, 46-5 Task status event generator Statistic Collector, A-57
Stop Consolelog command creating, 52-10 troubleshooting, 63-91
described, A-44 TCP server event generator Web Navigator, A-57
Stop Port command creating, 52-11 Web Server, A-57
described, A-44 TCP/IP Telnet
Stop triggers Domino Internet services and UNIX installation, 3-5
setting, 52-22 and, 2-47 Temp_Index_Max_Doc setting
Storage format, mail file frame types, 63-68 described, C-111
setting for IMAP importance of Notes port Templates
users, 31-3, 31-23, 31-35 order, 2-45 Domino Off-Line Services, 3-11
setting for POP3 users, 30-7 IPv6 standard, 2-25, 2-45 signing, 48-7
Store CA policy information in multiple IP addresses for system and application, D-1
Domino Directory servers, 2-12, 2-19, 2-22 updating databases with, 58-24
request, F-62 name resolution in, 2-15 Temporary directory
Store certificate in Domino or LDAP name resolution in NRPC, 2-11, changing for view
directory request, F-62 2-16 to 2-17, 2-19, 2-22 rebuilding, 58-22
Store Certificate Revocation List in Notes port for, 2-34 to 2-36, 2-38, Terminated users
Domino or LDAP directory 2-39 to 2-42, 2-46 deleting from system, 40-23
request, F-63 NOTES.INI settings, 2-64 Terminations group
Store directory type in server record partitioned servers and, 2-21 adding names to, 40-6
request, F-63 passwords, 42-3, 42-24 creating, 6-8
Store server’s DNS host name in planning server Text
Server record request, F-64 configurations, 2-10 in Server Web Navigator, 36-12
Structural object classes port mapping, 2-53, 63-78 Text files
described, 21-2 port numbers, 2-55 for Domino Web server log, 56-10
Subjects redirect to SSL, 31-7, 46-18 redirecting command output
extended ACL, 25-9, 25-17 Secondary name servers, 2-44 to, A-2
Subscriptions, offline security, 2-9 setting up for registration, 5-23
overview, 11-1 setting up servers Third-party relays
SwapPath setting on, 2-19, 2-32, 2-43 defined, 28-76
described, C-109 testing, 2-56 Threads
Synchronization time-out setting, 2-45 DIIOP and, 34-11
enabling, 17-27 troubleshooting, 63-56, 63-107 IMAP service, 31-19
Notes and Windows 2000 TCP/IPportname_PortMappingNN transfer, 28-33, 28-36
users, 17-25, 17-38 setting Web server, 34-55
Notes and Windows NT described, C-110 Threads, Administration Process
users, 17-1 to 17-3, 17-5 TCP/IPportname_TCPIPAddress changing number of, 15-29
Syntaxes setting Time zones
adding to schema, 21-15 described, C-111 and replication, 7-24
LDAP, 21-2, 21-4 TCP_EnableIPV6 setting Time-out settings
System administrators, 38-8 described, C-110 IMAP service, 31-9
LDAP service, 20-28
Index-36
message, 28-37 setting up, 55-5 mail routing, 63-36
server, C-96 settings, 55-7 meeting and resource
SMTP, C-108 shared mail and, 29-3 scheduing, 63-45
specifying for Web, 34-53 troubleshooting, 63-102 modems, 63-48
TCP/IP, 2-45 using, 55-3 Network dialup
TimeZone setting Transactions connections, 63-74
described, C-112 disabling, A-22, A-44 NOTES.INI, 63-43
Titles Transfer failures NRPC, 63-55
replication and, 63-87 non-delivery reports and, 28-37 NSD log files and, 63-101
window, C-120 Transfer threads partitioned servers, 63-78
TLS (Transport Layer Security) setting maximum number Passthru connections, 63-79
for SSL, 28-68 between servers, 60-11, Personal Address Book, 63-42
Tools specifying messages to platform statistics, 63-52
Active Directory Domino journal, 28-36 remote connections, 63-48
Upgrade Service, 17-25 Transferring messages replication, 63-80
administration, 16-16 to 16-17 controlling, 28-26 server access, 63-91
Agent log, 63-13 using shared mail, 29-8 server crashes, 63-96
for troubleshooting, 63-2 Transform file Server.Load, 63-110
monitoring servers and, 52-1 creating, 5-47 shared mail, 63-44
server performance, 60-2 Transform files SNMP, 53-10
Topology applying, 5-50 tools, 63-2, 63-57
creating a passthru, 4-25 for end-user installations, 5-50 transaction logging, 63-102
replication and, 4-8 installation options with, 5-49 Web Administrator, 63-104
Topology maps task TRANSLOG_MaxSize setting Web client authentication, 63-21
starting, 7-34 described, C-113 Web Navigator, 63-104
update frequency, C-112 TRANSLOG_Path setting Web servers, 63-104
Topology_WorkInterval setting described, C-113 workstation setup, 63-42
described, C-112 TRANSLOG_Performance setting Trusted naming rules
Trace command described, C-113 directory assistance and, 23-14
described, A-59 TRANSLOG_Status setting Trusted root certificates
TRACERT command described, C-114 accepting server CA’s
using for TCP/IP, 63-67 TRANSLOG_Style setting certificate, 46-9
Tracing described, C-114 default Domino SSL, 46-11
mail, 63-2 TRANSLOG_UseAll setting removing, 46-21
network connections, 63-77 described, C-115 SSL authentication and, 47-3
passthru connections, 63-79 Troubleshooting viewing information, 46-20
Tracking messages Administration Type-ahead addressing
configuring the server for, 33-8 Process, 63-8, 63-11 condensed directory catalogs
from the Domino Agent Manager and agents, 63-12 and, 24-29
Administrator, 33-10 Certificate Authority, 63-101 disabling, 28-6
Mail Tracking Collector task, 33-5 database corruption, 58-26 troubleshooting, 63-27
overview, 33-1 database performance, 63-16
Transaction logging Directories, 63-21
database changes, 58-25 Directory assistance, 63-21 U
disabling, 55-8 Directory catalogs, 63-25 Undeliverable mail
disk space and, C-115, 55-8 disk space problems, 63-86 generating non-delivery reports
enabling, C-114 Domino, 63-1 for, 28-37
log location, C-113 Domino SNMP Agent, 53-24 holding in
log size, C-113 extended ACLs, 25-30, 63-34 MAIL.BOX, 28-40 to 28-41
logging style, C-114 Fixup task, 58-26 Unicode
overview, 55-1 IPX/SPX, 63-70 LDAP service and, 20-3
performance, C-113 LDAP service, 63-31 Unit numbers
planning for, 55-4 Location documents, 63-42 NetBIOS ports and, 2-58
recovery, 14-11, 55-9 Lotus Support Services and, 63-4
Index-37
UNIX retrieving information from, I-28 explained, 5-2
accessing the server console, A-8 troubleshooting, 63-108 from a text file, 5-22
directory for entering UseFontMapper setting Internet-only users, 5-37
commands, 3-2 described, C-117 non-Notes users, 5-37
installation on, 3-4 User accounts roaming, 5-13
server performance, 60-14 creating in Windows NT, 17-12 types of, 5-7
Unread command deleting, 17-22 Web, 5-8, 5-27, 5-31
described, I-27 User activity User rules mail forwarding
Unread marks reporting, 58-13 disabling, 28-9
allowing IMAP users to change statistics, 58-11 User types
other users’, 31-17 User authentication assigning to ACL, 40-19
performance and, 61-3, 63-18 registering Internet/intranet Users
setting, I-27 users, 42-3 access levels, 40-1, 40-11
Unwanted commercial e-mail User IDs anonymous, 40-8
preventing, 28-20, 28-70, adding alternate name, 5-40 configuring for TCP/IP, 2-44
28-75, 28-90 defined, 39-1 managing, 5-54
Updall task passwords, 39-4 migrating from external mail
commands, 58-16 recertifying, 5-82 system or directory, 5-8
indexes, 58-15 security and, 39-25 recertifying, F-48
options, 58-16 User information registering, 5-2, 16-25,
running, 58-19 synchronizing in Notes and 17-33, 17-35
scheduling, 50-4 to 50-5 Windows NT, 17-1 renaming, 17-41, F-51, F-84
Update client information in Person User Management, 5-54 restricting in clusters, 60-6
record, F-64 User name failures terminated, 40-6
Update command customizing message for, 28-46 UTF-8
described, I-27 User names LDAP service and, 20-32
Update Config command, 27-65 aliases, 40-7 UTF-8 locale
described, 27-22 categorizing by corporate in a hosted environment, 13-8
Update task hierarchy, 19-13 to 19-14
directory indexer, 58-15 changing, 5-56
indexes, 58-14 deleting, 5-73, 17-42 V
running, 58-21 deleting with Web Validation, 38-1
Update user from non-roaming to Administrator, 5-75 Internet/intranet
roaming user editing, 40-23 clients, 42-27
administration requests, F-66 finding in domains, 5-85, F-29 Verbose logging
Update_No_BRP_Files setting moving in the organization name mail, 28-7
described, C-115 hierarchy, 5-61 Web servers, C-119 to C-120
Update_No_Fulltext setting renaming, 5-57, 5-61 VeriSign
described, C-115 upgrading from flat to trusted root, 46-11
Update_Suppression_Limit setting hierarchical, 5-67 Version numbers
described, C-116 Web, 40-30 identifying, C-98
Update_Suppression_Time setting wildcards in, 40-4 View indexes
described, C-116 User Preferences updating, 58-14
Updaters setting troubleshooting, 63-42 View_Rebuild_Dir setting
described, C-116 User registration described, C-119
UpgradeApps setting Advanced, 5-13 ViewExpnumber setting
described, C-117 Advanced from the Web described, C-118
URLs, 34-3 Administrator, 5-31 ViewImpnumber setting
categorizing for Domain alternate names, 5-41 described, C-118
Search, 10-21 Basic, 5-11 Views
in Server Web Navigator, 36-12 Basic from the Web adding documents, J-1
mailed to SSL server Administrator, 5-28 Administration Requests
administrators, 45-4 customizing, 5-4 database, 15-19
redirecting, 34-27 default settings, 5-9 Close command, I-8
Index-38
creating, 40-17 service providers and, 16-26 Web servers, 34-1, 34-26
customizing in Domino setting preferences, 16-24 activity logging, 57-4
Directory, E-2, E-5 signing out, 16-27 creating links on, 49-1
in Server Web Navigator starting, 16-22 creating secure Web
database, 36-12 troubleshooting, 63-108 applications, 34-3
keyboard shortcuts for, 58-21 using, 16-17, 16-23 features, 34-2
logging, 55-9 Web applications interactive Web applications, 34-3
navigating, I-10 enabling for offline listing files on, 63-105
opening, I-20 use, 11-1 to 11-2 logging, 56-8
performance and, 63-18 replicating, 11-22 performance, 34-52 to 34-56
purging database, 58-23 Web browsers processing requests, 34-55
rebuilding, 58-22, C-119 controlling access from, 38-23 running Web agents on, 34-54
searching in, I-11 restricting access to links, 49-4 security, 34-9
shortcut keys, H-10 Web client authentication setting Domino to work
troubleshooting, 63-42, 63-99 restricting, 42-19 with, 35-1
updating, J-3, I-16 troubleshooting, 63-21 setting up logging, 56-9
Virtual servers Web Idle Workload script Tell commands, A-57
Web site hosting, 34-17 described, 62-30 troubleshooting, 63-104
Virtual Web servers running, 62-30 Web application
partitioned servers and, 2-49 sample, J-15 development, 34-3
security, 3-42 Web mail files Web set soft deletion expire time
Viruses delegating access to, F-10 request, F-70
protection against, C-71 Web Mail Initialization Workload Web Site authentication realm
script creating, 34-45
sample, J-15 described, 34-45
W Web Mail Workload script Web Site Authentication Realm
WANs described, 62-31 document
integrating Domino with, 2-2 running, 62-34 defined, 34-45
network compression sample, J-16 Web Site documents
and, 2-42 Web Navigator configuring for hosted
Web changing appearance of organization, 13-20
access levels, 40-13 pages, 36-12 creating, 34-17
anonymous users, 40-8 customizing, 36-6, 36-11 DOLS and, 3-12
restricting amount of data described, 36-1, 36-10 file protection and, 34-42
sent, 34-29 displaying authors, 36-12 in a hosted environment, 13-18
Web access managing size of, 36-16 language preferences, 34-31
improving, 60-10 moving out of data setting up session authentication
Web Administrator directory, 36-14 for, 34-23
access, 16-18, 16-20 renaming, 36-14 Web Site Rule documents
configuring, 16-17 setting cache options, 36-18 creating, 34-38
creating groups with, 6-4 starting and stopping, 36-3 described, 13-19, 34-34
Domino Console, Domino Tell commands, A-57 in a hosted environment, 13-21
Controller and, 16-28 troubleshooting, 63-107 Web sites, 34-38, 34-42
entering server commands, A-1 Web Navigator SSL authentication
in a hosted setting up, 36-8 and, 34-23, 34-45
environment, 14-15 to 14-16 Web pages controlling access to, 36-6
managing policies, 16-25 mailto, 36-9 hosting, 34-17
managing the ACL with, 40-24 rated, 36-19 Lotus Support Services, 63-4
message tracking, 16-27 retrieving with Web multiple, on a server
re-creating database, 63-109 Navigator, 36-1 partition, 2-49, 34-20
registering users, 16-25, 5-27, 5-31 updating for Server Web Web task
remote console, 16-26, A-7 Navigator, 36-18 Server Web Navigator
resizing and, 63-109 Web server messages, 34-48 and, 36-3
roles, 16-20 to 16-21 customizing, 34-48, 34-50 to 34-51 troubleshooting, 63-108
Index-39
Web tours synchronizing with Notes xSP servers
Web Navigator users, 17-25 Activity Logging
database, 36-11 Unit/LANA numbers for for, 13-23 to 13-24
Web user NetBIOS ports, 2-59 applications on, 12-15
registering, 5-8 Windows NT binding IP addresses to, 13-16
Web user preferences, 34-30 adding groups to configuring, 12-5, 12-9
cookies, 34-30 Notes, 17-16, 17-20 Domino features for, 12-4
regional settings, 34-30 configuring partitioned example, 12-16
Web users servers, 2-52 for hosted environments, 12-1
authenticating, 40-7 ensuring name resolves on, 2-29 installation options, 12-2
controlling access, 40-30 improving server installing, 13-2
renaming, 5-66 performance, 60-13 mail protocols on, 12-13
WEB.NSF name resolution, 2-15, 2-22 opening databases on, 13-8
renaming, 36-14 registering users in securing, 12-3
WEBADMIN.NSF Notes, 17-1, 17-8, 17-12, 17-14 setting up environment for, 13-1
configuring, 16-17 renaming user accounts with
securing, 16-18 Domino, 5-57
WebAuth_Verbose_Trace setting synchronizing with Z
described, C-119 Notes, 17-2, 17-3 zOS
WebDAV, 34-15, 34-22 synchronizing with Notes configuring SNMP Agent
setting up, 34-15, 34-17 users, 5-62, 17-5 for, 53-17
WebGet command Unit/LANA numbers for
described, I-28 NetBIOS ports, 2-59
WebSess_Verbose_Trace setting Windows NT Performance Monitor
described, C-120 viewing statistics with, 17-23
troubleshooting with, 63-106 Windows NT User Manager
WebSphere plug-ins deleting user accounts with, 17-22
installing on IIS servers, 35-4 setting up, 17-1, 17-3
Welcome Page WinInfoboxPos setting
creating, 5-87 described, C-120
Wide-area networks. See WANs WinSysFontnumber setting
Wildcard searches described, C-121
LDAP service, 20-28 Workload balancing
Window_Title setting clusters and, 60-4
described, C-120 servers and, 60-2
Windows Workstations
configuring SNMP Agent ECL, 41-1
for, 53-11 mail routing errors and, 63-42
directory for entering troubleshooting, 63-92
commands, 3-2 www.lotus.com/support
installation on, 3-3 searching, 63-4
running Server Setup program
on, 3-18
system fonts, C-121 X
Windows 2000 X.PC network
configuring partitioned compression and, 2-42
servers, 2-52 XACLs. See Extended ACLs
ensuring name resolves on, 2-29 x-headers
improving server adding to outbound Internet
performance, 60-13 mail, 28-134
name resolution, 2-15, 2-22 XPC_Console setting
registering existing users, 17-35 described, C-121
registering new users, 17-33
Index-40

Adminvol 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Adminvol 2

Uploaded by

Copyright:

Available Formats

software

Administering the Domino System, Volume 2

Preface . . . . . . . . . . . . . . . . . . . . . . . xv Starting and shutting down the Domino

2 Setting Up the Domino Internet connections . . . . . . . . . . . . . . . 4-21

The Certification Log . . . . . . . . . . . . . . . 3-28 Creating and modifying groups . . . . . . . . . 6-2

Server registration . . . . . . . . . . . . . . . . 3-29 Managing groups . . . . . . . . . . . . . . . . . . 6-8

Scheduling server-to-server replication . . . 7-20 10 Setting Up Domain Search . . . 10-1

Setting up scheduling ............... 8-5 Example of planning a hosted

iv Administering the Domino System, Volume 2

Removing a hosted organization from a Domino Administrator tabs . . . . . . . . . 16-13

19 Setting Up the Domino Extending the schema using the Schema

vi Administering the Domino System, Volume 2

Directory assistance . . . . . . . . . . . . . . . 23-1 Controlling which information is

viii Administering the Domino System, Volume 2

Customizing access to a Domino server . . . 38-7 Maximum Internet name-and-password

42 Setting Up SSL port configuration ............. 46-14

Session-based name-and-password 47 Setting Up Clients for

Electronic signatures . . . . . . . . . . . . . . . 43-9 48 Rolling Out Databases . . . . . . 48-1

Domino server-based certification Copying a new database to a server . . . . . 48-4

x Administering the Domino System, Volume 2

Viewing an event report . . . . . . . . . . . . 52-20 Resource balancing in Activity Trends . . . 54-26

Viewing event messages, causes, and Setting up resource balancing in Activity

Customizing the appearance of the Understanding resource-balancing

Platform statistics . . . . . . . . . . . . . . . . 52-26 Domino Change Manager ........... 54-48

Charting statistics . . . . . . . . . . . . . . . . 52-36 Resource-balancing plans ........... 54-53

Domino server monitor . . . . . . . . . . . . 52-40 Setting up plan documents for resource

xii Administering the Domino System, Volume 2

Printed documentation and PDF files

Structure of Notes and Domino documentation

Documentation for the Notes client

Documentation for Domino administration

xvi Administering the Domino System, Volume 2

Documentation for Domino Designer

xviii Administering the Domino System, Volume 2

This chapter includes information you need to know before setting up

Overview of Domino security

Know the business

Identify assets and threats (risk analysis)

37-2 Administering the Domino System, Volume 2

Develop incident handling procedures

Planning Security 37-3

Plan and deliver employee training

Keep processes current

37-4 Administering the Domino System, Volume 2

Operating system security

Planning Security 37-5

37-6 Administering the Domino System, Volume 2

Application design element security

Workstation data security

Planning Security 37-7

37-8 Administering the Domino System, Volume 2

Leveraging end users

Planning Security 37-9

The core team

37-10 Administering the Domino System, Volume 2

Certificate authority administrators

Registration authority administrators

Security planning checklists

Planning Security 37-11

37-12 Administering the Domino System, Volume 2

Planning Security 37-13

For more information on securing Domino servers, see the chapter

For more information on securing Domino applications, see the chapter