Professional Documents
Culture Documents
Lotus Domino 6
NOTES.INI settings for networks . . . . . . . 2-64 Adding an alternate language and name
to a user ID . . . . . . . . . . . . . .... 5-38
3 Installing and Setting Up
Setting up client installation for users . . . . 5-41
Domino Servers . . . . . . . . . . . . . . . . 3-1
Managing users . . . . . . . . . . . . . . . . . . 5-54
Installing and setting up Domino servers ... 3-1
License Tracking . . . . . . . . . . . . . . . . . 5-85
Server installation . . . . . . . . . . . . . . . . . . 3-3
Custom welcome page deployment . . . . . 5-87
The Domino Server Setup program . . . . . . . 3-8
Using Domino Off-Line Services (DOLS) 6 Setting Up and Managing
and iNotes Web Access . . . . . . ... 3-10 Groups . . . . . . . . . . . . . . . . . . . . . . . 6-1
Using the Domino Server Setup program . . 3-17 Using groups ..................... 6-1
Optional tasks to perform after server setup . . 3-34 Assiging a policy to a group . . . . . . . . . . . 6-9
iii
7 Creating Replicas and Collecting detailed information from user
Scheduling Replication . . . . . . . . . . 7-1 calendars . . . . . . . . . . . . . . . . . . 8-20
Replicas ........................ 7-1 9 Using Policies . . . . . . . . . . . . . . . 9-1
How server-to-server replication works . . . . 7-3 Policies . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Guidelines for setting server access to Policy hierarchy and the effective policy . . . 9-3
databases . . . . . . . . . . . . . ...... 7-5 Planning and assigning policies . . . . . . . . . 9-6
Setting up a database ACL for Creating policies . . . . . . . . . . . . . . . . . . 9-7
server-to-server replication . . . . . . . . 7-6
Mail archiving and policies . . . . . . . . . . . 9-22
Table of replication settings . . . . . . . . . . 7-11
Managing policies . . . . . . . . . . . . . . . . 9-35
Specifying replication settings for one
replica . . . . . . . . . . . . . . . .
.... 7-17 Viewing policy relationships . . . . . . . . . . 9-37
Contents v
Using the Windows NT Performance Customizing the Directory Profile ..... 19-16
Monitor to view Domino . . . .... 17-23
Scheduling replication of the Domino
Setting up Domino Active Directory Directory . . . . . . . . . . . . . . . . . 19-17
synchronization . . . . . . . .
. . . . . 17-25
20 Setting Up the LDAP Service . . 20-1
18 Planning Directory Services . . 18-1 The LDAP service . . . . . . . . . . . . . . . . . 20-1
Overview of Domino directory services . . . 18-1
How the LDAP service works . . . . . . . . . 20-2
Using directory servers in a Domino
Setting up the LDAP service . . . . . . . . . . 20-7
domain . . . . . . . . . . . . . . .
..... 18-1
Starting and stopping the LDAP service . . . 20-8
Planning LDAP features . . . . . . . . . . . . . 18-3
Customizing the LDAP service
Planning directory access control . . . . . . . 18-7
configuration . . . . . . . . . . . . . . . . 20-9
Planning new entries in the Domino
Setting up clients to use the LDAP service . 20-34
Directory . . . . . . . . . . . . . ..... 18-7
Using LDAP to search a Domain index . . 20-36
Planning the management of entries in the
Domino Directory . . . . . . . . . . . . . 18-9 Monitoring the LDAP service . . . . . . . . 20-37
Planning directory services for Notes NOTES.INI settings for the LDAP service . 20-41
clients . . . . . . . . . . . . . . . .... 18-10 RFCs supported by the LDAP service . . . 20-42
Planning directory services in a
multiple-directory environment ... 18-12
21 Managing the LDAP Schema . . 21-1
LDAP schema . . . . . . . . . . . . . . . . . . . 21-1
Directory search order ............. 18-15
The Domino LDAP schema . . . . . . . . . . . 21-2
Planning internationalized directory
services . . . . . . . . . . . . . ..... 18-18 The schema daemon . . . . . . . . . . . . . . . 21-5
Planning directory customization . . . . . . 18-19 Domino LDAP Schema database . . . . . . . 21-7
Directory services terms . . . . . . . . . . . . 18-20 Methods for extending the schema . . . . . 21-10
Directory assistance and failover for a Multiple directory catalogs .......... 24-33
directory . . . . . . . . . . . . . . . ... 23-19 Overview of setting up a condensed
Directory assistance for an Extended Directory Catalog . . . . . . .
..... 24-34
Directory Catalog . . . . . . . . .... 23-22 The Dircat task .................. 24-45
Directory assistance in conjunction with a Opening the configuration document for a
condensed Directory Catalog . . . . . 23-24 directory catalog . . . . . . . . . . . . . 24-48
Directory assistance for the primary Monitoring directory catalogs . . . . . . . . 24-49
Domino Directory . . . . . . . ..... 23-26
25 Setting Up Extended ACLs . . . 25-1
Number of directory assistance databases . 23-29
Extended ACL . . . . . . . . . . . . . . . . . . . 25-1
Setting up directory assistance . . . . . . . . 23-29
How other database security features
Directory assistance examples . . . . . . . . 23-51 restrict extended ACL access
Monitoring directory assistance . . . . . . . 23-60 settings . . . . . . . . . . . . . . .
. . . . . 25-2
24 Setting Up Directory Elements of an extended ACL . . . . . . . . . 25-3
Catalogs . . . . . . . . . . . . . . . . . . . . . 24-1 Extended ACL access settings . . . . . . . . . 25-3
Directory catalogs................. 24-1 Extended ACL subject . . . . . . . . . . . . . . 25-9
Condensed Directory Catalogs . . . . . . . . 24-2 Extended ACL target . . . . . . . . . . . . . . 25-12
Directory catalogs on servers compared to Extended ACL examples . . . . . . . . . . . 25-19
directory assistance for individual
Extended ACL guidelines . . . . . . . . . . . 25-22
Domino Directories . . . . . . . . . . .. 24-4
Setting up and managing an extended
Extended Directory Catalogs . . . . . . . . . . 24-5
ACL . . . . . . . . . . . . . . . . . ... 25-22
Overview of directory catalog setup . . . . . 24-8
26 Overview of the Domino Mail
Planning directory catalogs . . . . . . . . . . . 24-9 System . . . . . . . . . . . . . . . . . . . . . . 26-1
Directory catalogs and client Messaging overview ............... 26-1
authentication . . . . . .......... 24-9
Supported routing, format, and access
Directory catalogs and Notes mail protocols . . . . . . . . . . . . . . .
.... 26-2
encryption . . . . . . . . . . ...... 24-14
The Domino mail server and mail routing . . 26-5
Picking the server(s) to run the Dircat task . 24-14
Overview of routing mail using Notes
routing . . . . . . . . . . . . . . . . ... 26-17
Contents vii
Overview of routing mail using SMTP ... 26-21 Restricting outbound mail routing . . . . . 28-98
The Domain Name System (DNS) and Mail journaling . . . . . . . . . . . . . . . . . 28-105
SMTP mail routing . . . . . . . . . . . 26-25 Setting inbound and outbound MIME and
27 Setting Up Mail Routing . . . . . 27-1 character set options . . . . . . . . . . 28-115
The Domino mail router . . . . . . . . . . . . . 27-1 29 Setting Up Shared Mail . . . . . . 29-1
Planning a mail routing topology . . . . . . . 27-2 Shared mail overview . . . . . . . . . . . . . . 29-1
Sample mail routing configurations . . . . . 27-9 Setting up shared mail databases . . . . . . . 29-5
Creating a Configuration Settings Managing a shared mail database . . . . . 29-11
document . . . . . . . . . . ....... 27-18
Disabling shared mail . . . . . . . . . . . . . 29-25
Setting up Notes routing ........... 27-20
30 Setting Up the POP3 Service . . 30-1
Configuring Domino to send and receive
mail over SMTP . . . . . . . . . . . . . 27-37 The POP3 service . . . . . . . . . . . . . . . . . 30-1
Setting up how addresses are resolved on Setting up the POP3 service . . . . . . . . . . 30-2
inbound and outbound mail . . . . . 27-42 Setting up POP3 users . . . . . . . . . . . . . . 30-7
Configuring Domino to send mail to a 31 Setting Up the IMAP Service . . 31-1
relay host or firewall . . . . . . .
... 27-58
The IMAP service . . . . . . . . . . . . . . . . . 31-1
Routing mail over transient connections . 27-59
Setting up the IMAP service . . . . . . . . . . 31-4
28 Customizing the Domino Customizing the IMAP service . . . . . . . . 31-5
Mail System . . . . . . . . . . . . . . . . . . 28-1
Setting up IMAP users . . . . . . . . . . . . . 31-22
Customizing mail . . . . . . . . . . . . . . . . . 28-1
IMAP settings in the server NOTES.INI
Controlling messaging . . . . . . . . . . . . . . 28-1 file . . . . . . . . . . . . . . . . . . . . .. 31-39
Improving mail performance . . . . . . . . . . 28-2
32 Setting Up iNotes Web
Controlling message delivery . . . . . . . . . 28-8 Access . . . . . . . . . . . . . . . . . . . . . . 32-1
Setting server mail rules . . . . . . . . . . . . 28-20 iNotes Web Access . . . . . . . . . . . . . . . . 32-1
Customizing message transfer . . . . . . . . 28-26 iNotes Access for Microsoft Outlook . . . . 32-11
Setting transfer limits . . . . . . . . . . . . . 28-33
33 Monitoring Mail . . . . . . . . . . . . 33-1
Setting advanced transfer and delivery
Tools for mail monitoring . . . . . . . . . . . . 33-1
controls . . . . . . . . . . . . . . .
... 28-39
Setting up mail monitoring . . . . . . . . . . . 33-3
Customizing Notes routing . . . . . . . . . . 28-50
Viewing mail usage reports . . . . . . . . . 33-16
Customizing SMTP Routing . . . . . . . . . 28-57
Changing SMTP port settings . . . . . . . . 28-58 34 Setting Up the Domino Web
Server . . . . . . . . . . . . . . . . . . . . . . . 34-1
Restricting SMTP inbound routing . . . . . 28-70
The Domino Web server ............. 34-1
Preventing unauthorized SMTP hosts
from using Domino as a relay .... 28-75 Setting up a Domino server as a Web
server . . . . . . . . . . . . . . . . . . . . . 34-4
Enabling DNS blacklist filters for SMTP
connections . . . . . . . . . . . . . . .. 28-86 Setting up WebDAV . . . . . . . . . . . . . . 34-15
Contents ix
The administration ECL ............. 41-6 Default Domino SSL trusted roots ..... 46-11
Using the Domino Administrator to ACLs for the Domino Change Control
monitor statistics . . . . . . . ..... 52-31 database . . . . . . . . . . . . . . .
... 54-51
Contents xi
Disabling transaction logging for a 59 Maintaining Domino Servers . . 59-1
specific database . . . . . . . . . . . . . . 55-8
Managing servers . . . . . . . . . . . . . . . . . 59-1
View logging . . . . . . . . . . . . . . . . . . . . 55-9
Decommissioning a Domain Search server . 59-12
Using transaction logging for recovery . . . 55-9
Uninstalling a Domino partitioned server . 59-13
Fault recovery . . . . . . . . . . . . . . . . . . 55-10
60 Improving Server
56 Using Log Files . . . . . . . . . . . . 56-1 Performance . . . . . . . . . . . . . . . . . 60-1
The Domino server log (LOG.NSF) . . . . . . 56-1 Improving Domino server performance ... 60-1
Controlling the size of the log file Tools for measuring server performance .. 60-2
(LOG.NSF) . . . . . . . . . .
....... 56-1
Improving basic server performance and
Logging Domino Web server requests . . . . 56-8 capacity . . . . . . . . . . . . . . . . . .. 60-3
The Domino Web server log Improving partitioned server performance
(DOMLOG.NSF) . . . . . . . . . . . . . . 56-8 and capacity . . . . . . . . . . . . . . . . 60-5
Domino Web server logging to text files . . 56-10 Improving Agent Manager performance .. 60-6
57 Setting Up Activity Logging . . 57-1 Improving database and Domino
Activity logging . . . . . . . . . . . . . . . . . . 57-1 Directory performance . . . . . . . . . . 60-9
The information in the log file . . . . . . . . . 57-1 Tips for tuning mail performance . . . . . . 60-11
Configuring activity logging . . . . . . . . . 57-12 Improving Windows NT and Windows
2000 server performance . . . . . .. 60-13
Viewing activity logging data . . . . . . . . 57-13
Improving UNIX server performance ... 60-14
58 Maintaining Databases . . . . . . 58-1
61 Improving Database
Database maintenance . . . . . . . . . . . . . . 58-1
Performance . . . . . . . . . . . . . . . . . 61-1
The Files tab in the Domino Administrator . . 58-2
Setting advanced database properties .... 61-1
Monitoring replication of a database . . . . . 58-6
Database properties that optimize
Replication or save conflicts . . . . . . . . . . 58-8 database performance . . . . . . . . . . 61-3
Monitoring database activity . . . . . . . . . 58-11 The database cache . . . . . . . . . . . . . . . . 61-9
Updating database indexes and views . . . 58-14 Controlling database size . . . . . . . . . . . 61-12
Managing view indexes . . . . . . . . . . . . 58-23 Tools for monitoring database size . . . . . 61-13
Synchronizing databases with master Monitoring database size . . . . . . . . . . . 61-13
templates . . . . . . . . . . . . . .... 58-24
Compacting databases . . . . . . . . . . . . . 61-13
Fixing corrupted databases . . . . . . . . . . 58-25
Ways to compact databases . . . . . . . . . . 61-16
Using Fixup . . . . . . . . . . . . . . . . . . . 58-26
Database size quotas . . . . . . . . . . . . . . 61-23
Moving databases . . . . . . . . . . . . . . . . 58-33
Deleting inactive documents . . . . . . . . . 61-25
Deleting databases . . . . . . . . . . . . . . . 58-36
Using an agent to delete and archive
Database analysis . . . . . . . . . . . . . . . . 58-37 documents . . . . . . . . . . . . .... 61-27
Allowing more fields in a database ..... 61-29
Contents xiii
Preface
The documentation for IBM Lotus Notes, IBM Lotus Domino, and IBM
Lotus Domino Designer is available online in Help databases and, with the
exception of the Notes client documentation, in print format.
License information
Any information or reference related to license terms in this document is
provided to you for your information. However, your use of Notes and
Domino, and any other IBM program referenced in this document, is solely
subject to the terms and conditions of the IBM International Program
License Agreement (IPLA) and related License Information (LI) document
accompanying each such program. You may not rely on this document
should there be any questions concerning your right to use Notes and
Domino. Please refer to the IPLA and LI for Notes and Domino that is
located in the file LICENSE.TXT.
System requirements
Information about the system requirements for Lotus Notes and Domino is
listed in the Release Notes.
Related information
In addition to the documentation that is available with the product, other
information about Notes and Domino is available on the Web sites listed
here.
• IBM Redbooks are available at www.redbooks.ibm.com.
xv
• A technical journal, discussion forums, demos, and other information is
available on the Lotus Developer Domain site at
www-10.lotus.com/ldd.
Table of conventions
This table lists conventions used in the Notes and Domino documentation.
Convention Description
italics Variables and book titles are shown in italic type.
monospaced type Code examples and console commands are
shown in monospaced type.
file names File names are shown in uppercase, for example
NAMES.NSF.
hyphens in menu names Hyphens are used between menu names, to show
(File - Database - Open) the sequence of menus.
Release Notes
The Release Notes describe new features and enhancements, platform
requirements, known issues, and documentation updates for Lotus Notes 6,
Lotus Domino 6, and Lotus Domino Designer 6. The Release Notes are
available online in the Release Notes database (README.NSF). You can
also download them as a PDF file.
Title Description
Application Development with Explains how to create all the design elements
Domino Designer used in building Domino applications, how to
share information with other applications, and
how to customize and manage applications.
Domino Designer Programming Introduces programming in Domino Designer and
Guide, describes the formula language.
Volume 1: Overview and
Formula Language
continued
Preface xvii
Title Description
Domino Designer Programming Describes the LotusScript/COM/OLE classes for
Guide, access to databases and other Domino structures.
Volumes 2A and 2B:
LotusScript/COM/OLE Classes
Domino Designer Programming Provides reference information on using the Java
Guide, and CORBA classes to provide access to databases
Volume 3: Java/CORBA Classes and other Domino structures.
Domino Designer Programming Describes the XML and JSP interfaces for access to
Guide, databases and other Domino structures.
Volume 4: XML Domino DTD
and JSP Tags
LotusScript Language Guide Describes the LotusScript programming language.
Domino Enterprise Connection Describes how to use Domino Enterprise
Services (DECS) Installation Connection Services (DECS) to access enterprise
and User Guide data in real time.
Lotus Connectors and Describes how to configure Lotus Connectors for
Connectivity Guide use with either DECS or IBM Lotus Enterprise
Integrator for Domino (LEI). It also describes how
to test connectivity between DECS or LEI and an
external system, such as DB2, Oracle, or Sybase.
Lastly, it describes usage and feature options for
all of the base connection types that are supplied
with LEI and DECS. This online documentation
file name is LCCON6.NSF.
Lotus Connector LotusScript Describes how to use the LC LSX to
Extensions Guide programmatically perform Lotus
Connector-related tasks outside of, or in
conjunction with, either LEI or DECS. This online
documentation file name is LSXLC6.NSF.
IBM Lotus Enterprise Describes installation, configuration, and
Integrator for Domino (LEI) migration information and instructions for LEI.
Installation Guide The online documentation file names are
LEIIG.NSF and LEIIG.PDF. This document is for
LEI customers only and is supplied with LEI, not
with Domino.
IBM Lotus Enterprise Provides information and instructions for using
Integrator for Domino (LEI) LEI and its activities. The online documentation
Activities and User Guide file names are LEIDOC.NSF and LEIDOC.PDF.
This document is for LEI customers only and is
supplied with LEI, not with Domino.
37-1
Once you have an understanding of the business requirements, you can
then begin to plan the specifics of your Domino infrastructure, including:
• Will more than one Domino domain be needed, or will the new
domain need to interact with existing domains?
• What is the best method to expose Domino data to the Internet?
• What service levels are needed to support the business?
• Who should have what level of access to the Domino Directory?
Physical security
Physically securing servers and databases is equally as important as
preventing unauthorized user and server access. It is the first line of
defense against unauthorized or malicious users, by preventing them
from having direct access to your Domino servers. Therefore, we
strongly recommend that you locate all Domino servers in a ventilated,
secure area, such as a locked room. If servers are not physically secure,
unauthorized users might circumvent security features — for example,
ACL settings — and access applications directly on the server, use the
operating system to copy or delete files, or physically damage the server
hardware itself.
Physical network security concerns should also include disaster planning
and recovery.
ID security
A Notes or Domino ID uniquely identifies a user or server. Domino uses
the information contained in IDs to control the access that users and
servers have to other servers and applications. One of the responsibilities
of the administrator is to protect IDs and make sure that unauthorized
users do not use them to gain access to the Domino environment.
Application security
Once users and servers gain access to a Domino server, you can use the
database access control list (ACL) to restrict access that specific users and
servers have to individual Domino applications on the server. In
addition, to provide data privacy, encrypt the database with an ID so
unauthorized users cannot access a locally stored copy of the database,
sign or encrypt mail messages users send and receive, and sign the
database or template to protect workstations from formulas.
For more information on database ACLs, see the topic “Application
security” later in this chapter.
Getting started
You need to develop a set of security documentation for your
organization. There are four basic types of security documents needed
for any security implementation:
• Policies are the driving documents for the business. These are
typically high level statements about the security needs of the
business. Your organization probably already has policy documents
for the organization as a whole. You build and, if necessary, expand
on these to develop the security policies for your Domino
environment.
• Guidelines provide overall guidance on how to support and
maintain security in the enterprise.
• Standards are established rules on what will and will not happen in
an enterprise. Audits may cover all four types of documents, but the
auditor will really focus on the standards set down by a company.
Standards typically cover things like minimum password strength,
password expiration intervals, server operating systems and physical
environments, Internet and dial-in access controls, background
checks for administrators, and auditing requirements.
• Procedures typically include specific steps on how to implement
security within an enterprise. This will be the bulk of your Domino
security documentation, covering everything from how to control
Domino and X.509 certifiers to what to do when users have forgotten
their Notes or Internet passwords to what steps to take when an
employee leaves an organization. Procedures are developed after the
security framework is in place.
The Domino security team is responsible for initial direction, feedback,
and auditing of these documents. The team must include representatives
from each department within the enterprise. With this approach, the
security documents created will meet the needs of the entire company.
This has the added benefit of creating buy-in from the participating
departments.
Role Responsibility
CEO The CEO needs to be a virtual member of the team.
Security must flow from the both the top-down and
the bottom-up.
CIO / CTO All technology officers need to be members of the
team. It is appropriate for these members to
delegate their role to someone else, as long as the
delegate has the authority to make decisions.
Security officer This person will be the driver of security in the
organization.
Representatives from each These representatives specify business needs and
functional department requirements. They must have decision-making
authority.
Accounting They will provide the information for risk analysis.
IT Department These team members can translate business needs
and requirements into technology.
HR / Training HR needs to assist with user training. HR is also
involved with background checks, privacy of
personal information, and termination policies and
procedures.
Legal These team members provide information on the
legal implications of anything to do with
employees, risk management, or publication of
information.
Documentation experts/ This group creates and edits the documents.
technical writers
Incident Response Team This team will handle incidents that are not covered
by implemented security practices.
Communication specialists Communication to the end users about security is
critical.
Domino administrators Provide expertise on the Domino computing
environment.
Server administrators
Server administrators are responsible for managing the overall health
and well-being of Domino servers. A major responsibility of a server
administrator includes defining and managing server access lists and
server restrictions, both for Notes clients and Web users. In large
organizations, administration duties may be delegated among several
server administrators. In small organizations, a server administrator
might serve as the Domino certification administrator and the database
manager for system databases, such as the Domino Directory and the log
file (LOG.NSF). A server administrator might also be responsible for
creating and maintaining File Protection documents for HTTP access and
implementing other Web-related security measures.
It is a best practice to separate Domino server administration from
operating system server administration, if your organization’s IT
structure allows this.
You can define several levels of administrator for your organization,
depending on the access required to various administration resources.
For example, you can set up an administrator for remote console access
only, or for system administration access only. These levels of
administrative access are defined in the Server document on the Domino
server.
For more information on setting up administrator access to a Domino
server, see the chapter “Controlling Access to Domino Servers.”
Task Use
Choose an internal or Set up a certifier that will be used to issue Internet
external Internet certificates in your organization.
certificate authority
Cross-certify Notes Allow Notes users and Domino servers in different
user IDs and Domino hierarchically certified organizations to ascertain the
server and certifier IDs identity of users and servers in other Notes
organizations.
Allow or deny access to Specify which Notes users, Internet clients, and
a server Domino servers are authorized to access the server.
Allow anonymous Give server access to Notes users and Domino servers
server access outside of the organization without issuing a
cross-certificate.
Allow anonymous Determine whether Internet/intranet users are
Internet/Intranet client allowed to access the server anonymously.
access
Secure the server with Identify Internet and intranet users accessing the
name-and-password server and control access to applications based on the
authentication user name.
Enable session-based Allow Web browser clients to authenticate and
authentication maintain state with the server by using cookies. using
session-based name-and-password authentication.
Session-based authentication lets administrators
provide a customized sign-in form and configure
session expiration to log users off the server after a
specified period of inactivity. Also provides capability
for single single-on between Domino and WebSphere
servers, using the same cookie.
Controlling the level of Specify the level of refinement that the server should
authentication for Web use when searching for names and authenticating
clients Web users.
Limit access to create Allow specified Notes users and Domino servers to
new databases, create databases and replica databases on the server.
replicas, or templates Limiting this access avoids a proliferation of databases
and replicas on the server.
Control access to a Allow specified Notes users and Domino servers to
server’s network port access the server over a port.
continued
Application security
Restrict access to Domino applications to prevent unauthorized users
from gaining access to information.
Task Use
Use the ACL to restrict Control Notes and Internet/intranet user
application access and Domino server access to an application.
Enforce a consistent ACL Protects databases and templates on the
server by forcing all changes to the ACL at a
single location.
Encrypt applications Prevent unauthorized users from accessing
an application locally on a server or
workstation.
Sign an application or template Identify the creator of an application or
template. When a user accesses the
application, the signature is checked to
determined whether the action is allowed.
For example, on a Domino server the Agent
Manager verifies the signature of an agent
and checks whether the signer has the rights
to perform the action. On a Notes client, the
signature is checked against the signer’s
rights in the workstation ECL.
Encrypt incoming and outgoing Ensure that only the intended recipient can
Notes mail read mail.
Electronically sign mail messages Verify that the person who sends the
message is the author and that no one has
tampered with the data.
Task Use
Create Read access lists for views Specify which Notes and Internet/intranet
users can see a view
Create Read and Edit access lists Specify which Notes and Internet/intranet
for folders users can see a folder or update the
contents of a folder
Create Read and Edit access lists Specify which Notes and Internet/intranet
for forms users can create, modify, or read
documents created with a form
Create Readers and Authors fields Specify which Notes and Internet/intranet
users can create, modify, or read specified
documents
Create signed fields Verify that the Notes user who originated
the data is the author and that no one has
tampered with the data
Create encrypted fields Control which Notes users can access a
field in a form
Create hidden fields Control which Notes and Internet/intranet
users can access a field in a form
Create Read and Edit access lists Specify which Notes and Internet/intranet
for sections users can access a section in a document
Task Use
Require a password for all Prevent an unauthorized user from using an
user and server IDs illicitly obtained ID to authenticate with a server
Enforce password quality Prevent unauthorized users from guessing
testing for IDs passwords
Assign multiple passwords Require multiple users to enter passwords before
to server and certifier IDs gaining access to the ID file to prevent one
person from controlling a server or certifier ID
Compare a password with Prevent an unauthorized user from using an
the password stored in the illicitly obtained ID to authenticate with a server
Domino Directory and
require users to change their
passwords periodically
Compare a Domino public Prevent an unauthorized user from using an
key with the public key illicitly obtained ID to authenticate with a server
stored in the Domino
Directory
Recover lost or damaged IDs Regain access to a user ID file instead of issuing
a new ID
Set up a security settings Manage Notes and Internet password properties,
policy document such as password synchronization and
expiration settings, on an organizational level
Lock the user ID after x Automatically log off servers to prevent an
minutes of inactivity unauthorized user from using the workstation
Use F5 to log off Immediately log off servers to prevent an
unauthorized user from using the workstation
Save user IDs on a disk Physically protect user IDs
instead of on the workstation
and keep disks in a safe
place
Locate workstations in a Prevent unauthorized access to the ID files
secure area — for example, a
locked room
Install Smartcard readers on Physically protect user IDs and private Internet
user workstations and have keys
users log in to Notes with
Smartcards
Task Use
Configure the Administration ECL Prevent unauthorized users from gaining
and deploy to client workstations. access to data and applications on client
workstations, by defining authorized users
and authorized actions
Set up a security settings policy Use security settings policy documents to:
document • Set up and configure one or more
administration ECLs
• Specify how and when you want
workstation ECLs to be refreshed or
replaced
Encourage users to use operating Discourage unauthorized workstation
system and screen saver passwords access
Encourage users to shut off Discourage unauthorized workstation
workstations before leaving access
Security policies
Domino policies are a way of distributing administrative settings,
standards, and configurations to users, groups, or entire organizations. A
policy is a collection of administrative settings that addresses an
administrative area, such as security. You then use this document to
establish and enforce administrative standards, and to distribute them
throughout the organization. In addition, you can easily modify and
maintain standards across an organization by simply editing a settings
document.
You can set up a security settings document to manage and deploy
execution control lists (ECLs) and Notes and Internet password settings
and synchronization. As these two areas of security are user-specific and
are frequently changed by users, you can use a security policy to enforce
settings for these areas across the organization, and control the extent to
which users can adjust or change these settings.
For more information, see the chapter “Using Policies.”
38-1
2. Randi sends Mail-E information in her user ID. Mail-E reads Randi’s
user ID for the certificate issued by Acme to East. Mail-E uses the
Acme public key, which it now trusts, to verify that the East
certificate is valid. According to the second rule above, if the
certificate is valid, Mail-E trusts the public key assigned to East.
3. Mail-E then reads Randi’s user ID for the certificate issued by
East/Acme to Marketing. Mail-E uses the East/Acme public key to
verify that the Marketing/East/Acme certificate is valid. Again, the
second rule states that Mail-E now trusts the public key assigned to
Marketing/East/Acme.
4. Mail-E reads Randi’s user ID for the certificate issued by
Marketing/East/Acme to Randi. Mail-E uses the
Marketing/East/Acme public key, which it now trusts, to verify that
Randi’s certificate is valid. According to the third rule above, if the
certificate is valid, Mail-E trusts the public key assigned to Randi.
5. After Mail-E establishes trust of Randi’s public key, the
authentication process begins.
6. Mail-E sends a random number challenge to Randi.
7. Randi’s workstation encrypts the challenge with her private key and
sends the newly encrypted number back to Mail-E.
8. Mail-E uses Randi’s public key to decrypt the response. If this yields
the original challenge, Mail-E knows Randi is who she claims to be.
9. The process is then reversed. Randi’s workstation validates Mail-E’s
public key by processing Mail-E’s certificates and then uses the
challenge/response procedure just described to authenticate the
server.
Server access for Notes users, Internet users, and Domino servers
To control user and server access to other servers, Domino uses the
settings you specify on the Security tab in the Server document as well as
the rules of validation and authentication. If a server validates and
authenticates the Notes user, Internet user, or server, and the settings in
the Server document allow access, the user or server is allowed access to
the server.
Grant server access to users and servers who need to access resources
stored on the server. Deny access to prevent specified users and servers
from having access to all applications on the server.
Anonymous access
Anonymous access lets Notes users and Domino servers access the server
without having the server validate and authenticate them. Use
anonymous access to provide the general public with access to servers
for which they are not cross-certified. When you set up anonymous
Caution If you do not modify the server’s NOTES.INI file to include the
PKCS11_Library variable, when you try to launch the Domino server, it
will shut down and return a “Login aborted by user” error.
1. On the Domino server workstation, install a Smartcard reader and
Smartcard driver files.
2. On a Notes client workstation, install a Smartcard reader and the
same Smartcard driver files as you installed on the Domino server.
This workstation will be used to configure the Smartcard for the
server.
3. Copy the server.id from the Domino server onto a diskette. Insert the
diskette into the Notes workstation.
4. Launch the Notes client with a User ID from the domain for which
the server has a certificate.
5. Place the Smartcard designated for the server into the card reader of
the Notes client. If required, enter the Smartcard PIN.
This chapter describes how to control access to Domino server and Notes
user IDs.
39-1
Note If a user is in the process of requesting a new private key or a
name change, the pending information is also stored in the ID file. If
a Notes private key is changed, then the obsolete information is also
stored in the ID file for backwards compatibility. For example, you
would need the obsolete information to read old encrypted e-mail.
Certificates
A certificate is a unique digital signature that identifies a user or server.
Server and user IDs contain one or more Notes certificates. In addition,
user IDs may contain one or more Internet certificates that identify users
when they use SSL to connect to an Internet server or send a signed
S/MIME mail message.
A certificate contains:
• The name of the certifier that issued the certificate.
• The name of the user or server to whom the certificate was issued.
• A public key that is stored in both the Domino Directory and the ID
file. Notes uses the public key to encrypt messages that are sent to
the owner of the public key and to validate the ID owner’s signature.
• A digital signature.
• The expiration date of the certificate.
Certificates are stored in ID files and in Person, Server, and Certifier
documents in the Domino Directory. They are also referred to as Notes
certified public keys.
Public keys are not secret. Any user may look up another user’s public
key and use it to send encrypted mail to or authenticate the user. It is
important that someone looking up a public key learn it reliably since
Domino uses it for identification. Users must be able to obtain the public
key of the certifier that issued the certificate before they can authenticate
the certificate’s owner. If a user has a certificate issued by the same
certifier as another user or server, the first user can verify the public key
for the certificate and then reliably know the public key associated with
the server or user name. If a user doesn’t have a certificate issued by the
same certifier, the user needs a cross-certificate for authentication.
When you register users and servers, Domino automatically creates a
Notes certificate for each user and server ID. In addition, you can use a
Domino or third-party certificate authority (CA) to create Internet
certificates for user IDs. Domino uses the x.509 certificate format to create
Internet certificates.
Certificate Issued to
/Sales/East/Acme (International) Alan Jones/Sales/East/Acme
/Sales/East/Acme (North American) Alan Jones/Sales/East/Acme
/East/Acme /Sales/East/Acme
/Acme /East/Acme
/Acme /Acme
CN=AcmeCA/OU=East/O=Acme/L= EMAIL=alan_jones@acme.com/CN=
Cambridge/ST=Massachusetts/C=US AlanJones/OU=East/O=Acme/L=
Cambridge/ST=Massachusetts/C=US
To view certificates
1. From the Domino Administrator, click Configuration - Certification.
2. Click ID Properties.
3. Choose the ID file to view.
4. Enter the password and click OK.
Password-protection features
Password quality
When you register a user or server or create a certifier ID, you use a scale
of 0 to 16 to specify the level of password quality you want enforced for
the ID. The higher the level, the more complex the password and,
therefore, the more difficult it is for an unauthorized user to guess the
password. For optimal security, specify a password quality level of at
least 8.
The password quality level you assign is enforced when you enter a
password for new IDs or when users change the password for an existing
ID. When users change their passwords, Notes displays information
about the password quality level required by the ID file. Users must
enter a password that meets the criteria for the level; otherwise, they are
not allowed to change the password.
ID file recovery
If you have ID recovery in place, when a user loses an ID file or forgets
the password to the ID file, a group of administrators can work together
to recover the ID file. Losing an ID file normally prevents users from
accessing servers and reading messages and other data that they
encrypted with the ID. Using the ID file recovery feature, administrators
can prevent this loss of access and prevent unauthorized users from
illicitly recovering IDs.
For more information on ID file recovery, see the topic “ID file recovery”
later in this chapter.
To edit a password
1. From the Domino Administrator, click the Configuration tab, and
then click Certification.
2. Choose Edit Multiple Passwords.
3. Select the ID containing a password you want to modify.
4. Enter the required passwords. The administrators need to be
physically present to enter all of the passwords.
5. Select a user who has a password in the file.
6. In the “New Password” field, type the new password.
To delete a password
1. From the Domino Administrator, click the Configuration tab, and
then click Certification.
2. Choose Edit Multiple Passwords.
3. Select the ID from which you want to remove an authorized
password.
4. Enter the passwords required.
5. Select a currently authorized user, and then click Remove.
6. Repeat Step 5 to delete the password for each additional authorized
user.
7. Click OK.
ID recovery
To recover from loss of, or damage to, an ID file, recommend to your
users that they keep backup copies of their ID files in a secure place —
for example, on a disk stored in a locked area. Losing or damaging an ID
file or forgetting a password has serious consequences. Without an ID,
users cannot access servers or read messages and other data that they
encrypted with the lost ID. To prevent problems that occur when users
lose or damage ID files or forget passwords, set up Domino to recover ID
files.
Ideally, you should designate several administrators who will act as a
group to recover IDs and passwords. Although you can designate a
single administrator to manage ID recovery, you should consider having
two or more administrators work together to recover ID files.
Designating a group of administrators helps to prevent a breach of
security by one administrator who has access to all ID files. When you
designate a group of administrators, you can specify that only a subset of
them be present during the actual ID recovery. For example, if you
designate five administrators for ID recovery but require only three
administrators to unlock the ID file, any three of the five can unlock the
ID file. Designating a group of administrators and requiring only a
subset also prevents problems that occur if one administrator is
unavailable or leaves the company.
Recovering an ID
If a user loses or damages an ID file or forgets a password, the user can
work with administrators to recover the ID file from backup.
To recertify the ID with a Notes certificate and add the Notes public
key to the Domino Directory
The certification administrator performs these steps.
1. Open the certification request in your mail file.
2. Choose Actions - Certify Attached ID File.
3. Select whether to use a server-based certification authority or the
certifier ID, and click OK.
4. If you chose to use the certifier ID, enter the password for the ID, and
click OK.
Notes cross-certificates
To allow users and servers from the different hierarchically-certified
organizations to access servers in the other organization, and to verify
the digital signature of a user from another organization, you use
cross-certificates. Domino servers store cross-certificates in the Domino
Directory. To access Domino servers, Notes clients obtain
cross-certificates for those servers and store them in their Personal
Address Books. These cross-certificates can be used only by the user to
whom they are issued.
For example, if Alan Jones/Sales/East/Acme wants to access the
Support/Seascape server, he needs a cross-certificate from /Seascape,
and the Support/Seascape server needs a cross-certificate for
/Sales/East/Acme. When Alan tries to authenticate with the
Support/Seascape server, it checks for the cross-certificate in Alan’s
Personal Address Book. If Support/Seascape finds a valid
cross-certificate, the server then checks whether Alan is allowed to access
the server.
Cross-certification can occur at various levels of an organization. For
example, to allow every user within one organization to authenticate
with every server in another, each user has a cross-certificate for the
other’s organization certifier in the Personal Address Book. Servers in
each organization have a cross-certificate for the other’s organization
certifier in the Domino Directory. Cross-certification can also occur at the
Internet cross-certificates
An Internet cross-certificate is a certificate that validates the identity of a
user or server. An Internet cross-certificate ensures the recipient of an
encrypted S/MIME message that the sender’s certificate can be trusted
and that the certificate used to sign an S/MIME message is valid. It also
validates the identity of a server when a Notes client uses SSL to access
an Internet server.
An Internet cross-certificate is stored in a Certificate document in the
user’s Personal Address Book and can be used only by the user to whom
it is issued. An Internet cross-certificate can be issued for a leaf certificate
— that is, a certificate issued to a user or server by a CA — or the CA
itself. Creating a cross-certificate for a leaf certificate indicates trust for
only the owner of the certificate — for example, the sender of the signed
message or recipient of an encrypted message. A cross-certificate for a
CA indicates trust for all owners who have a certificate issued by that
CA. If you cross-certify a CA, you trust the CA to issue certificates to
users and servers lower in the hierarchical name tree. For example, after
cross-certifying Sales/ABC, you trust Sales/ABC to issue a certificate to
Fred/Sales/ABC. Alternatively, after creating a cross-certificate for
Fred/Sales/ABC, you trust only Fred/Sales/ABC.
Accessing a server
If a user attempts to access a server in a foreign domain, and the user
does not already have a certificate in common with the domain, a dialog
box gives the recipient the option to add the cross-certificate “on
demand.” Users can add a Notes cross-certificate this way. This is
usually the quickest and easiest way for a user to obtain a
cross-certificate.
For more information, see the topic “Adding a Domino or Internet
cross-certificate on demand” in this chapter.
By phone
Users can add a cross-certificate by providing the name and public key of
the certificate by phone. Users can use this method to add a Notes
certificate only.
For more information, see the topic “Adding a Notes cross-certificate by
phone” later in this chapter.
To cross-certify the ID
1. Open the cross-certification request in your mail file.
2. Choose Actions - Cross Certify Attached ID File.
3. Select the certifier that will issue the cross-certificate. If you choose a
non-CA enabled certifier, enter the password for that certifier ID,
and then click OK.
4. Complete one or more of these fields:
Field Enter
Subject name Organization or organizational unit certifier to be
cross-certified — for example, /Acme
Subject alternate An alternate name for the subject of the certificate.
name list Alternate names allow you to assign names that are
recognizable in a user’s native language to an ID file.
Expiration date Date when the cross-certificate will expire
Certifier File name of your organization’s certifier ID
Server Location of the Domino Directory where you want to
copy the cross-certificate
5. Repeat Steps 3 and 4 for every user for whom you want to create
cross-certificates.
4. Repeat Steps 2 and 3 for every certifier for which you want to create
cross-certificates.
Displaying cross-certificates
To view cross-certificates, from the Domino Administrator, click the
Configuration tab and choose the Certificates/Certificates view. The
view lists certificates according to type:
• Internet certifiers
• Notes certifiers
• Notes cross-certificates
• Internet cross-certificates
Certificates whose type cannot be determined are listed as Unknown.
To control the access that users and servers have to a database, you can
customize the database access control list (ACL) and specify other
security settings.
40-1
Note The database ACL should not be confused with other types of
ACLs used by Domino administrators. One such ACL is the extended
ACL, which is used only in the Domino Directory and the Extended
Directory Catalog to restrict access to specific documents and fields
within those databases. You must enable extended access to use this
feature. The other type of access control list is the .ACL file, which is
used by administrators to restrict user access to server directories.
-Default-
Users and servers receive the access assigned to the -Default- entry if
they have not specifically been assigned another access level, either
individually or as a member of a group, or from a wildcard entry. In
addition, if the database ACL does not contain an entry for Anonymous,
then users accessing the database anonymously get the -Default- level of
access. The default access for -Default- depends on the design of the
database template and varies among the different templates.
Anonymous
Anonymous database access is given to Internet users and to Notes users
who have not authenticated with the server.
The default ACL entry for Anonymous for all database templates (.NTF
files) has an access level of Reader, so that users or servers can
successfully read from the template when creating or refreshing .NSF
files based on that template.
The default ACL entry for Anonymous for database (.NSF files) files is
No Access.
For more information about Anonymous access, see the topic
“Acceptable entries in the ACL” later in this chapter.
LocalDomainServers
The LocalDomainServers group lists the servers in the same domain as
the server on which the database is stored, and is provided by default
with every Domino Directory. When you create a new database, the
default access for LocalDomainServers is Manager. The group should
have at least Designer access to allow replication of database design
changes across the domain. The LocalDomainServers group is typically
given higher access than the OtherDomainServers group.
OtherDomainServers
The OtherDomainServers group lists the servers outside the domain of
the server on which the database is stored, and is provided by default
with every Domino Directory. When you create a new database, the
default access for OtherDomainServers is No Access.
For more information about creating hierarchical name schemes, see the
chapter “Installing and Setting Up Domino Servers.”
User names
You can add to an ACL the names of any individuals with certified Notes
user IDs or Internet users who authenticate using name-and-password or
SSL client authentication.
• For Notes users, enter the full hierarchical name for each user; for
example, John Smith/Sales/Acme, regardless of whether the user is
in the same hierarchical organization as the server that stores the
database.
• For Internet users, enter the name that appears as the first entry in
the User name field of the Person document.
Note Many alias names can be entered in the user name field and
used for authentication; however, it is the first name in the list that is
used to perform the security authorization check. This is the name
that should be used on all Domino database ACLs, in the security
settings on the Server document, and in .ACL files.
For more information about setting a maximum level of access for
Internet users, see the topic “Maximum Internet name-and-password
access” later in this chapter.
Server names
You can add server names to an ACL to control the changes a database
receives from a database replica. To ensure tighter security, use the full
hierarchical name of the server — for example, Server1/Sales/Acme —
regardless of whether the name of the server being added is in a different
hierarchical organization than that of the server that stores the database.
Group names
You add a group name — for example, Training — to the ACL to
represent multiple users or servers that require the same access. Users
must be listed in groups with a primary hierarchical name or an alternate
name. Groups can also have wildcard entries as members. Before you can
use a group name in an ACL, you must create the group in the Domino
Directory or in either a secondary Domino Directory or an external
LDAP users
You can use a secondary LDAP directory to authenticate Internet users.
You can then add the names of these Internet users to database ACLs to
control user access to databases.
You can also create groups in the secondary LDAP directory that include
the Internet user names and then add the groups as entries in Notes
database ACLs. For example, an Internet user may try to access a database
on a Domino Web server. If the Web server authenticates the user, and if
the ACL contains a group named “Web,” the server can look up the
Internet user’s name in the group “Web” located in the foreign LDAP
directory, in addition to searching for the entry in the primary Domino
Directory. Note that for this scenario to work, the Directory Assistance
database on the Web server must include an LDAP Directory Assistance
document for the LDAP directory with the Group Expansion option
enabled. You can also use this feature to look up the names of Notes users
stored in foreign LDAP directory groups for database ACL checking.
When you add the name of an LDAP directory user or group to a
database ACL, use the LDAP format for the name, but use a forward
slash (/), rather than a comma (,), as a delimiter. For example, if the
name of a user in the LDAP directory is:
uid=Sandra Smith,o=Acme,c=US
enter the following in the database ACL:
uid=Sandra Smith/o=Acme/c=US
To enter the name of a nonhierarchical LDAP directory group in an ACL,
enter only the attribute value, not the attribute name. For example, if the
nonhierarchical name of the LDAP group is:
cn=managers
in the ACL enter only:
managers
Anonymous
Any user or server that accesses a server without first authenticating is
known by the name “Anonymous” at that server. Anonymous database
access is given to Internet users and to Notes users who have not
authenticated with the server.
Anonymous access is generally used in databases that reside on servers
available to the general public. You can control the level of database
access granted to an anonymous user or server by entering the name
Anonymous in the access control list, and assigning an appropriate level
of access. Typically you assign Anonymous users Reader access to a
database.
Replica IDs
To allow an agent in one database to use @DbColumn or @DbLookup to
retrieve data from another database, enter the replica ID of the database
containing the agent in the ACL of the database containing the data to be
retrieved. The database containing the agent must have at least Reader
access to the database containing the data to be retrieved. Both databases
must be on the same server. An example of a replica ID in a database
ACL is 85255B42:005A8fA4. You can enter the replica ID in uppercase or
lowercase letters, but do not enclose it in quotation marks.
If you do not add the replica ID to the access control list, the other
database can still retrieve data if the -Default- access level of your
database is Reader or higher.
Create documents
Select this privilege for all users with Author access. If you deselect this
privilege to prevent Authors from adding any more documents, they can
continue to read and edit documents they’ve already created.
Delete documents
Authors can delete only documents they create. If this privilege is
deselected, an author can’t delete documents, no matter what the access
level. If the form contains an Authors field, Authors can delete
documents only if their name, or a group or a role that contains their
name, appears in the Authors field.
To update ACLs
• Use the Administration Process
• Use the Web Administrator
• Edit entries in multiple ACLs
• View the list of all database ACLs on a server.
To monitor changes to ACLs
• Display the ACL log to view a chronological list of changes to the
ACL
• Create an ACL monitor to automatically send you e-mail when any
changes are made to the database ACL.
To rename an entry
1. From the Domino Administrator Server pane, select the server that
stores the databases.
2. Click Files, and select one or more databases from the Domino data
directory.
3. Click Tools - Database - Manage ACL.
4. Click Modify.
5. In the From box, type the name of the person, server, or group that
you want to rename.
6. Select Modify Name.
7. In the To box, type the new name of the person, server, or group that
you want to rename.
8. Click OK to save your changes.
This chapter describes how to set up and manage execution control lists
for user workstation data security.
41-1
Development. Likewise, every template and database that your
organization designs should contain the signature of either the
application developer or the administrator.
For each signature, the ECL contains settings that control the actions that
active content signed with that signature can perform and the
workstation system resources it can access.
For a description of ECL access options, see the topic “ECL security
access options” in this chapter.
JavaScript options
These options control access to workstation data for JavaScript that runs
in the Notes client, on a Notes form or on a Web page rendered by the
Notes browser. These options do not control JavaScript run by other
browsers, including the Microsoft Internet Explorer browser, even when
the browser is embedded in the Notes client.
JavaScript ECL settings control whether JavaScript code can read and/or
modify JavaScript properties of the Window object. You can allow read
access from, and write access to, the properties of the Window object. As
the top-level object in the JavaScript document object model, the Window
Two additional ECL options control whether JavaScript that runs in the
Notes client is authorized to open a new Web page or Notes document. You
can enable open access for these options, described in the following table:
You can also add additional users or signature types to the ECL. You
could add the hierarchical names of specific users or groups — for
example, Phyllis Spera/Sales/East/Acme. If you create a special certifier
to certify the IDs of a group of trusted signers, you could use a wildcard
character to name all signers — for example, */Trusted Signers/Acme.
The table below describes the access that these users (or signature types)
in an ECL would have:
Signature Applies to
*/Trusted Signers/Acme Formulas and code that have */Trusted
Signers/Acme signature.
For example, if the signer is anyname/Trusted
Signers/Acme — such as Emily
Marks/Trusted Signers/Acme or Alan
Jones/Sales/East/Trusted Signers/Acme —
the ECL uses the */Trusted Signers/Acme
signature to match access.
Phyllis Formulas and code that have Phyllis
Spera/Sales/East/Acme Spera/Sales/East/Acme as the signature.
For example, the signer matches this type only
if the ECL contains the Phyllis
Spera/Sales/East/Acme signature.
as an entry in the Admin ECL. You then give that entry the ECL rights
that are appropriate for a workstation user. For example, if you want to
give users the ability to write and execute basic Notes programs on their
own workstations, you would enable the appropriate rights for this
entry.
42-1
enable client certificate authentication for HTTP connections but require
name-and-password security for LDAP connections that use TCP/IP. Or
you might use name-and-password security with anonymous and SSL
client authentication — for example, to allow users with SSL client
certificates to authenticate using SSL client authentication and to allow
other users to enter a name and password if they do not have an SSL
client certificate.
Note Name-and-password authentication is not supported when a
Domino server acts as an SMTP client — for example, when a Domino
server connects to an SMTP server to route mail. Name-and-password
security is supported only when a Domino server acts as an SMTP server
— that is, when SMTP clients access a Domino server.
If you are setting up name-and-password authentication for an HTTP
server, you have an additional method to use with name-and-password
authentication: session-based authentication. Name and password
authentication sends the name and password in unencrypted format and
is sent with each request. Session-based authentication differs in that the
user name and password is replaced by a cookie. The user’ name and
password is sent over the network only the first time the user logs in to a
server. Thereafter the cookie is used for authentication. Session-based
name-and-password authentication offers greater control over user
interaction than basic name-and-password authentication and lets you
customize the form in which users enter their name and password
information. It also allows users to log out of the session without closing
the browser.
General issues
• URLs issued to servers configured for single sign-on must specify the
full DNS server name, not the host name or IP address. For browsers
to be able to send cookies to a group of servers, the DNS domain
must be included in the cookie, and the DNS domain in the cookie
must match the server URL. This is why cookies cannot be used
across TCP/IP domains.
• Clustered servers must have the full DNS server name in the host
name field of the Web Site or Server document. This enables the
Internet Cluster Manager (ICM) to redirect to cluster members using
SSO. If the DNS server host name is not there, ICM will redirect
URLs to clustered Web servers with only the TCP/IP host name, by
default, and will not be able to send the cookie because the DNS
domain is not included in the URL.
WebSphere issues
• WebSphere and Domino should both be configured for the same
LDAP directory. The authentication token used for SSO stores the
full Distinguished Name of the user (DN) — for example, cn=john
smith,ou=sales, o=ibm, c=us. To set up LDAP for SSO, set up
Directory Assistance in Domino and configure it to point to an LDAP
server that the WebSphere server uses. Or, load LDAP on the
Domino Directory and configure WebSphere to use the Domino
LDAP server.
Setting up the Web SSO Configuration document for more than one
Domino domain
This procedure lets you enable servers in other domains for SSO with
servers in your current domain, by setting up both domains to use the
same key information. Two conditions must exist in order to do this:
• You must be a registered Notes user and your server must be a
registered server. This gives you and the server the rights to decrypt
the Web SSO Configuration document in your current domain, and
the right to create documents in the Domino Directory for the new
domain.
To set up the Web SSO Configuration document for more than one
Domino domain
1. Copy the Web SSO Configuration document from the Domino
Directory in which it was created, and paste it into the Domino
Directory in the new domain.
2. Open the Web SSO Configuration document for the new domain and
edit the “Participating Domino Servers” field to include only those
servers with server documents in the new domain that will be
enabled for single sign-on.
3. The client must be able to find server documents for the participating
single sign-on servers. Make sure that the home server specified in
your client’s location document is pointing to a server in the same
domain as those servers participating in single sign-on, so that
lookups will be able to find the public keys of the servers. If the
home server cannot find participating servers, then the SSO
document cannot be encrypted and SSO will fail.
4. Save the document. It is encrypted for the participating servers in the
new domain, and should enable those servers in the new domain to
participate in single sign-on with servers in the current domain.
Example Description
Alan Jones Common name
Alan First name
Jones Last name
Ajones Short name
Alan Jones/Sales/East/Acme/US Full hierarchical name
(abbreviated)
cn=Alan Jones/ou=East/ou=Sales/o=Acme/c=us Full hierarchical name
(canonical)
cn=Alan Jones Common name with
CN=prefix
alan_jones@acme.com Internet (e-mail) address
Example Description
Alan Jones Common name
Alan Givenname
Jones Surname
Ajones UID
cn=Alan Jones, cn=recipients, ou=Sales, Full hierarchical name (canonical)
ou=East, o=Acme, c=us (valid for a
Microsoft Exchange server)
cn=Alan Jones (valid for Domino Common name with CN=prefix
Directory)
uid=ajones, ou=Sales, ou=East, o=Acme, Full hierarchical name (canonical)
c=us (valid for a Netscape Directory
Server)
uid=ajones (valid for Netscape Directory UID with UID=prefix
Server)
Alan Jones/Sales/East/Acme/US Full hierarchical name (abbreviated)
alan_jones@acme.com LDAP mail attribute
Example Description
Alan Jones/Sales/East/Acme Full hierarchical name (abbreviated)
CN=Alan Jones Common name with CN= prefix
Alan Jones Common name
cn=Alan Jones/ou=East/ou=Sales/o= Full hierarchical name (canonical)
Acme/c=us
alan_jones@acme.com Internet (e-mail) address
Example Description
AJones UID
Alan Jones CN
cn=Alan Jones, cn=recipients, ou=Sales, ou=East, DN
o=Acme, c=us (valid for a Microsoft Exchange server)
cn=Alan Jones (valid for a Domino Directory) CN with CN=prefix
uid=ajones, ou=Sales, ou=East, o=Acme, c=us (valid DN
for a Netscape Directory Server)
uid=Ajones (valid for a Netscape Directory Server) UID with UID= prefix
alan_jones@acme.com LDAP mail attribute
Encryption
Encryption protects data from unauthorized access. Using Notes and
Domino, you can encrypt:
• Messages sent to other users. Then an unauthorized user cannot read
the message while it is in transit. You can also encrypt saved and
incoming messages.
• Network ports. Encrypting information sent between a Notes
workstation and a Domino server, or between two Domino servers,
prevents unauthorized users from reading the data while it is in
transit.
• SSL transactions. You can use SSL to encrypt information sent
between an Internet client, such as a Notes client, and an Internet
server, to prevent unauthorized users from reading the data while it
is in transit.
• Fields, documents, and databases. Application developers can
encrypt fields within a document, an entire document, and local
databases. Then only the specified users can read the information.
For information on SSL encryption, see the chapter “Setting Up SSL on a
Domino Server.”
For information on field, document, and database encryption, see the
book Application Development with Domino Designer.
43-1
containing the public key is also stored in the Domino Directory, where it
is available to other users.
Domino uses two types of public and private keys — Notes and Internet.
You use the Notes public key to encrypt fields, documents, databases,
and messages sent to other Notes users, while the Notes private key is
used for decryption. Similarly, you use the Internet public key for
S/MIME encryption and the Internet private key for S/MIME
decryption. For both Notes and Internet key pairs, electronic signatures
are created with private keys and verified with public keys.
You can use one set of Internet public and private keys or you can set up
Notes to use a set of Internet keys for S/MIME signatures and SSL and
another set for S/MIME encryption.
For information on dual Internet certificates, see the chapter “Setting Up
Clients for S/MIME and SSL.”
When you register a user, Domino automatically creates a Notes
certificate, which contains the user’s public keys, and adds it to the ID file
and the Domino Directory. The private key is created and stored in the
ID file. You can also create Internet public and private keys after user
registration. Domino stores Internet certificates, which contain public
keys, in the ID file and also in the Domino Directory. The Internet private
key is stored in the ID file, separately from the certificate.
To create Notes public and private keys, Domino uses the dual-key RSA
Cryptosystem and the RC2 and RC4 algorithms for encryption. To create
the Internet public key, Domino uses the x.509 certificate format, which is
an industry-standard format that many applications, including Domino,
understand.
Both the Notes client and Domino server support 1024-bit RSA key and
128-bit symmetric key for S/MIME and SSL. The Notes proprietary
protocols use a 630-bit key for key exchange, and a 64-bit symmetric key.
Encryption strength
All Notes IDs contain two public/private key pairs. Prior to 5.0.4, key
lengths were restricted for the purposes of encrypting data, but not for
authentication or signing. Anything over 512-bit RSA key and 56-bit
symmetric key was considered strong encryption and was not allowed
for export by the U.S. Government. Customers were required to order
and choose among kits of different cryptographic strengths.
With the relaxation of US government regulations on the export of
cryptography, the Domino server and the Domino Administrator,
Domino Designer, and Lotus Notes client products have consolidated all
previous encryption strengths — North American, International, and
Interoperability issues
• Support for ID types. Both North American and International ID
types continue to be supported for the Global release. This is for
backward compatibility with pre-5.0.4 clients. Lotus Notes users can
keep their existing International IDs if the Global version of the
software is installed. The Global version will automatically allow the
use of stronger encryption. Browser users can keep their existing key
ring, but users must follow the manufacturer’s recommendations for
upgrading the browser to stronger encryption.
• Interoperability with post-5.0.4 releases. If your organization’s
clients and servers are all running release 5.0.4 or later, it makes no
difference whether you create North American or International IDs.
Both types of ID will work the same way.
Mail encryption
Mail encryption protects messages from unauthorized access. Only the
body of a mail message is encrypted; the header information — for
example, the To, From, and Subject fields — is not.
Notes users can encrypt mail sent to other Notes users or to users of mail
applications that support S/MIME — for example, Microsoft Outlook
Express and Netscape Communicator.
Users can use Notes mail encryption to encrypt mail sent to other Notes
users, encrypt mail received from other Notes users, or encrypt all
documents saved in a mail database. Notes uses the recipient’s public
key, which is stored in the sender’s Personal Address Book or in the
Domino Directory, to encrypt outgoing and saved mail.
In general, mail sent to users in a foreign domain cannot be encrypted.
However, if the recipient of the mail uses Notes and the sender has
access to the recipient’s public key, the sender can encrypt the mail
message. The recipient’s public key can be stored in the Domino
Directory, in an LDAP directory to which the sender has access, or in the
sender’s Personal Address Book.
Notes users can also use S/MIME to encrypt mail sent to recipients
who use mail applications that support S/MIME. Senders must have
the recipient’s public key in order to encrypt the message for S/MIME.
S/MIME signatures
When the sender signs a message with an S/MIME signature, only the
body of the message and accompanying attachments are signed.
1. Notes generates a hash of the data being signed and then encrypts
the hash with the private key of the author of the data, forming a
signature.
2. Notes attaches a certificate chain — that is, all certificates in the
hierarchy for the certificate — and the signature to the data.
3. When the reader accesses the signed data, Notes or the mail
application attempts to decrypt the signature using the public key
that corresponds to the private key with which the data was signed.
If successful, Notes or the application verifies that the signer has a
common certificate or common certificate ancestor from a certifier
that the reader trusts.
Note Typically, the Notes user’s organizational certifier issues a
cross-certificate to the signer’s certificate authority (CA). Trust can
also be established if the Notes user issues a cross-certificate directly
to the signer’s certificate or to the signer’s Certificate Authority. Or,
the Notes user’s organizational certifier can issue a cross-certificate
directly to the signer’s certificate.
4. Notes or the mail application compares the decrypted hash with a
hash of the message generated by the reader. A match means that the
signature is valid.
44-1
• Creates and maintains the Issued Certificate List (ICL), a database
that contains information about all certificates issued by the certifier.
• Is compliant with security industry standards for Internet certificates
— for example, X.509 and PKIX.
To manage the CA process from the Domino console, you use a set of
server Tell commands.
For more information on CA process Tell commands, see the appendix
“Server Commands.”
And then enter the following to see if the new certifier has been
added:
tell ca stat
Note The default certificate type is end entity certificate. This means
that Internet certificates issued by this certifier apply to users of
certificates and/or end-user systems that are subjects of a certificate.
11. Click Miscellaneous, and then click “Create a local copy of the
certifier ID.” Specify the certifier ID file name and password, and
click OK. A copy of the certifier ID is saved to the default path
...\notes\data\ids\certs\cert.id. You can select a different path. Use
this local copy of the certifier ID as a backup to re-create the certifier
if it become corrupted.
12. Complete these fields to specify Certificate Revocation List
information for this certifier:
Field Action
Duration of CRL (in Enter the length of time, in days, for which a
days) given CRL is valid. It is recommended that this
time period extend beyond the time period
between issued CRLs, as this ensures that the
CRL is always valid.
Time between CRLs (in Enter the time interval, in days, between issued
days) CRLs.
15. Click Add to add the alternative name to the certifier’s certificate.
16. Click OK. A message appears saying that you have successfully set
up a CA.
17. Complete these procedures:
• Add the new certifier to the CA process.
• Create the Certificate Requests application.
Modifying a server-based CA
After you migrate or create a certifier, you can modify it through the
certifier ICL or through the certifier document in the Domino Directory.
Note that how you open a certifier to modify it affects the number and
type of changes you can make.
Note Only CA administrators can modify a server-based CA. A CA
administrator must have Editor access to the Domino Directory in order
to modify a certifier.
Disabling a certifier
To modify a Certifier document, you must have Editor access to the
Domino Directory. Full-access administrators and administrators have
this access by default; however, be sure that all certificate authority (CA)
administrators also have this access.
1. From the Domino Administrator, click Configuration and open the
Certificates view in the Server pane.
2. Select the certifier document you want to disable and double-click to
open it.
3. Click Edit Certifier.
Revoking a certificate
A CA administrator can easily revoke an Internet certificate if the subject
of the certificate leaves the organization, or if the key has been
compromised. After a certificate is revoked, it can never again be trusted.
If you revoke a certificate, especially if a key has been compromised,
issue a non-regular CRL so that any entity checking CRLs has the most
updated revocation information.
To revoke a certificate
1. From the Domino Administrator, click Files. Open the ICL directory.
2. From the list of ICL databases, open the ICL for the certifier that
issued the certificate you need to revoke.
3. Open the Issued Certificates\By Subject Name view.
4. Open the Issued Certificate document for the certificate you want to
revoke.
The document name is the same as the subject name.
5. At the top of the document, click “Revoke Certificate.”
6. In the Revocation Reason dialog box, select the reason for revoking
the certificate, and click OK.
7. Issue a non-regular CRL.
The next time the CA process refreshes, the Issued Certificate document
will be updated to indicate that the certificate has been revoked. When
you open the Issued Certificate document again, the Revocation
Information section will indicate that the certificate has been revoked, the
revocation date and time, the reason for the certificate’s revocation, and
date and time the certificate became invalid.
For more information on issuing non-regular CRLs, see the appendix
“Server Commands.”
The server returns a list of all certifiers using the CA process and their
current status. The number associated with each certifier is used in some
CA Tell commands.
For example:
10/22/2001 02:38:12 pm
CA Process status:
10/22/2001 02:38:12 pm
1. O=Acme
10/22/2001 02:38:12 pm
Certifier type: Notes
10/22/2001 02:38:12 pm
Active: Yes
10/22/2001 02:38:12 pm
ICL DB Path: icl\icl_Acme.nsf
10/22/2001 02:38:12 pm
2. CN=East/O=Acme/ST=Massachusetts/C=US
10/22/2001 02:38:12 pm
Certifier type: Internet
10/22/2001 02:38:12 pm
Active: Yes
10/22/2001 02:38:12 pm
ICL DB Path: icl\icl_East.nsf
For more information about using CA Tell commands, see the appendix
“Server Commands.”
To back up a certifier
1. When you create a new certifier, keep a local copy of the certifier ID
file.
2. After you create the certifier, make a copy of the ICL database and
keep it in a safe place. Back up the ICL periodically to incorporate
any changes you make to the certifier.
To recover a certifier
1. From the Admin client, click Configuration.
2. On the Tools pane, choose Certification - Modify Certifier.
3. Select the CA server from the list, and click OK.
4. Select the server that hosts the CA you want to modify, if necessary.
5. Select the certifier to recover by doing one of the following:
• Select the certifier document from the Domino Directory.
• Select the certifier ICL database.
6. You may be prompted for the certifier ID and password. Enter the
path and filename for the local copy of the ID that you created when
you first set up the certifier, and click OK.
Note You will be prompted for the certifier ID only if the certifier
determines that it cannot proceed without it.
7. In the Modify Certifier dialog box, confirm that the certifier
information is correct. Click OK.
If the certifier is still having problems — for example, configuration
documents are corrupted or missing — replace the ICL database with the
back up copy. The location of the ICL database is specified in the certifier
document.
45-1
3. Create a CA key ring file and CA certificate.
4. Configure the CA profile to specify key ring and mail settings.
5. Set up SSL on the CA server.
SSL security
Secure Sockets Layer (SSL) is a security protocol that provides
communications privacy and authentication for Domino server tasks that
operate over TCP/IP.
SSL offers these security benefits:
• Data is encrypted to and from clients, so privacy is ensured during
transactions.
• An encoded message digest accompanies the data and detects any
message tampering.
• The server certificate accompanies data to assure the client that the
server identity is authentic.
• The client certificate accompanies data to assure the server that the
client identity is authentic. Client authentication is optional and may
not be a requirement for your organization.
46-1
Domino uses SASL automatically if SSL with client authentication is set
up on the server and if the LDAP client supports the protocol. No
additional configuration is necessary.
• Simple Mail Transport Protocol (SMTP)
From a third-party CA
1. Make sure you already created the server key ring file.
2. From the Notes client, open the Server Certificate Admin application
on server for which you want to set up SSL.
3. Click “Create Certificate Request.”
4. Complete these fields:
Field Enter
Key Ring File The name of the server key ring file including the path
Name to the file
Log Certificate Choose one:
Request • Yes (default) to log information in the Server
Certificate Admin application
• No to not log information
Method Choose one:
• Paste into form on CA’s site (recommended)
• Send to CA by e-mail
Note You must choose the paste option to submit a
request to VeriSign, which doesn’t use PKCS format for
requests sent by e-mail. If you choose “Send to CA by
e-mail,” enter the CA’s e-mail address, and your e-mail
address, phone number, and location.
From a Domino CA
Note This procedure is the same regardless of whether you are using a
Domino server-based certification authority or a Domino 5 certificate
authority.
1. Make sure that you requested the server certificate and mapped a
drive to the directory that contains the key ring file.
2. Browse to the certificate authority application (the Certificate
Requests application for a server-based certification authority, and
the Domino Certificate Authority for a Domino 5 Certificate
Authority) on the Domino CA:
• If you use Microsoft Internet Explorer, use HTTP to connect to the
application.
• If you use Netscape, use SSL to connect to the application. Then,
use the instructions provided by the browser software to accept
the site certificate.
3. Click “Accept This Authority in Your Server.”
4. Highlight the certificate text and copy it to the system Clipboard
(include the Begin Certificate and End Certificate lines).
5. From the Notes client, open the Server Certificate Admin application.
6. Click “Install Trusted Root Certificate into Key Ring.”
7. Enter the name of the key ring file that will store this certificate. You
specified this name when you created the server certificate request.
8. Enter the name that the key ring file will use to identify this
certificate. If you leave this field blank, Domino uses the
distinguished name of the certificate.
From a third-party CA
View the default trusted roots in the key ring file to make sure the
third-party CA’s certificate is not already included. If it is already
included, you do not need to complete these steps.
For more information, see the topics “Default Domino SSL trusted roots”
and “Viewing SSL server certificates” later in this chapter.
1. Make sure that you requested the server certificate and mapped a
drive to the directory that contains the key ring file.
2. Browse to the Web site of the CA and obtain the CA’s trusted root
certificate. In most cases, the trusted root certificate is in a file
attachment, or the certificate is available for you to copy to the
Clipboard.
3. From the Notes client, open the Server Certificate Admin application.
4. Click “Install Trusted Root Certificate into Key Ring.”
5. Enter the name of the key ring file that will store this certificate. You
specified this name when you created the server certificate request.
6. Enter the name that the key ring file will use to identify this
certificate. If you leave this field blank, Domino uses the
distinguished name of the certificate.
7. Do one of the following:
• If you copied the contents of the CA’s certificate to the Clipboard
in Step 2, choose Clipboard in the Certificate Source field. Paste
the Clipboard contents into the next field.
• If you received a file that contained the CA’s certificate in Step 2,
detach the file to your hard drive and select File in the Certificate
Source field. Enter the file name in the File name field.
8. Click “Merge Trusted Root Certificate into Key Ring.”
9. Enter the password for the key ring file, and then click OK.
10. Have the CA complete the procedure “Signing server certificates.”
From a Domino CA
Note This procedure is the same regardless of whether you are
requesting a server certificate from a Domino server-based certification
authority or a Domino 5 certificate authority.
1. Make sure the CA signed the certificate and you mapped a drive to
the directory that contains the server key ring file.
2. Obtain the server certificate by doing one of the following:
• If the CA gave you the URL to use to pick up the certificate in the
Domino Certificate Authority database, browse to the URL
provided in the e-mail.
or
• Obtain the pickup ID from the CA, and then do the following:
a. Open the Certificate Requests or Domino 5 Certificate
Authority application with a browser.
b. Click Pick Up Server Certificate.
c. Enter the pickup ID and click “Pick Up Signed Certificate.”
From a third-party CA
1. Make sure the CA signed the certificate and you mapped a drive to
the directory that contains the server key ring file.
2. Use the instructions provided by the CA to pick up the certificate. In
most cases, the CA mails the certificate as a file attachment or gives
you a URL to visit to copy and paste the certificate to the Clipboard.
3. From the Notes client, open the Server Certificate Admin application.
4. Click “Install Certificate into Key Ring.”
5. Enter the file name for the key ring that will store this certificate. You
created this key ring file when you created the server certificate
request.
6. Do one of the following:
• If you copied the certificate to the Clipboard, choose Clipboard in
the Certificate Source field. Paste the Clipboard contents into the
next field.
• If you received a file attachment that contains the certificate,
detach the file to your hard drive, and then choose File in the
Certificate Source field. Enter the file name in the File name field.
7. Click “Merge Certificate into Key Ring.”
8. Enter the password for the server key ring file, and then click OK to
approve the merge.
9. Configure the SSL port.
4. Copy the key ring file and stash (.STH) file to the Domino data
directory of the server.
5. Configure the port for SSL.
6. Set up database access.
This chapter describes how to set up a Notes client to use SSL and send
secure S/MIME messages. It also describes how to set up an Internet
client to use SSL to connect to a Domino server.
47-1
Notes and other Internet clients that use client certificate authentication
have an Internet certificate that is stored in the Notes ID file for Notes
client, and in a local file for Internet clients. The certificate includes a
public key, a name, an expiration date, and a digital signature. The
corresponding private key is stored in the ID file, but is stored separately
from the certificate. For Notes clients, the client certificate is also stored
in the Domino Directory so that others can access the public key.
Notes and Internet clients can obtain Internet certificates from either a
Domino certification authority or a third-party certifier.
How you set up the client depends on whether the server requires client
certificate authentication.
As an administrator, you should carefully consider whether you want to
require client certificate authentication. If you do not need to identify
Internet users who access the server, you do not need to set up client
authentication. In fact, in some cases, requiring an Internet certificate
may deter users from accessing a server — for example, a server that
hosts a Web site. If you require an Internet certificate, users need to
perform additional steps to obtain the certificate and set up client
certificate authentication.
Note By enabling the setting “Accept SSL Site Certificates” in the
Location record, the Notes client can ignore cross-certificates and server
authentication entirely. The user can also choose to create
cross-certificates on the fly when connecting to a server using SSL.
Domino CA
1. If you are using a Domino server-based certification authority,
browse to the Certificate Request application. If you are using a
Domino 5 certificate authority, browse to the Domino Certificate
Authority application.
• If you use Microsoft Internet Explorer, use HTTP without SSL to
connect to the Certificate Authority application. Internet Explorer
does not allow you to accept site certificates into your browser.
• If you use Netscape, use SSL to connect to the Domino Certificate
Authority application. When the browser asks whether you want
to accept the server certificate as a trusted root, follow the steps
provided by the browser to accept the certificate.
2. Click “Request Client Certificate” in the left pane.
3. Enter your name and organizational information. This information
will appear on your Internet certificate.
4. Enter any additional contact information that you want to send to the
CA.
5. Enter the size for the public and private keys. The larger the number,
the stronger the encryption.
6. Click “Submit Certificate Request” to send the request to the CA.
This chapter describes the tasks involved in rolling out a database for
Database Management
production after it has been designed. Be sure to test the database
application thoroughly before announcing its location to users.
48-1
Mandatory tasks
Perform these tasks before copying a new database or database replica to
a production server.
Task Considerations
Set up the database ACL If you plan to make replicas of a database, make sure
for users and servers that that the database ACL lists the name of each server
require access containing a replica. If the database uses roles,
assign all roles to each server.
If you assign ACL settings on the original database
before copying it to a server, assign yourself
Manager access on the original. Otherwise, you
won’t have Manager access to the new copy.
Verify that server ACLs Without proper access in a server ACL, users and
are set up correctly servers won’t have access to databases on the server.
Verify that the Domino Create a Group document in the Domino Directory
Directory contains the before adding a Group name in a database ACL. If
necessary Group you must create a Group, make sure that the Group
documents document replicates before you copy the database to
a server.
Copy the new database Consider server disk space, topology, and network
to a server protocols. Placing a database on a cluster requires
that you consider cluster resources.
Verify that the database While designing a database, the database designer
appears in the Open often removes the database title from the list that
Database dialog box appears in the Open Database dialog box. This
deters users from opening the database. After the
database is completed, make sure that the database
title appears in the Open Database dialog box.
Decide which servers To make this decision, consider the purpose and size
require replicas of the of the database, the number and location of users
database and then create who need access to the database, and the existing
the replicas replication schedules between servers.
Verify that Server Server documents are, by default, enabled for
documents in the replication, but to avoid any problems, verify this.
Domino Directory are
enabled for replication
Create or edit If several servers have a replica of the database,
Connection documents make sure that any necessary Connection
documents are set up so that replication can occur.
Set up a replication Consider the location and time zones of users and
schedule the frequency of database updates.
Task Considerations
Database Management
Create About This Database Provide the name, phone number, and e-mail
and Using This Database address of database managers in the About This
documents Database document. Provide information about
the application in the Using This Database
document.
For more information, see Application Development
with Domino Designer.
Create an index for the Create a full-text index for the database if users
database need to search the database for information. If
you create the index before you copy a new copy
of the database or a replica to a server, the index
settings carry over to the new copy or replica.
Distribute encryption keys If the database design includes encrypted fields,
distribute encryption keys to users.
For more information, see the book Application
Development with Domino Designer.
Create a Mail-In Database If the database is designed to receive mail, you
document must create a Mail-In Database document in the
Domino Directory.
List the database in the By default, all databases except mail databases
database catalog are listed in the default views of the database
catalog. You can add categories to control how
the database appears in the catalog views and to
help users narrow the scope of a domain search.
Publish the database in a Create a library of selected databases on one
database library server or several servers for users.
Sign the database Sign a database to provide a signature for it. Do
this, for example, so that an Execution Control
List (ECL) can evaluate the signature.
Add the database to the If an application database will be useful to a wide
Domain Index audience, include the database in the Domain
Index.
Notify users that the Provide the database title, file name, and server
database is available location.
Database Management
• Select “Create Full Text index” to create a full-text index on the
new copy.
Note You can also create a full-text index later.
• Choose “Encryption” to encrypt the new copy of the database.
This option is intended to prevent unauthorized users from
accessing a database from a workstation, laptop computer, or
server. If you use this option, Notes encrypts the database using a
specified ID so that only a user with that ID can gain access to the
database directly from a server or workstation. You can choose
one of three encryption levels. This encryption setting also carries
over to copies of the database made at the operating system level.
Note The maximum database size is 64GB on Windows and UNIX.
For more information on encryption, see the book Application
Development with Domino Designer.
Database Management
3. Choose File - Database - Access Control, and make sure you have
Manager access.
4. Choose File - Database - Properties.
5. Click the Design tab.
6. Make sure that the “List in Database Catalog” option is selected, and
enter one or more categories.
Note These categories appear on the Domain Search form to
provide a user with a way to narrow a search. Categories are also
displayed in views of the database catalog and Domain Catalog.
7. Select “Include in multi-database indexing.”
This chapter discusses how to organize databases that are in the Domino
Database Management
data directory or on another server and how to create links to directories
and databases that are not in the Domino data directory.
Directory links
You can store databases in a directory outside the Domino data directory
to take advantage of disk space available on other servers. Then you
create a link in the Domino data directory that points to that directory. In
the Domino data directory, users see the directory link MKTG.DIR as the
subdirectory MKTG, with a directory folder icon next to it. Users who do
not have access to a linked directory can see the directory link, but
cannot access the directory.
You can use a directory link on a Web server to point browser users to a
directory outside the Domino data directory. When you create this link,
you must specify access for browser users — for example, you can
specify access for anonymous users or enter the names of users who use
name-and-password or SSL client authentication.
49-1
Database links
You can store a single database outside the Domino data directory and
create a database link to it from the Domino data directory. A database
link appears in the Domino data directory as a database icon followed by
the name of the linked database.
You can use a database link on a Web server to point browser users to a
database in a directory outside the Domino data directory. If the
database link points to a database on another server, browser users
cannot access the database.
Database Management
directory. For example, create the directory link PROJECTS.DIR to point
to the directory D:\PROJECTS\SALES. On a Domino Server for
NetWare, a DIR file can point to SYS:SALES but not to SYS:. On a
Domino Server for UNIX, a DIR file can point to /sales but not to /.
Create the database link using the complete path and file name of the
database you want to link to. For example, create the database link
SALES.NSF to point to the database D:\PROJECTS\SALES\SALES.NSF.
Domino automatically appends the NSF extension to the database name.
If you want to move a linked database to another location, delete the old
link, create a new database link, and move the database to the new
location. When you delete the database link, you remove the link, but not
the database link references.
To delete a link
1. From the Domino Administrator Server list, select the name of the
server.
2. Click the Files tab, and then select the directory or database link to
delete.
3. Choose Tools - Folder - Delete, and then click Yes.
4. To verify that the link was deleted, click the refresh icon. View the
result in the Results pane.
Database Management
want to allow to access the directory:
a. Select the name from a Domino Directory, or type the name in
the “Add name not in list” box. You can specify the name of a
user, server, group or a wildcard, for example, */Sales/Acme.
b. Click Add.
8. When you are finished defining the access list, click OK.
9. Click OK again. In the left pane, the directory now displays a lock
icon.
You must index a database for full-text searches to allow users to quickly
Database Management
search and locate information within that database.
50-1
The Domain indexing process is completely separate from that for
individual databases, and including a database in the Domain Index does
not preclude the need to create a separate index for a popular database.
For more information on adding the full text of a database to the Domain
Index or on setting up the Domain Index, see the chapter “Setting Up
Domain Search.”
Database Management
Note Users update full-text indexes for local databases whenever they
replicate with the server. Users can also do manual index updates for
local databases at any time.
9. Click OK.
10. Inform users that the database or databases are indexed.
Database Management
2. Click Programs.
3. Create or edit a Program document.
4. On the Basics tab:
a. Type Updall in the “Program name” box.
b. Type any optional arguments in the “Command line” box.
c. Type the server name on which the full-text indexed database
resides in the “Server to run on” box.
5. On the Schedule tab:
a. Select Enabled in the Enabled/disabled box.
b. Select the time for Updall to update the index in the “Run at
times” box.
c. Select a repeat interval, if any, in the “Repeat interval of” box.
d. Select the days of the week for Updall to update the index in the
“Days of week” box.
6. Save and close the Program document.
6. Click OK.
Database Management
4. Select all the databases for which you want to update the index.
5. From the Tools pane, choose Tools - Database - Full Text Index.
6. Select Update.
7. Click OK.
Database Management
which administrators create to help particular groups of users find
pertinent databases — and database catalogs — which list for users all
databases on a given server. This chapter does not cover the Domain
Catalog, which lists databases on all servers across a Domino domain.
For information on the Domain Catalog, see the chapter “Setting Up
Domain Search.”
Database libraries
You can create a database library that contains databases that pertain to a
specific collection of users or to a specific topic. For example, a corporate
database library might include all databases that deal with corporate
policies and procedures, and a marketing database library might include
databases that are useful to the marketing staff.
The main view in a library lists the databases it contains alphabetically
by title, and gives a short description of each database. Each database
document displays the database’s title, short and long descriptions,
replica ID, and database manager, as well as buttons that let users
browse the database or add it to their bookmarks.
Note Instead of creating database libraries to point users to the
databases they need, you can use Desktop policy settings to add
bookmarks directly to their workspaces.
For more information on Desktop policy settings, see the chapter “Using
Policies.”
Server libraries
The databases you choose to include in a library can be located on any
server. More than one library can reside on a server. When a user opens a
database from a database library, Lotus Domino uses the database’s
replica ID number to search for it. Domino first searches for the database
on the user’s workspace, then on the user’s home server, and finally
looks for a Domain Catalog to find a path to a replica of the database on
51-1
another server. If a database is moved to another server, Domino
automatically opens the database at its new location and then updates
the database’s replica ID in the database library.
When you create a database library on a server, you automatically
become the librarian for that database library with Manager access in the
library ACL. The -Default- access in the library ACL is Reader. If a user
with Reader access in the database library ACL attempts to publish a
database, Domino automatically sends the librarian an e-mail containing
the request to publish the database. The librarian then publishes the
database for the user. If you want users to be able to publish databases in
the library themselves, change -Default- access to Author.
Local libraries
You can create a local library for your own use, which lists databases on
your own hard drive as well as databases on servers. The only difference
between a local library and libraries on servers is that no other users can
use your local library or become librarians for it.
Database Management
3. From the Domino Administrator, select the server that holds the
database library.
4. On the Files tab, double-click the title of the database library.
5. In the Librarians view, click “Edit Librarians.”
6. Type the names of all users who will be librarians, pressing ENTER
after each name.
7. Close and save the Librarians document.
Database catalogs
A database catalog provides a list of all databases on a server. You use
the server Catalog task to create a database catalog. The Catalog task
bases the catalog file (CATALOG.NSF) on the CATALOG.NTF template
and adds the appropriate entries to the catalog’s ACL.
All databases on a server are included in the catalog when the Catalog
task runs. Only administrators can see listings for some databases (those
with the “List in Database Catalog” option selected in the Database
Properties box), as these databases are not included in the default views.
For databases in the default views, you can specify categories in the
Database Properties box to determine how the databases appear in the
categorized view of the catalog. For large catalogs, you can create a
full-text index to make searching the catalog faster.
To help users locate databases across an organization, or to keep track of
all the replicas for each database, you must set up a Domain Catalog — a
catalog that combines the information from the database catalogs of
multiple servers — on one of your servers. You can set up a Domain
Catalog regardless of whether you plan to implement Domino’s Domain
Search capability.
For more information on the Domain Catalog, see the chapter “Setting
Up Domain Search.”
Database Management
databases users are not authorized to access, they can view by sending
an e-mail request to the database manager.
To view the documents in the database catalog, open the catalog from the
Domino Administrator or the Web Administrator tool (Files tab).
This chapter explains how monitor the statistics and events that occur on
the Domino server and how to view and analyze performance statistics.
Monitoring
Web Administrator, or the server console — you can monitor the system. For
example, from the Domino Administrator, you can use the Domino server
monitor and statistics charts to view graphical representations of system
status; and from the server console, you can view a representation that uses
your predefined colors and text attributes to illustrate the status of a process.
The Domino Administrator includes these system-monitoring tools that
you use to configure, view, and track the Domino system:
• Monitoring databases — Store monitoring documents, information, and
results. The Monitoring Configuration database (EVENTS4.NSF) stores
the documents you use to set up monitoring. It also includes information
about statistics, statistic thresholds, and event messages. The Monitoring
Results database (STATREP.NSF) stores the gathered statistics reports
and can be configured to store information about logged events. The log
file (LOG.NSF) stores the server’s log documents.
• Monitoring Configuration documents — Define and configure what
constitutes an event, and how the event is handled. Also allow you to
customize the messages that appear on the console when an event
occurs.
• Server tasks — Collect and record information about the Domino
system. The Event Monitor task determines if an Event Handler has
been configured for the event, and if so, routes the event to the
specified person, database, or server-management program for
processing. The Statistic collector task gathers Domino server
statistics and creates statistics reports in the Monitoring Results
52-1
database (STATREP.NSF) or to another database you can specify.
The ISpy task executes TCP server and mail-routing event
generators.
• Statistics — Domino gathers statistics that show the status of
processes currently running on the system — for example, the
statistic “Free space on drive C” indicates the amount of free space
available on drive C. You use these statistics along with the
predetermined statistics thresholds to monitor both your Domino
system and platform statistics.
• Domino server monitor — Provides a visual representation of the
status of the servers you are monitoring.
Document Description
Event Generator Defines the parameters of an event.
Event Handler Describes what action to take when an event occurs.
Event Notification Defines the notification method to use when the Event
Method Handler document prescribes notification.
Log Filter Specifies events that you do not want to log.
Server Console Sets the text, background, and color attributes for the
Configuration Domino server console.
Statistic Description Describes a statistic.
Server Statistic Specifies one or more servers from which statistics are
Collection collected and identifies the server that performs the
collecting.
Monitoring
You create an Event Handler document to specify to log the event to a
specified destination, and simultaneously receive notification of the
event’s occurrence and run a program for additional processing. You can
also prevent the event from being logged or handled at all. However, if
you want to know about an event, you must have an Event Handler
document. Otherwise the event is not recorded. There is no default way
of handling an event. So if you do not create event handlers, then events
are not logged or stored anywhere (except for server or add-in task
events, which are stored in the log). After an event is passed to the Event
Monitor task, it can invoke one or more configured Event Handlers.
Event generators
Event generators gather information by monitoring a task or a statistic or
by probing a server for access or connectivity. Each event generator has a
specified threshold or condition, which, when met, causes an event to be
created The event is passed to the Event Monitor task, which checks
whether an associated event handler has been defined. If an event
handler has not been defined, the Event Monitor task does nothing. If an
event handler has been defined, the Event Monitor carries out the
instructions in the event handler. The Event Monitor task, formerly know
as the Event task, starts automatically when you start the server and
must run on all servers that you want to monitor.
For more information about event handlers, see the topic “Event
handlers” later in this chapter.
Monitoring
4. In the “What to monitor” section, choose one or more of the
following:
• Monitor ACL Changes — To monitor all ACL changes, including
those made by replication.
• Monitor replication — To monitor the frequency and success of
database replication. Then complete these fields on the Replication
tab:
Field Action
Server(s) with Choose one:
which the database • All in the domain.
must replicate
• Only the following. Then select one or more
servers from the list.
Replication timeout Enter a time-out value. The default is 24 hours.
5. On the Other tab, complete these fields, and then save the document:
Field Action
Generate a database event Select a severity level.
of severity
Create a new event Click this button to launch the Event
handler for this event Notification Wizard and create an event
handler.
The Resulting Statistic field, which is not editable, shows the name of
the statistic that is generated.
Monitoring
7. Click the Other tab, complete these fields, and then save the
document:
Field Action
On time-out, generate a Server Select a severity level.
event of severity
Create a new event handler for Click to launch the Event Notification
this event Wizard and create an event handler.
In addition, the ISpy task monitors the local mail server by default and
generates events for traces that fail. To monitor other Domino mail
servers, create an event generator and set up an event handler to notify
you when an event has occurred.
6. Click the Other tab, complete these fields, and then click Save &
Close.
Field Action
On time-out, generate Select the severity level.
a Mail event of
severity
Create a new event Click this button to launch the Event Notification
handler for this event Wizard and create an event handler.
Monitoring
view of the Domino Administrator.
You enable alarms in the Domino Administrator by setting
Administration Preferences. You enable alarms on the server, in the
Server Statistic Collection document.
For more information on enabling statistics alarms in the Domino
Administrator, see the chapter “Setting Up and Using Domino
Administration tools.” For more information on enabling alarms on the
Domino Server, see the topic “Creating a Server Statistic Collection
document,” later in this chapter.
4. Click the Other tab, complete these fields, and then save and close.
Field Action
Generate a monitor Select a severity level.
event of severity
Create a new event Click this button to launch the Event Notification
handler for this event Wizard and create an event handler.
Monitoring
generated upon failure, click the tab for each service.
Monitoring
Start the ISpy task automatically Edit the ServerTasks setting in the
when the server starts NOTES.INI file to include RunJava ISpy.
Start the ISpy task manually Enter the command load runjava ISpy at the
console.
Stop the ISpy task Enter either the command tell runjava ISpy
quit or tell runjava quit at the console.
To start a wizard
1. From the Domino Administrator, click the Files tab.
2. Open the Monitoring Configuration database, and then choose the
Setup Wizards view.
3. Click the wizard you want to use.
Event handlers
An event handler defines the action that Domino takes when a specific
event occurs. You can define an event handler to do one or more of the
following:
• Log the event to a configured destination
• Notify you that the event occurred and specify the method of
notification
• Forward the event to another program for additional processing
• Prevent the event from being logged to the server console or to a
specified destination
The Monitoring Configuration database (EVENTS4.NSF) includes
default event handlers for server tasks. However, to customize how
events are handled, you may want to create a custom event handlers.
You can enable or disable an event handler, so you can easily disable a
default event handler and replace it with a custom one.
When you create an event handler, you specify the condition — for
example, when an event meets or exceeds a threshold or meets a
specified severity level — that triggers it. To specify event handler
conditions, you define a set of criteria, specify a task, or select a custom
event generator that triggers the event handler.
For example, suppose you create an event handler that defines the
criteria as a replication event with a severity level of Fatal. Then any
replication event that matches that criteria is handled based on the event
handler you created. Or, you can create an event handler for all events of
any type that have a severity level of Fatal. An event handler is
generated only if the specified task creates an event. And event handlers
Monitoring
Notification method Result
Broadcast Reports the event to all users logged onto the server or to a
specified group of users.
Log to database Logs the event to a database, typically STATREP.NSF, on a
local server. Select this method only if the specified server
is reporting events to its own collection database.
Mail Mails the event to a person or to a mail-in database
(typically STATMAIL.NSF) on a server in a different
domain or one that uses an incompatible mail protocol.
NTLog Reports the event to the Windows NT Event Viewer.
Pager Uses the mail address of an alphanumeric pager to report a
modified version of an event to a pager.
Prog Runs an add-in program or specified command to correct
problems automatically.
Relay Relays the event to another server that is in the same
Domino domain and that runs a common protocol. These
events are collected in a database, typically STATREP.NSF.
Sound Sounds an alarm on the designated server when the event
occurs.
SNMP Trap Sends the event as an SNMP trap. Select this method only if
the specified server is running the Event Interceptor task
and the Domino SNMP Agent.
UNIXLog Reports the event to the UNIX system log.
For more information on SNMP agents, see the chapter “Using the
Domino SNMP Agent.”
Monitoring
For more information on the wizard, see the topic “Using event generator
and event handler wizards,” earlier in this chapter.
For more information about event types and event severity levels,
see the topics “Event types used to specify event criteria,” and
“Event generators,” earlier in this chapter.
• A built-in or add-in task event. Then click Select Event, select the
event from the list, and choose one:
• Events can have any message
• Events must have this text in the event message. Then type the
message text.
• A custom event generator. Then select it from the list or click New
to create a new custom event generator.
(Optional) Click “Details” to view a custom Event Generator
document.
5. Click the Action tab and choose the notification method.
For more information on event notification methods, see the topic
“Event handler notification methods,” earlier in this chapter.
Note If you purchased an add-in product designed to work with
server-management programs, you may see additional notification
methods.
6. Choose one enablement option:
• Enable this notification — To enable the notification during all hours.
• Enabled only during these times — Then click the clock and move
the slider to select the start and end time during which this event
handler is enabled.
7. Click Save & Close.
Monitoring
To create a log filter
1. From the Domino Administrator, click the Configuration tab and
then open the Monitoring Configuration - Log Filters view.
2. Click “New Event Filter.”
3. On the Basics tab, select the name of the server on which you want to
set log filters.
4. Click the Database tab. For the field “Log unknown
types/severities?” select Yes or No to filter events from the log file.
5. Choose one:
• Log All Types — Then specify a severity level.
• Select types — Then check each type of event to log.
6. Click the Console tab. For the field “Log unknown types/severities?”
select Yes or No to filter events from the console.
7. Choose one, and then Save & Close:
• Log All Types — Then specify a severity level.
• Select types — Then check each type of event to log.
Tip You can also create a log filter from the server console.
For more information about setting log levels, see the chapter “Using Log
Files.”
To view a report
1. From the Domino Administrator, click the Server - Analysis tab.
2. Click the Monitoring Results - Events view.
3. Double-click a report to view the information.
Monitoring
appearance of the Domino Administrator server console.
Monitoring
1. From the Domino Administrator, click the Server - Status tab.
2. Open the Server Console view.
3. Click Pause or Stop to stop the logging of information to the console.
4. Select the event for which you want to create an event handler.
5. Select Live Console - Create Local Event Handler.
6. If an event handler for the specified event already exists, you are
prompted to edit the Event Handler document or create a new one.
7. Do one to restart the Domino Administrator server console:
• If you clicked Pause, click Resume.
• If you clicked Stop, click Live.
For more information on event handlers, see the topic “Creating an event
handler,” earlier in this chapter.
Monitoring
You must set monitoring Administration Preferences to generate
statistics and reports and to specify the location from which you are
monitoring statistics. You set statistics Administration Preferences to
enable the reporting of statistics to the local Monitoring Results database
(STATREP.NSF), which is used when creating statistics charts. To
generate statistic event generators, you must enable statistics alarms.
For information on setting preferences, see the chapter “Setting Up and
Using Domino Administration Tools.”
Platform statistics
In addition to tracking server statistics, Domino tracks operating-system
performance statistics. You can view these statistics from the Domino
Administrator, along with your Domino statistics, which helps you with
Domino server monitoring and tuning. You can include platform
statistics in any statistic monitoring task you perform with the Domino
statistics, including using them in monitoring and statistic profiles, and
charting them.
There may be slight overhead incurred while running platform statistics,
however the overhead is insignificant. No disk space is consumed by
enabling platform statistics, since no log files are created. As with
Domino statistics, disk space is used only if you log platform statistics to
the log file or to the Monitoring Results database (STATREP.NSF). The
amount of disk space used depends on the frequency of capture.
Monitoring
platform statistics that pertain to the system as a whole, not to an
individual partition. For example, memory use or CPU use statistics are
the same value on a partitioned and non-partitioned server. The only
statistics that are specific to a partition are those that reflect tasks, such
process statistics, where one partition might run 10 tasks, while another
partition runs 15 tasks.
Process statistics
On Windows 2000 and Windows NT, when you view process statistics,
the Percentage Total Domino CPU Utilization value may be greater than
the Total System CPU Utilization. This is because the CPU utilization
value for each individual process is calculated based on the total number
of processes used in a sampling interval.
On Windows 2000 and Windows NT, Domino process names include the
letter “n” as a prefix. For example, in Perfmon, Adminp — the process
name for the Administration Process — is nadminp. To maintain
Monitoring
platform-independence in naming, Domino does not include the prefix
on any platform statistics.
On Solaris, AIX, and OS/400 platforms, process statistics indicate how
busy the processes are, but these are not absolute values. On these
platforms, the utilization is based on how busy the processes are in the
current sampling period as compared to how busy they were in the
previous sampling period. For example, if a process reports 30%
utilization in the first sampling and 60% in the second, the process is
twice as busy.
On all platforms, by default, the performance statistics for processes that
are idle have the value zero.
Monitoring
Viewing statistics reports
Domino includes these default statistics reports:
• Calendaring and Scheduling
• Clusters
• Communications
• Mail and Database
• Network
• Platform
• System
• Web Server & Retriever
The information in these reports provides a subset of statistics in each
category. To view all statistics, use the Show Statistic command at the
console or from the Domino Administrator, click the Server - Statistics
tab.
Monitoring
Statistic unit Enter one:
• The unit in which the statistic is measured — for
example, bytes or minutes
• The word “none,” if this is a text statistic
Statistic description Enter a description of the statistic
Monitoring
Configuration - Names & Messages (Advanced) view. The category for a
statistic is the first part of the statistic name. For example, the category
for the statistic Disk.C.Free is Disk.
Monitoring
5. Click the arrow to open a statistic category. Select the specific
statistic, and then click Add.
6. Click Done, choose Performance Monitor - Saved Statistics Profiles -
Save As, and then type a name for the statistic profile.
Task Action
Stop or start the charting Click the Stop/Start button.
Get a numerical representation of Click the statistic in the profile list. Then
a graphical statistic look at the bar area between the profile list
and the chart.
Get a textual representation of Double-click the chart to display a document
the statistic chart that you can edit and print.
Chart an isolated statistic Double-click a graph line.
Monitoring
Modifying statistic profiles
To modify a statistic profile, you can add or delete statistics, add servers,
or save or delete the entire profile. To add or remove statistics and
servers from a profile for the current session only, make the changes, but
don’t save the profile.
Monitoring
4. Enable “Automatically monitor servers at startup.”
For more information on setting Administration Preferences, see the
chapter “Setting Up and Using Domino Administration Tools.”
By Timeline view
Use the By Timeline view to track the status of server tasks. In this view,
you can see which tasks are having problems and approximately when
the problems occurred. Using the Column scale selector, you can choose
a data display time interval of 1 to 60 minutes. As you increase the time
interval, you increase the summation of the data. You can change the sort
order of both the Server Name and Server Status columns in this view.
By State view
The By State view displays a detailed status of Domino servers and their
associated tasks and statistics. Each server and server task displays a
status indicator that identifies its current state. Using the option “Display
past states reporting errors exclusively,” you can view only error states.
If a statistic is numeric, you can display the difference between the
current statistic value and its value from one hour earlier. A differences
icon appears in the statistic column and points to the previous value. In
this
Monitoring
• Create a new profile
• Specify the profiles to monitor on startup
Note The Domino server monitor and profiles are not available in the
Web Administrator.
Specifying profiles to use when you start the Domino server monitor
By default, the profile that was being monitored when you stop the
server monitor is the profile that will be monitored when you start the
server monitor. To override this default behavior, you can specify which
profiles to monitor when you start the Domino server monitor.
1. From the Domino Administrator, click the Server - Monitoring tab.
2. Select a server profile.
3. From the Monitoring menu, select Profile Properties.
4. Make sure the name of the profile you want to monitor at startup is
displayed.
5. Check “Contact servers in this profile at startup.”
Tip You can also rename a nonsystem profile in Profile Properties.
Monitoring
explanation of the problem. To take immediate constructive action on the
server, you select the server, right click and select Display Status Tab.
You are now ready to diagnose and take corrective action from the
Server - Status tab.
Or perhaps you are monitoring 14 servers, and troubleshooting dead
mail statistics (dead.mail). To see which servers have the highest amount
of dead mail, sort the statistic column so that the servers with the most
dead mail messages appear at the top. To get an idea of when the dead
mail really started piling up, locate the cursor in the Dead statistic
column and right click. Select Show Statistic’s Difference to see if the
error occurred within the last hour. To release the dead mail, right click
and select Display Messaging tab to switch to the Messaging - Mail tab.
Monitoring
industry standard SNMP, to manage aspects of the Domino server. It
consists of:
• LNSNMP — An independent application that receives trap
notifications from the Event Interceptor and then sends them to the
management station using the platform-specific, master SNMP
Agent. LNSNMP also handles requests for Domino-related
information from the management station by passing the request to
the QuerySet Handler and responding back to the management
station. LNSNMP includes the:
• Recent Trap Table — A dynamic table stored in LNSNMP
containing the last ten trap notifications sent from the Event
Interceptor.
• Trap Generator — Part of the Domino SNMP Agent that receives
Domino events from the Event Interceptor and sends them to the
management station using the master SNMP Agent.
• QuerySet Handler — An add-in task that queries server statistics
information and sets the value of configurable Domino-based
parameters. The QuerySet Handler returns Domino statistics
information to LNSNMP, which then forwards the information to the
management station using the platform-specific, master SNMP
Agent.
• Event Interceptor — An add-in task that responds to the SNMP Trap
notification for Domino Event Handlers by instructing the Trap
Generator to issue a trap.
53-1
The Domino SNMP Agent’s main functions
The agent provides:
• Out-of-band server status through the MIB
• Control of a Domino server through SNMP
• Real-time alerts on server status
• Forwarding of Domino events as SNMP traps
• Domino statistics through the MIB
The Domino SNMP Agent supports SNMP version 1.
Monitoring
Domino server pulse is restored: Normal 14 13
[server name] (This server is no
longer busy and now responding
to the SNMP pulse.)
System is rebooting (The Domino Informational 15 N/A
SNMP Agent is rebooting the
entire system.)
Domino server is not responding: Critical 16 17
[server name] (This server may
have crashed or hung.)
Domino server is now Normal 17 16
responding: [server name] (This
server is now responding again.)
SNMP security
Monitoring
SNMP version 1 is not a secure protocol. SNMP’s native security uses
only community names and IP addresses. All sites should review
deployment of the Domino SNMP Agent with their security staff.
However, the control functions provided by the Domino SNMP Agent do
not present significant security risks (for example, access to the console
or databases is not affected).
Monitoring
monitoring and controlling the server.
• lnInterceptor — An internal branch relating to the Event Interceptor
add-in task.
• lnUnix — An internal branch that supports for NetView for AIX.
• lnMPAInfo — A branch with one value provided by LNSNMP that
gives the version of the Domino SNMP Agent.
Note Some Domino statistics are in floating-point format. SNMP
version 1 does not support floating-point numbers, truncating these
statistics to integers.
System requirements
The following are system requirements for the Domino SNMP Agent:
Windows requirements:
• Windows native TCP/IP.
• Windows SNMP Agent service.
AIX requirements:
• AIX native TCP/IP.
• AIX Master SNMP Agent (snmpd).
Solaris requirements:
• Solaris® native TCP/IP.
• An extensible Master SNMP Agent that supports the SMUX protocol
(RFC 1227), such as PEER Networks OptiMaster Release 1.8a
(included).
Monitoring
since SNMP was itself started. If you don’t need to use SNMP to start
partitions, it is not necessary to configure the LNSNMP.INI as described
below.
If you want to manage multiple partitions and always be able to start their
servers using SNMP, then it’s necessary to configure those partitions into
LNSNMP.INI as described below. Configuring LNSNMP.INI also causes
the virtual rows in the MIB’s lnServerTable to be allocated in the order
specified in LNSNMP.INI instead of in the order that the partitions are
started. The MIB’s lnServerTable contains a virtual row for each partition,
so having prior knowledge about which row will represent a particular
partition could simplify certain management functions.
The Windows operating system limits all SNMP traps to using one IP
address. On UNIX, each partition needs a separate DNS entry in order to
distinguish each trap origin. On the client side, while traps from
partitions will be received, not all SNMP consoles can associate traps
from partitions to map objects. In particular, due to a limitation of
WINSNMP, which is used with OpenView Professional Suite, it cannot
assign traps to Domino icons.
Note The case of the text to the right of the equals sign is significant
in UNIX environments.
Troubleshooting
If LNSNMP does not start properly, then check that the LNSNMP.INI file
is correct. LNSNMP will always attempt to reference the LNSNMP.INI
file.
Monitoring
and is set up to run automatically. This means that once the Domino
SNMP Agent is configured, it is virtually always running, even when
Domino is not. If you later upgrade Domino you should stop the
LNSNMP and Windows SNMP Services before beginning the upgrade
process.
1. Stop the LNSNMP and SNMP services. Enter these commands:
net stop lnsnmp
net stop snmp
Monitoring
executable and the Domino data directories are in your search path.
Tip If you are using UCD-SNMP or NET-SNMP the trap destinations
and community names are configured in the
/usr/share/snmp/snmpd.conf file. Otherwise, refer to the
documentation for the master agent technology you are using. You will
want to configure appropriate trap destinations and community names
for your remote management infrastructure.
Note The Domino SNMP Agent is set up to run automatically. This
means that once the Domino SNMP Agent is configured, it is virtually
always running, even when Domino is not. If you later upgrade Domino
you should stop the LNSNMP process before beginning the upgrade
process.
Note All the following commands should be executed as the root user.
1. Stop the LNSNMP process. Enter this command:
lnsnmp.sh stop
2. Stop the Master SNMP Agent. If you’re using the PEER Agent(s)
enter this command:
peerinit.sh stop
If you’re not using the PEER Agent(s) refer to your Master SNMP
Agent’s documentation.
3. Install or configure the Master SNMP Agent. If you’re going to be
using the PEER Master Agent, it’s already configured for LNSNMP;
Monitoring
enter the following commands to install it, changing the Domino
executable path if necessary:
ln -f -s /opt/lotus/notes/latest/sunspa/peer.snmpd /etc
cp /opt/lotus/notes/latest/sunspa/peer.snmpd.conf /etc
4. Start the Master SNMP Agent. If you’re using the PEER Agent(s)
enter this command:
peerinit.sh start
If you’re not using the PEER Agent(s) refer to your Master SNMP
Agent’s documentation.
5. Start the LNSNMP process. Enter this command:
lnsnmp.sh start
8. Create a link to the PEER script, if you’re using the PEER Agent(s).
Enter this command, changing the Domino executable path if
necessary:
ln -f -s /opt/lotus/notes/latest/sunspa/peerinit.sh
/etc/init.d/peerinit
If you’re not using the PEER Agent(s) refer to your Master SNMP
Agent’s documentation.
You have completed the Solaris-specific portion of the Domino SNMP
Agent configuration. You should now follow the instructions found in
Completing the Configuration of the Domino SNMP Agent.
Monitoring
This is the same command script used to start the PEER Master Agent
and is responsible for both Agents if they’re both installed. Therefore, if
you already configured the PEER Master Agent to restart automatically
after a reboot, the PEER Encapsulator Agent will also restart
automatically.
2. To support SNMP traps for Domino events, start the Event Interceptor
add-in task. Enter this command on the Domino Server console:
load intrcpt
Monitoring
be found in the SNMP tab of a server Configuration Settings document.
For more information about server Configuration Settings documents,
see the chapter “Setting Up Mail Routing.”
Windows
To stop the Lotus Domino SNMP Agent service, enter this command:
net stop lnsnmp
To start the Lotus Domino SNMP Agent service, enter this command:
net start lnsnmp
AIX
To stop the lnsnmp process, enter this command as root:
/etc/lnsnmp.rc stop
Linux
To stop the lnsnmp process, enter this command as root:
/etc/rc.d/init.d/lnsnmp stop
Solaris
To stop the lnsnmp process, enter this command as root:
/etc/init.d/lnsnmp stop
Monitoring
management station documentation for details on adding MIBs. The
name of the Domino MIB file is domino.mib. This file can be found in the
Domino executable directory of any Domino 6 server.
Note Unlike previous releases of the Domino SNMP Agent, the Domino
MIB is actually used by the Domino 6 server, specifically the QuerySet
add-in task, so a copy of the Domino MIB must remain in the Domino
executable directory.
If you are running multiple versions of the Domino SNMP Agent in your
network, for instance, because of migration, your management stations
should use the MIB corresponding to the latest installed version of the
Domino SNMP Agent.
Monitoring
4. As root, run the trap configuration script, addtraps.sh, that you
copied in step 1. Enter this command:
sh addtraps.sh
Removing traps
To remove these traps, log in as root, and run:
removetrap -n "Notes"
Monitoring
lasts 5 cycles, however, you will get a Critical trap “Domino Server is not
responding.” This means that the server may have crashed or hung. In
either case, while it is occurring you will not be able to query the Domino
MIB. When the pulse returns, you will receive a canceling trap message
that the server pulse is restored.
This chapter describes the IBM Tivoli® Analyzer for Lotus Domino and
explains how you use it to monitor system health, analyze resource
distribution, and balance resources. The IBM Tivoli Analyzer for Lotus
Domino includes the Server Health Monitor and Activity Trends.
Monitoring
real-time assessment and recommendations for server performance, and
Activity Trends, which provides data collection, data exploration, and
resource balancing. Using these tools, you can manage servers and
databases, ensure better server performance, and plan for current and
future needs.
The IBM Tivoli Analyzer for Lotus Domino is a separate product offering
from Tivoli Systems.
The Server Health Monitor determines server health by calculating
health statistics and comparing them against preset thresholds. The
Server Health Monitor reports the information, pinpoints problematic
server components, and provides short-term and long-term
recommendations for restoring server health.
Activity Trends collects and stores activity statistics as current
observations and historical trends. The activity statistics relate to the
server, databases, users, and connections of users to databases. You can
explore the collected data to see how database workload is distributed
across servers. Using the data, Activity Trends recommends a
resource-balancing plan. Then, working with the Domino Change
Manager, which is a part of the Domino server, Activity Trends provides
a workflow that facilitates implementing the recommended changes.
54-1
Server Health Monitor
In Domino, performing traditional performance troubleshooting
involves:
• Using event generators and notifications and Domino server
monitoring to perform real-time data-analysis
• Using information from the server log (LOG.NSF), the Monitoring
Results database (STATREP.NSF), and the Administration Requests
database (ADMIN4.NSF) to perform historical data-analysis
• Using Domino Directory documents and NOTES.INI settings to
customize the server configuration
The Server Health Monitor extends the usefulness of traditional
performance troubleshooting by automatically calculating health
statistics, comparing those statistics to predefined thresholds, and
reporting on overall server health. If the server health rating is Warning
or Critical, a health report, which is stored in the Health Monitoring
database (DOMMON.NSF), suggests short-term and long-term
recommendations for tuning the server and returning its performance
status to Healthy.
The Server Health Monitor is incorporated into the Domino server
monitor, which is part of the Domino Administration client. All health
statistics generated by the Server Health Monitor are local to the Domino
Administration client.
For each server being monitored, the Server Health Monitor reports a
health rating for the server and for all enabled individual server
components — namely, CPU, disk, memory, and network utilization;
NRPC name lookup; mail delivery latency; and server, HTTP, LDAP,
and IMAP response.
The health rating of each server and server component is based on a
collection of indices. Health ratings, such as healthy, warning, or critical,
are assigned, based on these index values. Each index has a calculated
value between 0 and 100. These values are based on server health
monitoring assessment algorithms and rules. Each index has two related
thresholds: a warning threshold and a critical threshold. When the index
value is less than both thresholds, the server or server component is rated
Healthy. When the index value is greater than the warning threshold, the
server or server component is rated Warning. When the index value is
higher than the critical threshold, the server performance is judged to be
Critical and requires immediate attention.
Monitoring
Table of Server Health Monitor statistics
The Server Health Monitor reports a statistic for the overall server and
for individual components. Each statistic corresponds to a rating.
Occasionally, the Server Health Monitor assigns the rating of Unknown.
This happens when the Domino Administration client workstation
performs at 100 percent of its CPU capacity for an extended period of
time. If this happens you may need to make some adjustments to
improve the performance of the Server Health Monitor.
Server Health reports are stored in the Health Monitoring database
(DOMMON.NSF).
For information on how to improve the performance of the Server Health
Monitor, see the topic “Improving the performance of the Server Health
Monitor,” later in this chapter.
Monitoring
Health.*.Threshold.Critical <= Critical The component is failing to
Health.*.Value and perform acceptably.
Health.*.Value <= 97
98 = Health.*.Value Fatal The task associated with the
component issued a fatal error
message.
99 = Health.*.Value Not The task associated with the
Responding component is not responding.
Server ratings
Rating Description
Never Seen The server has never been seen running during the current
server monitor session.
Healthy The server is performing within acceptable tolerances.
continued
Component ratings
Rating Description
Healthy The server component appears to be running correctly.
Warning The server component is approaching unacceptable levels of
poor performance.
Critical The server component is failing to perform acceptably.
Fatal The task related to this component has issued a fatal error.
Not Responding The task related to this component is not responding.
Monitoring
3. For “Poll servers every n minutes,” enter a value from 1 to 60
minutes.
Tip The higher the number of servers to monitor, the larger the
polling interval to enter. For timely monitoring, enter a value
between 1 and 10.
4. (Optional) To start the server monitor automatically, check
“Automatically monitor servers at startup.”
5. Click Statistics, and then check “Generate statistic reports while
monitoring or charting statistics.”
6. For “Generate reports every n minutes,” enter a value greater than or
equal to the server polling interval specified in Step 3.
7. Wait a few minutes longer than the polling interval, and then open
the Health Monitoring Database (DOMMON.NSF) to see the Health
report.
Monitoring
To select server components to include
1. From the Domino Administrator, click the Server - Monitoring tab.
2. From the menu, choose Monitoring - Display Health Reports, and
then open the Configuration view.
3. Choose Server Components.
4. Choose the server you want to modify, and click Edit Server
Document.
5. Under “How should component indices be enabled?” choose one:
• Automatic — to allow the Server Health Monitor to select the
components to include in health reports, based on which server
tasks are running.
• Custom — to manually select the components to include in health
reports. Statistics for selected components are included in health
reports, whether the server task is running or not.
Monitoring
Server Health reports
Based on information gathered by the Domino Server Monitor, the Serve
Health Monitor issues Health reports. Health reports are stored in the
Health Monitoring database (DOMMON.NSF). There are two views of
Health reports, current and historical. Current reports are based on
information reported by the Domino server monitor. Historical reports
are an accumulation of past reports.
Each report includes the following information:
• Server Health information — Information about the server, including
the version of Domino and operating system. Displays the rating and
rating value, and lists the first time this rating appeared. Also shows
the last time the server was evaluated.
• Configuration Issues — Identifies any configuration issues that may be
preventing the Server Health Monitor from generating the most accurate
diagnoses possible. Failing to correct these configuration issues will
result in health reports that are less accurate and less detailed.
• Details Regarding Rating — This information backs up the
recommendations. Information can include details about the server’s
configuration or performance.
• Short Term Recommendations — These are things you can do
immediately to improve the server’s performance.
• Long Term Recommendations — These are suggestions for making
lasting improvements that will prevent a poor health rating in the
future.
Monitoring
You can do any of these:
• Use monitoring profiles to monitor server health
• View server health
• Define event generators and event handlers for health statistics
(Jump to topics)
• Excluding a server from monitoring by the Server Health Monitor
from being monitored or from generating health reports
• Create statistics profiles and chart health statistics
Monitoring
that the server is removed from the current monitoring view in the
Domino server monitor. However, the Server Health Monitor continues
to include that server in the health reports until you remove the server
permanently from DOMMON.NSF. You permanently exclude a server
from being included in health reports by removing its current report
documents and its configuration server component document. After you
exclude a server permanently, the Server Health Monitor no longer
generates reports.
Monitoring
plans to load a new server, decommission an old one, or balance
workloads across unevenly burdened servers
Activity Trends is part of the IBM Tivoli Analyzer for Lotus Domino, a
separate product offering from Tivoli Systems. The Activity Trends
Collector is a Domino server add-in task that records and reports
statistics about database activity on a server. Information is stored in the
Activity Trends database (ACTIVITY.NSF).
The IBM Tivoli Analyzer for Lotus Domino uses the collected data to
determine the load on the server. Then, using resource-balancing
functionality, the Analyzer applies trends analysis and statistics to
intelligent algorithms that can provide computer-aided load balancing on
a set of servers or simplify the server decommissioning process.
Integrated with the IBM Tivoli Analyzer for Lotus Domino, the Domino
Change Manager provides workflow capability that creates
resource-balancing plans and implements database moves, using the
Tivoli Analyzer tools and analysis. The Domino Change Control
database (DOMCHANGE.NSF) and Domino Change Manager are part
of the Domino server core functionality.
Activity Trends includes:
• Server profile definition — For easy access to a named group of
servers.
• Statistics profile creation — For easy access to a named group of
statistics.
Monitoring
Log Checkpoints for Check Yes and then specify the prime shift interval to
Prime Shift log checkpoints for the prime shift.
You must enable this field to enable Activity
Logging.
Prime Shift Interval Specify the start and end time of prime shift. Set the
interval on the hour.
5. Click the Activity Trends tab, and complete the following fields on
the Basics tab:
Field Action
Enable activity Click yes to run the Activity Trends Collector.
trends collector Activity Trends Collector uses the raw data from
activity logging and prepares it for use with Activity
Trends.
Activity trends Enter the name and path of the database where
collector database Activity Trends data is stored if you want to change
path this. The default is ACTIVITY.NSF.
Time of day to run Enter a time. The default is 3:23 AM. Schedule the
activity trends Activity Trends Collector to run after the Catalog
collector task runs. By default, the Catalog task runs at 1 AM.
Days of the week to Select the days for which you want to collect
collect observations observations. The default is Monday through Friday.
7. Click the Retention tab. Keep the “Use defaults” field enabled.
Documents are overwritten after the retention period expires. The
defaults are:
• Server history — 366 days
• Server observations —15 days
• Database observations — 10 days
• User observations — 10 days
• Connection observations — 10 days
• Inactive database trends — 10 days
• Inactive user trends — 28 days
• Inactive connection trends — 28 days
• Run log — 20 days
Monitoring
Trend statistics are based on data gathered during an observation period,
which is a 24-hour period from midnight to midnight. Each trend statistic
is a weighted running average, which is computed by adding data from a
new observation to the existing “trend,” or running average, with an
exponential weighting.
Consequently, the newest observations are weighted most heavily, and
older observations are weighted exponentially less and less in the new
computed trend. Keep in mind that increasing the cardinal interval
increases the number of recent observations that are heavily weighted,
and decreasing the cardinal interval decreases the number.
Proxy data
By default, the server from which you are running Activity Trends will
find the local Activity Trends database (ACTIVITY.NSF). However, you
may replicate Activity Trends databases that contain data you want to
access. You use proxy data to include the names of other Activity Trends
databases that contain trends data from other servers.
Monitoring
You can add or delete servers to an existing server profile. In Resource
Balancing, you can also add phantom servers. A phantom server does
not physically exist, but is factored in to the resource-balancing plan to
evaluate how adding servers might alleviate current load problems.
Monitoring
• Click Save As, and enter a new profile name.
• Click Save to update the existing profile.
To delete a statistic from a saved profile
1. From the Domino Administrator, click the Server - Performance tab,
expand the Activity Trends section, and select a view in the Latest
folder or Historical folder.
2. Under “Statistics profiles,” choose a profile.
3. Select the statistic you want to remove, and click the red minus sign.
4. Click the document icon, and do one:
• Click Save As, and enter a new profile name.
• Click Save to update the existing profile.
Server roles
The role you assign to a server affects the resource-balancing results.
• Source Only — These servers cannot have any databases moved to
them.
• Destination Only — These servers cannot have any databases
removed from them. A phantom server is a Destination Only server
and cannot be changed.
• Any — These servers can have databases moved to or from them.
Monitoring
Use the Server Profile Options dialog box to specify which databases and
servers will be searched for activity data, and whether to use cached
data. Because Activity Trends data changes only on a daily basis, caching
data is highly recommended to increase system performance by avoiding
a read across a potentially slow network. The first time a server’s data is
read, the data is cached and remains available. For example, if you read
and then delete a server’s activity data and later add the same server, the
in-memory data is used.
You can open the Server Profile Options dialog box from the Activity
Trends menu or by clicking the Server Profile Options button:
To specify locations
1. From the Domino Administrator, click the Server - Performance tab.
2. Select the Activity Trends - Resource Balancing view.
3. Choose Resource Balancing - Options to open the Server Profile
Options dialog box.
4. Click General.
5. Under Activity Data Search Order, choose one or both:
• Search Local Activity Databases — To search the Activity
databases (ACTIVITY.NSF) on each server on which Activity
Trends is enabled.
Monitoring
• Show actual values on Y-axis when displaying non-normalized data
• Show chart using 3D effect
6. Under Latest Activity Display Options, do the following to set the
appearance of for the Activity Trends - Latest folder views:
a. For the field “Maximum X-axis items that can be displayed”
enter the number of items that can be shown in the horizontal
position on the chart. The default is 1000.
b. Check Yes to enable these display options. The default is
unchecked:
Show database titles on X-axis
Show actual values on Y-axis when displaying single data type
(such as bytes, transactions, milliseconds)
Show chart using 3D effect
7. Under Historical Activity Display Options, check Yes to enable these
options for the Activity Trends - Historical folder views. The default
is unchecked.
• Show actual values on Y-axis
• Show chart using 3D effect
8. Choose one of the following to set Charting defaults:
• Use Defaults — To revert to previously saved custom defaults.
• Save as Defaults — To save a custom set of defaults and override
the system defaults.
• Reset Defaults — To revert to the system defaults.
Monitoring
Notes The database write count, as recorded by the database
DocumentsWritten activity data.
Notes Transactions The number of transactions, as recorded by the user
session data.
Replica BytesRead The number of bytes read, as recorded by the
Replicator task.
Replica BytesWritten The number of bytes written, as recorded by the
Replicator task.
Users The count of unique users, as recorded by the user
session data.
For more information on defining prime shift hours, see the topic
“Setting up Activity Trends” earlier in this chapter.
6. Click Secondary Goal, and repeat Step 5 to specify the values for the
secondary goal. Goals that were selected as Primary goals will not
appear in the list of available statistics for secondary goals.
7. (Optional for secondary goal only) Enable “Other options” if any
tolerance value is acceptable as a solution for resource balancing.
8. Choose one of the following to set defaults for goals. You can set
these defaults on either the Primary or Secondary Goal tab.
• Use Defaults — To revert to previously saved custom defaults.
• Save as Defaults — To save a custom set of defaults and override
the system defaults.
• Reset Defaults — To revert to the system defaults.
Monitoring
each cluster and one for nonclustered servers, or you can pin databases
that you want to exclude from resource balancing.
You can open the Server Profile Options dialog box from the Resource
Balancing menu, or by clicking the Server Profile Options button:
Monitoring
organization uses their databases and the type of server being balanced
(mail server versus application server). For mail servers in most
organizations you may want to increase the size of the light bin and
decrease the size of your heavy bin, while for application servers the mix
may be different.
For more information about charting bin activity and how the values are
calculated, see the topic “Understanding current and projected profile
charts,” later in this chapter.
You also specify how Activity Trends analyzes the server resource
capacities. By default, server capacities are determined relative to other
servers in the list. For example a server that has a capacity of x1
transactions has half the transactional capability (CPU) of a server at x2.
You could, however balance resources based on actual values (such as
the number of transactions per day, or the total amount of disk space
available). Using the example above, you would specify the servers as
having a capacity of 10,000 and 20,000 transactions. However, if you
choose to balance resources based on actual values, you have to know
that the servers involved can actually handle the capacities specified.
Another way in which you indicate server resource capabilities, is to
specify how the server volume is determined. You can either use server
volume and file system information when resource balancing, or ignore
volume information and treat all space as flat. The default is to use the
volume information, which uses the different physical volumes and their
sizes that comprise the space available to Domino, rather than just the
total amount of space on the server. Volume balancing is recommended.
Monitoring
than 7 days, you receive a warning that the resulting plan will be
based on old data.
10. Choose one of the following options to set Resource Balancing
behavior defaults:
• Use Defaults — To revert to previously saved custom defaults.
• Save as Defaults — To save a custom set of defaults and override
the system defaults.
• Reset Defaults — To revert to the system defaults.
To create a proposal
1. From the Domino Administrator, click the Server - Performance tab.
2. Under Activity Trends, click Resource Balancing.
3. Choose a server profile.
4. Click the “Available Databases” tab to display the list of databases
that can be moved.
5. (Optional) To change the databases that are available for moving,
select a database and click Pin or Unpin.
6. Make sure that each server in the top frame has an arrow next to its
name. If there is a red (x) instead of an arrow, the server is not
reporting its trended data. You must remove the server or make it a
phantom server; otherwise, the Analyze button will be disabled and
you will not be able to create a proposal.
7. Check the server properties to make sure that the capacity of each
server is weighted correctly.
Monitoring
the following information about the servers for which you want to
balance resources:
• Available Databases — Lists the databases that are not pinned in the
Master Pin List and are, therefore, available to be moved
• Recommended Plan — Shows the new source and proposed
destination for the databases
• Current Profile — Shows how the servers are currently balanced
• Projected Profile — Shows how the servers will be balanced after the
plan is carried out
Evaluate the changes that are proposed during resource balancing. If you
are not satisfied with the proposed changes, change the mix of servers or
databases or adjust the specified tolerance level in the Server Profile
Options dialog box. If you are happy with the proposal, then you are
ready to submit the plan to the Domino Change Manager.
Monitoring
The higher the accuracy of resource balancing, the more evenly activity is
distributed.
Example
The following chart shows database transactions on each server. The
overall height of the bar represents the sum (total) of the database
transactions. The three bins represent the light, medium, and heavy
modal distribution of the database metric — in this case, transaction. In
this example, heavy is the first 30% of databases; middle is the next 40%;
and light is the top 30%, all adding up to 100%.
100
90
Light activity
80
70
60
50 Medium activity
40
30
20
Heavy activity
10
0
0.4
0.3
0.2
0.1
0
Sales1
Monitoring
the latter group will be the same on every server, with the possible
exception of unread marks.
Use these guidelines to decommission a server:
1. Edit the server properties and do the following:
• Set the server as “source only” to prevent Activity Trends from
moving any databases to it.
• Set the server capacity to 0% for the unit you are using as the
primary balancing goal.
2. Use the default pin list so that Activity Trends relocates all databases
other than the system databases and the databases installed on every
server. You can also use an empty pin list since system databases are
always pinned.
Monitoring
is useful especially when decommissioning a server.
To filter servers
1. From the Domino Administrator, click the Server - Performance tab
and open the Resource Balancing view.
2. Click the Filter button on the Available Databases tab.
3. In the Servers field choose one:
• All Servers
• Selected Servers
4. Check or uncheck one or more:
• Hide System Databases (default is checked)
• Hide Master Pin Databases (default is checked)
• Hide Databases appearing in Plan (default is unchecked)
Monitoring
• Restore
Tip To display full help text for this task, append -? or -help to the
command.
Monitoring
numbers considerably. You typically want to increase the number of
concurrent demands to change the total number of demands (across all
executing plans) that can run simultaneously. This is the key variable
that will affect performance. As a general guideline:
• Increase the number of concurrent messages when you have many
people drafting, preparing, and submitting many plans. If you have
only a few plans, this is not necessary.
• Increase the number of concurrent plans when you want many plans
to execute at the same time.
You set these options in the Configuration Settings document for the
domain. This Configuration Settings document applies the settings as the
default settings for all servers and uses the * [All Servers] as the group or
server name.
Option Action
quit Stops the Change Manager and all plug-ins.
stop Stops the Change Manager and all plug-ins. Same as Quit.
exit Stops the Change Manager and all plug-ins. Same as Quit.
help Refers you to documentation.
? Refers you to documentation. Same as Help.
restart Stops and then restarts the Change Manager and all plug-in
subsystems.
start plug-in Starts the plug-in. Currently, Control, Monitor, and
RoboAdmin are the defined plug-ins.
stop plug-in Stops the plug-in. Currently, Control, Monitor, and
RoboAdmin are the defined plug-ins.
Note Alternatively, you can also use the forms plug-in stop,
plug-in quit and plug-in kill.
continued
Monitoring
have standard Domino ACL roles, such as Author or Reader. The roles
specific to resource balancing are: Change Admin, System Admin, Plan
Creator, and Plan Reader.
Change Admin
A Change Administrator has the authority to change the settings in any
plan or plan element, such as a constraint or variable. In addition, a
Change Administrator can alter and add some elements used to create a
plan. Specifically, a Change Administrator can edit, create, and delete
constraints and constraint sets, approval profiles, keywords, and resources.
A Change Administrator must commit a plan to be executed. All plans
(including move requests created in the Administration Process
database) execute with the authority of the Change Administrator who
committed the plan. For that reason, the Change Administrator must also
have Create Replica access on each destination server. A Change
Administrator automatically has the Plan Reader role.
System Admin
The System Admin role is distinct from the Change Admin role, which
does not automatically include the role of System Admin. Each of these
roles is independent but not mutually exclusive in terms of the access that
the role grants. As with a Change Administrator, a System Administrator
can edit, create, and delete keywords, resources, interfaces, functions,
domain configurations, and plug-Ins. Because users with the System
Admin role can make powerful and potentially catastrophic changes,
assign the role only to users or groups of users who have an in-depth
understanding the Domino Change Manager. In addition, all control
Plan Creator
This role designates users and groups of users who can create plans.
Plan Reader
This role allows users and groups of users to read all plans. By default a
Change Administrator can read all plans and does not explicitly need
this role. Authors and Requesters of plans do not need this role to read
their own plans.
Monitoring
the Change Admin role to these fields:
• Create databases & templates
• Create new replicas
5. Save and close the document.
Note When load balancing, you don’t have to approve the deletion of
the mail database on the source server. This is handled by the Domino
Change Manager.
Resource-balancing plans
The purpose of a resource-balancing plan is to move databases according
to the set of criteria defined in the Server Profile Options. The plan is
based on the analysis and proposal created during data exploration in
Activity Trends. When a plan is first submitted to the Domino Change
Manager, the plan has draft status. By default, the person who submits
the plan to the Domino Change Manager is the author and has the Plan
Creator role.
After the plan is submitted, it follows a prescribed course of submissions
and approvals until the final plan is activated and then completed. The
flowchart below shows the progression of a resource balancing plan from
its original draft state through its completed, archived state.
Prepared
Redraft Commit
Redraft
Reject
Committed Rejected
Approve
Cancel
Cancelled Approved
Activate Retry
Fail
Activated Failed
Hold Complete
Release
On Hold Completed
Archive Archive
Archive
Archived
(Pseudo-state)
Monitoring
databases that include more than 25 moves, it groups them into sets of 25
moves or more, called demand sets. A demand set can involve any
grouping of commands to be executed.
In the Domino Change Manager, these demand sets are titled “database
move sequences.” Each database move sequence has a maximum of 25
moves. The contents of each move sequence is generated automatically.
You can see these database move sets when you submit a
resource-balancing plan to the Domino Change Manager. You can
restructure the contents by cutting and pasting the demands from one
demand set into another or by creating additional demand sets and new
demands. (To cut and paste, select a demand and use the Edit menu.)
The Domino Administrator creates as many of these demand sets as
needed to accomplish a move. For example, the Acme Move Plan
includes 55 database moves, so the Domino Change Manager creates
three database move sequences — two that include 25 moves, and one
that includes 5 moves.
You can determine whether the database moves and database move
sequences are executed sequentially or concurrently or any combination
of the two. By default, all are moved concurrently. Using the Acme Move
Plan example, the Domino Change Manager attempts to perform all
three database move sequences at the same time. Within each database
move sequence, the Domino Change Manager attempts to move all
databases at the same time.
Monitoring
whether to move the demand sets one at a time or all at the same time.
Each plan can have an associated approval profile that lists the names of
persons or groups who must approve the plan document. If there is no
approval profile, you can list the names of approvers in the plan
document. If you assign a group as an approver, any one of the group
members can approve the plan.
For more information on creating an approval profile, see the topic
“Creating a resource balancing plan approval profile” later in this
chapter. For more information about demand sets, see the topic
“Understanding demand set moves” later in this chapter.
The Resource Balancing plan document is a dynamic document that
provides the current status of the plan and keeps a history of plan
modifications, including the author and date of each modification.
Whether you make any changes to the plan document, it must be moved
to its next state, which is the prepared state. In its draft state the plan can
be edited by its author.
9. Click the Notifications tab. This tab lists, by role, those who will be
notified at each stage of the plan. Add or remove the selection of any
role as needed. Check Others, and then select from the list to add
users to the notification list.
Monitoring
13. Click Change Control to promote this plan from draft state to
prepared state, and then click OK.
7. Click OK.
Monitoring
• Variables — Assign a common name that has a referenced value.
• Notification messages — Create custom notification messages that
are sent whenever the plan status changes.
Monitoring
For example, you can define a plan variable called ExecutionTime. Then
you can specify the value (in time) that you want a plan to be executed.
You define a variable at a higher level (usually within a plan) and then
reference it within a demand. When the value of a variable changes, all
demands and plans that reference that variable automatically use the
new value.
If you have the Change Administrator role, you can add, delete, or
modify local variables that are referenced by function arguments and
other variables.
To edit a variable
1. You must have the role Change Admin role.
2. From the Domino Administrator, click the Server - Analysis tab.
3. Open the Domino Change Control view, and then select the Plans -
by Status view.
4. Open a plan in edit mode, and then select Variables tab.
5. Click Edit.
6. In the Edit Variables dialog box, select a variable from the list, and
then click edit.
This chapter explains how to set up and use database transaction logging
and how to take advantage of fault-recovery strategies.
Transaction logging
Domino supports transaction logging for servers that run Domino 5 and
later, and for databases that are in a Domino 5 or later on-disk structure.
Transaction logging captures all the changes made to a database and
Monitoring
writes them to a transaction log. The logged transactions are then written
to disk in a batch, either when resources are available or when
scheduled.
A transaction is a related series of changes made to a database on a
server. For example, opening a new document, adding text, and saving
the document is one transaction. In this case, the transaction consists of
three separate implicit API calls: NotesOpen, NoteUpdate, and
NoteClose.
A transaction log is a record of changes made to Notes databases. The
transaction log consists of log extents and the log control file
(NLOGCTRL.LFH). A log extent is one of the log files into which the
transaction logs are written. It has the form Sxxxxxxx.TXN, where x
character represents a seven-digit number that is unique to that server.
Domino fills each extent sequentially before writing data to a new one.
The records are secured using a proprietary byte-stream format. Each
server has only one transaction log that captures all the changes to
databases that are enabled for transaction logging.
Use transaction logging to:
• Schedule regular backups. Backups based on transaction logs are
faster and easier than full database backups that do not use
transaction logging.
• Recover from a media failure. If you have a media failure, you can
restore the most recent full backup from tape, then use the
transaction logs to add the data that was not written to disk.
55-1
• Recover from a system crash. When the server restarts, it runs
through the end of the transaction logs and recovers any writes that
were not made to disk at the time of the crash. Logged databases do
not require a consistency check.
• Log the database views. You can avoid most view rebuilds.
To use all the features of transaction logging for backups and backup
recovery, you need a third-party backup utility that uses the backup and
recovery methods of the Domino C API Toolkit (Release 5 or later). For
example, in the case of a media recovery, a database backup is taken with
the third-party utility, while logging keeps track of updates to the database.
When the database is then lost, the backup is brought up to current state by
going through the transaction log and applying any updates which have
happened to that databases since the database backup was taken.
Note that restart recovery does not require a third-party utility. In this
case, logging goes on while updates are happening. When the server
crashes then restarts, any updates which would have otherwise been lost
are written to the database. This significantly reduces lost data and
database corruption because of server crashes, and reduces overall
restart time since the consistency check of databases is not required.
Monitoring
A few days later, there’s a media failure. The administrator restores the
corrupted databases from the most recent weekly backup and replays the
changes.
The employees who use the databases do not notice any difference in
how they do their work. They might notice, however, that servers are up
and running more often and that there is less down time.
Monitoring
and then click Edit Server.
4. Click the Transactional Logging tab, complete these fields, and then
save the document:
Field Action
Transactional Choose one:
Logging* • Enabled — To start transaction logging
• Disabled (default) — To not use transaction
logging
Log path* Enter the path name location of the transaction log.
For best results, use a separate mirrored device, such
as a RAID (Redundant Array of Independent Disks)
level 0 or 1 device with a dedicated controller. This
provides better performance and data integrity than
using the default path (\LOGDIR) in the Domino
data directory.
Note If the device is used solely for storing the
transaction log, set the “Use all available space on
log device” field to Yes.
Use all available For circular and linear logging only. Choose one:
space on log device • Yes — To use all available space on the device for
the transaction log. Choose Yes if you use a
separate device dedicated to storing the log.
• No — To use the default or specified value in the
“Maximum log space” field.
continued
* If you change this field, you must restart the server so that the change
Monitoring
takes effect.
** If you change this field, Domino assigns a new DBIID to each database.
You must restart the server and perform another full backup.
Monitoring
Transaction logging is an integral part of recovering from system and
media failures. Using transaction logging provides insurance against
system failure, but creating regular backups is essential so that you can
recover data after a failure.
Fault recovery
You can set up fault recovery to automatically handle server crashes.
When the server crashes, it shuts itself down and then restarts
automatically, without any administrator intervention. A fatal error such
as an operating system exception or an internal panic terminates each
Domino process and releases all associated resources. The startup script
detects the situation and restarts the server. If you are using multiple
server partitions and a failure occurs in a single partition, only that
partition is terminated and restarted.
Domino records crash information in the data directory. When the server
restarts, Domino checks to see if it is restarting after a crash. If it is, an
e-mail is sent automatically to the person or group in the “Mail Crash
Notification to” field. The e-mail contains the time of the crash, the server
name, and, if available, the FAULT_RECOVERY.ATT file, which
includes additional failure information from an optional cleanup script,
will be attached.
The fault-recovery system is initialized before the Domino Directory can
be read. During this initialization, fault-recovery settings are read from
the NOTES.INI file, and then later read from the Domino Directory and
saved back to the NOTES.INI file. Any changes to the Domino Directory
or the NOTES.INI file become effective when the Domino server is
restarted. To disable the reading of the Domino Directory, and
subsequent update to the NOTES.INI file, use the NOTES.INI setting
FaultRecoveryFromIni=1.
Monitoring
Field Action
Cleanup Script Enter the entire script name, including any extensions.
Name Note Directory separators (slashes) in the file name
portion are converted for the operating system, but
slashes in optional arguments are not converted.
Cleanup Script Enter the number of seconds for the cleanup script to
Maximum run. Default is 300 seconds (5 minutes). Maximum is
Execution Time 1800 seconds.
Maximum Crash Enter the number of restarts allowed during a specified
Limits time limit — for example, 3 crashes within 5 minutes. If
the number of crashes exceeds the time limit, the server
exits without restarting.
Mail Crash Enter a user or group name. When the server restarts,
Notification to Domino checks if it is restarting after a crash and sends
e-mail to the person or group.
This chapter describes how to use the Domino server log (LOG.NSF) and
the Domino Web server log (DOMLOG.NSF) to collect information about
the Domino system.
Monitoring
for the first time. You can do the following:
• Control the size of the log file
• Record additional information in the log file
• View the log file
• Search the log file
56-1
For more information on NOTES.INI settings, see the appendix
“NOTES.INI File.” For more information on setting additional logging
levels, see the topic “Recording additional information in the log file,”
later in this chapter.
Setting Description
Log Specifies the contents of the log file and controls
other logging actions.
Log_AgentManager Specifies whether or not the start of agent execution
is recorded in the log file and shown on the server
console.
Log_Console Enforces logging of server console command
output, which can otherwise be prevented if the
command is prefixed with an exclamation point (!).
Log_DirCat Logs information about the Directory Catalog task
to the Miscellaneous Events view of the log file
(LOG.NSF).
Log_Replication Specifies the level of logging of replication events
performed by the current server.
Log_Sessions Specifies whether individual sessions are recorded
in the log file and displayed on the console.
Log_Tasks Specifies whether the current status of server tasks
is recorded in the log file and displayed on the
console.
Log_Update Specifies the level of detail of Indexer events
displayed at the server console and in the log file.
Log_View_Events Specifies whether messages generated when views
are rebuilt are recorded in the log file.
Mail_Log_To_MiscEvents Determines whether all mail event messages are
displayed in the Miscellaneous Events view of the
log file.
Monitoring
Web Navigator The “Retriever log level” field on the Server Tasks
- Web Retriever tab of the Server document.
Web server Additional information regarding the Web server
is logged in the Domino Web server log
(DOMLOG.NSF).
For more information on the Domino Web server log, see the topic
“Viewing the Domino Web server log (DOMLOG.NSF)” later in this
chapter.
Monitoring
Administrator. However, if you are troubleshooting a problem, searching
through all of the information can be time consuming. Using the Log
Analysis tool, you can search the log file for specific events, event
severities, or for specific words, and you can specify the dates you want
to search. For example, if you are troubleshooting a mail routing
problem, you can search for routing events with an event severity of
warning or failure, that occurred during the time you were experiencing
difficulties.
Some advanced queries can be made on Domino 6 servers only, and then
only if the Event task is running on them.
When you perform a log analysis, the search results display
automatically and are also saved in the Search Results view of the log file
(LOG.NSF). They include the following types of information:
• Status of the event, displayed as an icon
• Type of event
• Severity of the event
• Time the event occurred
• A description of the event
To search the log file
1. From the Domino Administrator, click the Server - Analysis tab.
2. Click Analyze, and then click Log.
3. In the Log Analysis dialog box, create a search query by specifying
the search criteria.
4. When you click OK, the Log Analysis Results are displayed and a
copy of the results is stored in the Search Results view of the log file.
Tip Search strings can be any length containing any type of character
and the search is not case sensitive.
Monitoring
you want to view.
4. Use File - Open or double-click to open the search results document.
Tip You can also view the search results from the Server - Analysis tab
using the tool Analyze - View Search Results, which gives you additional
sorting abilities when viewing the results.
Monitoring
want to exclude that type of information from the log. Domino creates
the Web server log database when the HTTP task starts after you enable
logging to DOMLOG.NSF.
To enable logging to the Domino Web server log
1. From the Domino Administrator, click the Configuration tab.
2. Open the Server document for the Web server.
3. Click the Internet Protocols - HTTP tab.
4. Under “Enable Logging To,” choose Enabled in the DOMLOG.NSF
field.
5. (Optional) Under “Exclude From Logging,” complete these fields to
exclude certain types of information from the log file:
Field Enter
URLs URL paths to exclude — for example, *.gif or /anydir/*
Methods HTTP methods — for example POST or DELETE
MIME types MIME types to exclude — for example, image (for all
images) or image/gif (for .gif images)
User agents Strings that are part of user agent (browser) strings to
exclude requests from a particular user agent.
• To exclude Microsoft Internet Explorer, enter MSIE*
• To exclude Netscape:
For version 4.7, enter Mozilla/4.7
For version 4.6, enter Mozilla/4.6
continued
6. Save the document and then restart the HTTP task so that the
changes take effect.
Monitoring
3. Remote user if available
4. Request time stamp
5. Http request line
6. Http response status code
7. Request content length if available, otherwise shows “-”
8. Referring URL if available, otherwise shows “-”
9. User agent if available, otherwise shows “-”
10. Amount of time, in milliseconds, to process the request
11. Value of the cookie header
12. Translated URL, (the full path of the actual server resource, if
available)
Agent User agent if available, otherwise shows “-”
Referer URL the user visited to gain access to a page on this site
Monitoring
• Monthly — To create a new log file each month,
starting at midnight on the first day of the month.
Monthly log files use the file naming convention:
file name prefix—MMYYYY.log
Example: The access log file for May 2001 is
access-log—052001.log.
• Never — To create log files of unlimited duration.
The file naming convention is:
file name prefix.log
Example: The CGI error log file is cgi-error-log.log.
Maximum log The maximum length allowed for an individual entry in
entry length the access log file. If the entry exceeds this length it is
not written to the file. The default is 10 kilobytes.
Maximum size of The maximum size allowed for the access log file. If this
access log limit is reached no more entries are written to the file. A
value of zero (the default) indicates that the size is
unlimited.
This chapter describes how to set up and use the Lotus Domino 6 activity
logging feature.
Activity logging
You use activity logging to collect information about the activity in your
enterprise. You can use this information to charge users for the amount
they use your system, monitor usage, conduct resource planning, and
determine if clustering would improve the efficiency of your system.
Monitoring
Domino writes the activity logging information in the Domino log file
(LOG.NSF). To create activity logging reports, you write a Notes API
program to access the information in the log file. You can also view the
activity logging information by using Activity Analysis.
In a hosted environment, enable activity logging on all of your ASP
servers, that is, the servers used to house and maintain your hosted
organizations.
57-1
You use the Domino Administrator to specify which types of activity to
log. This table describes the types of activity you can log.
Checkpoint records
For types of activity that could require long sessions to complete,
Domino generates an Open or Authorization record when a session
begins. This record indicates that a session is open and shows the time at
which the session began. During the session, Domino generates
Checkpoint records, which log all activity that has occurred so far during
the session. Checkpoint records ensure that activity is logged even if a
server stops functioning before a session ends. When a session ends,
Domino generates a Close record, which consolidates all the activity for
the entire session.
Monitoring
factors: the need to record information, the need to preserve storage
space, and the need for quick performance. The longer you make the
checkpoint interval, the more activity data that could be lost if the server
crashes before Domino writes the Checkpoint records. The shorter you
make the checkpoint interval, the more Checkpoint records that could be
created, requiring more storage space. In addition, if you set a short
checkpoint interval, system performance could be affected if there is a lot
of activity.
Note For types of activity that generate multiple activity logging
records, the record type is indicated in the EventType field in the record.
Monitoring
Compare Organization name, user name, server name, client IP address, the
distinguished name of the object that was compared, the attribute
and value portions of the attribute value assertion, names of the
directories searched, the number of bytes sent to the server in the
query, the LDAP result code, and any error messages returned to
the client
Delete Organization name, user name, server name, client IP address, the
distinguished name of the object that was deleted, names of
directories from which the object was deleted, the number of
entries deleted, the number of bytes sent to the server, the LDAP
result code, and any error messages returned to the client
Extended Organization name, user name, server name, client IP address, the
name of the extended command, the LDAP result code, and any
error messages returned to the client
Modify Organization name, user name, server name, client IP address, the
distinguished name of the entry to be modified, the operations to
be performed on the entry (add, delete, replace), the attributes that
are modified and their new values, the names of the directories in
which the entry was modified, the number of entries modified, the
number of bytes sent to the server, the LDAP result code, and any
error messages returned to the client
ModifyDN Organization name, user name, server name, client IP address, the
directory entry that is modified, the new Relative Distinguished Name
(RDN), whether the old RDN was deleted, the new parent entry, the
names of the directories in which the entry was modified, the number
of entries modified, the number of bytes sent to the server, the LDAP
result code, and any error messages returned to the client
continued
You can customize the LDAP service configuration to limit the amount of
data collected in the Values fields in Add and Modify records.
For each mail message, at least two types of records are logged — a
Deposit record and at least one of the other types of records, depending
on the disposition of the attempted delivery.
Monitoring
• Open records, which log when a session begins
• Checkpoint records, which log activity that occurs when a session
has been open for a specified length of time
• Close records, which consolidate all session information into a single
record when a session ends
This table contains a few examples of the types of activities that generate
each type of session record.
Monitoring
CloseEnd records log the total activity in a database during a Notes
session. Each time a user opens and closes a database during a session,
Domino creates separate database Open and Close records. When the
user closes the Notes session, Domino generates a CloseEnd record for
each database that was open during the session. The CloseEnd record
consolidates the total activity in the database during the entire Notes
session. Therefore, if you open and close a database several times during
a Notes session, Domino generates multiple Open and Close records for
that database, but only one CloseEnd record.
Monitoring
Notes Database Checkpoint
3. User sends message Mail Deposit plus the following: Sending server
to MAIL.BOX If the message contains an
attachment:
Notes Database Open
Notes Database Close
If the message does not contain an
attachment:
Notes Database MailDeposit
4. User saves message The following are possible: Sending server
Notes Session Checkpoint
Notes Database Checkpoint
5. The Router picks up Mail Transfer Sending server
the message from
MAIL.BOX
6. The Router deposits Mail Deposit plus the following: Receiving
the message in the If the message contains an server
destination server’s attachment:
MAIL.BOX Notes Database Open
Notes Database Close
If the message does not contain an
attachment:
Notes Database MailDeposit
continued
Monitoring
Yes, and then click the LDAP tab on the document that is created.
• If you do not see this message, click “Edit LDAP Settings.”
5. In the field “Activity Logging truncation size,” type a value (in
bytes).
6. Click Save & Close.
View Description
Agent For agent activity, shows the user, date, database, agent name,
and run time
All Shows the activity type and timestamp of all activity logging
records
HTTP For HTTP activity, shows the target server, user name, date,
HTTP request, time of the request, and the length of the content
IMAP For IMAP activity, shows the organization name, server name,
user name, timestamp, bytes sent and received, and the duration
continued
Monitoring
earlier than Lotus Domino 6.
Database maintenance
To keep a specific database in good working order, perform these tasks
regularly.
Task Frequency
Monitor replication, if a database Daily
replicates
Monitoring
Check for and consolidate replication or Daily, for large active databases;
save conflicts weekly for other databases
Monitor database activity Weekly
Monitor database size Weekly
Task Frequency
Run the Updall task to update all views Daily. Occurs by default daily at 2
and full-text indexes AM.
Run the Designer task to keep databases Daily. Occurs by default daily at 1
that inherit design from master templates AM.
in sync with the master templates
Run the Compact task Weekly or monthly with the -B
argument and in conjunction with a
certified backup utility.
Monitor the database cache Occasionally
For information on running the Updall and Designer tasks, see the topic
“Synchronizing databases with master templates, ” later in this chapter.
For information on running the Compact task and monitoring the database
cache, see the chapter “Improving Database Performance.”
58-1
The Files tab in the Domino Administrator
The Files tab in the Domino Administrator provides an easy way for you
to manage files in the Domino data folder. From the Files tab, you can:
• View file information
• Manage databases — for example, compact databases and manage ACLs
• Manage folders and links
• Display disk space information
To customize the Files tab, you can:
• Choose the types of files you see
• Choose the folder contents you see
• Customize the column display
Monitoring
1. From the Domino Administrator, click the Files tab.
2. Use the left pane in the Files tab to select a folder. By default, you see
only files in the selected folder. To see all the files in the Domino data
folder, click the files icon.
The Files tab can display files only in the data folder and in any folders
within the data folder.
Monitoring
Managing folders and links with the Files tab
Use the Folder tool in the Files tab to manage folders, and folder and
database links from the Domino Administrator.
1. From the Domino Administrator, click the Files tab.
2. Select a folder location in the left pane.
3. In the Tools pane on the right, select Folder and choose one of the
following options:
• New
• New Link
• Update Link
• Delete
For more information, see the chapter “Organizing Databases on a
Server.”
Method Description
Replication history Records each successful replication session for a
database. Useful for determining at a glance if a
replication is occurring.
Replication Events Shows details about replication events between servers.
view of the log file Useful for determining the cause of replication failure
(LOG.NSF) and for verifying that the expected number of
replication updates occurred.
Replication monitor Notifies you when replication of a database hasn’t
occurred within a specified time period. A server
administrator creates replication monitors as a part of
configuring the Event Monitor task.
Database Analysis Lets you collect replication history, replication events
tool from the log file, and other information specific to a
database into a results database that you can analyze.
Monitoring
Domino scans all documents in the database.
Within a server cluster, the Cluster Replicator stores replication history
information in memory and updates the replication history about once an
hour.
For information on viewing cluster replication data, see the book
Administering Domino Clusters. For more information on the “Only
replicate incoming documents saved or modified after” setting, see the
chapter “Creating Replicas and Scheduling Replication.”
Save conflicts
Monitoring
A save conflict occurs when two or more users open and edit the same
document at the same time on the same server, even if they’re editing
different fields. When this situation occurs, the first document saved
becomes the main document. Before the second document is saved, a
dialog box indicates that the user is about to save a conflict document
and if the user saves the document, it becomes a Replication or Save
Conflict document.
Note ACL and design changes never result in replication or save
conflicts; the most recent change always prevails.
Monitoring
Track database activity with activity logging.
If a database or view is inactive, consider deleting the database or view
to free disk space on the server.
Monitoring
Enable activity recording in a single database’s User Activity dialog
box
Even if the server administrator uses the No_Force_Activity_Logging
setting in the NOTES.INI file to disable automatic activity recording in
databases, you can enable recording for a single database.
1. Make sure that you have Designer or Manager access in the database
ACL.
2. Open the database and choose File - Database - Properties.
3. Click the i tab, and then click User Detail.
4. Select Record Activity to enable activity recording.
5. (Optional) Select “Activity is Confidential” to allow only users with
at least Designer access in the database ACL to view the activity.
6. Click OK.
Update
Update is loaded at server startup by default and runs continually,
checking its work queue for views and folders that require updating.
When a view or folder change is recorded in the queue, Update waits
approximately 15 minutes before updating all view indexes in the
database so that the update can include any other database changes
made during the 15-minute period. After updating view indexes in a
database, it then updates all databases that have full-text search indexes
set for immediate or hourly updates.
When Update encounters a corrupted view index or full-text index, it
rebuilds the view index or full-text index in an attempt to correct the
problem. This means it deletes the view index or full-text index and
rebuilds it.
To improve view-indexing performance, you can run multiple Update
tasks if your server has adequate CPU power.
Updall
Updall is similar to Update, but it doesn’t run continually or work from a
queue; instead you run Updall as needed. You can specify options when
you run Updall, but without them Updall updates any view indexes or
full-text search indexes on the server that need updating. To save disk
space, Updall also purges deletion stubs from databases and discards
view indexes for views that have been unused for 45 days, unless the
database designer has specified different criteria for discarding view
indexes. Use the NOTES.INI setting Default_Index_Lifetime_Days to
change when Updall discards unused view indexes.
Like Update, Updall rebuilds all corrupted view indexes and full-text
Monitoring
search indexes that it encounters.
By default Updall is included in the NOTES.INI setting ServerTasksAt2,
so it runs daily at 2 AM. Running Updall daily helps save disk space by
purging deletion stubs and discarding unused view indexes. It also
ensures that all full-text search indexes that are set for daily updates are
updated.
The following table compares the characteristics of Update and Updall.
For Updall, the table describes default characteristics. For information on
options you can use to modify some of these characteristics, see the topic
“Updall options” later in this chapter.
Updall options
You can use any of these methods to run Updall on a server:
• Task - Start tool in the Domino Administrator — Use this method if
you don’t want to use command-line options.
• Load Updall console command — Use this method if you’re
comfortable using command-line options or if you want to run
Updall directly at the server console when there is no Domino
Administrator running on the server machine.
• Program document that runs Updall — Use this method to schedule
Updall to run at particular times.
• Run Updall on a Win32 platform — Use this method if you are
unable to run Updall at the server console. This method requires that
you use the “n” prefix — for example, nupdall - R.
When you use these methods, you can include options that control what
Updall updates. For example, you can update all views and not update
any full-text search indexes.
The following tables describe the options you can use with Updall. The
first column describes the option names as they appear in the Task - Start
tool. The second column lists the equivalent command-line options that
you use when you use a console command to run Updall and when you
schedule Updall to run in a Program document.
For example:
Load updall SALES.NSF -F
For information on Updall behavior when you don’t specify options, see
the topic “Indexer tasks: Update and Updall,” earlier in this chapter.
Monitoring
database or databasepath, see enter the file name, for example,
folder the topic “Using SALES.NSF. To update databases in a
a console folder within the data folder, specify
command,” later the database path relative to the data
in this chapter. folder, for example,
DOC\README.NSF.
“Index all databases” (or no database
path) updates all databases on the
server.
Update this view database -T Updates a specific view in a database.
only viewtitle Use, for example, with -R to solve
corruption problems.
Monitoring
1. From the Domino Administrator, select the server on which to run
Updall.
2. Click the Server - Status tab.
3. Click Console.
4. Enter the following command in one of the following ways: 1) In the
command line at the bottom of the console, and then press ENTER,
or 2) Directly at the console on a server:
Load updall databasepath options
The following table illustrates how you can use databasepath to specify
databases, folders, and subfolders.
Monitoring
SHIFT+ F9 Rebuilds the current To fix problems with a view
view
CTRL+SHIFT+ Rebuilds all views in a To rebuild or update all views if you
F9 database that are not are unable to run the Updall task.
built; updates all other You must wait until the process is
views complete, so use Updall instead if
possible.
You can add the following setting to the NOTES.INI file to disable
optimized view rebuilding. However, do this only as a last resort if
Monitoring
you’ve specified a view rebuild folder and you still see the preceding
message for many views. If you see the message for just a few views,
don’t disable view rebuilding.
Disable_View_Rebuild_Opt=1
Monitoring
SALES SALES is a directory load design -d SALES
DEV and load design -d DEV
DEV\USER1.NSF DEV is a directory load design -f
DEV\USER1.NSF
Using Fixup
When you restart a server, the server quickly searches for any unlogged
databases that were modified but improperly closed because of a server
failure, power failure, hardware failure, and so on. A few minutes after
server startup is complete, the Fixup task then runs on these databases to
attempt to fix any inconsistencies that resulted from partially written
operations caused by a failure. When users attempt to access one of these
databases and Fixup hasn’t yet run on the database, the users see the
message “This database cannot be opened because a consistency check of
it is in progress.” A similar Fixup process occurs when you restart a
Lotus Notes client.
Monitoring
• Run Fixup using the Fixup tool in the Files tab — Use this method to
run Fixup on one or a few databases; you can easily select the
databases and you don’t have to use command-line options, but you
can’t use the Domino Administrator until Fixup finishes.
• Run Fixup using the Task - Start tool — Use this method to run Fixup
on all databases; you can continue to use the Domino Administrator
while Fixup runs and you don’t have to use command-line options.
• Run Fixup using a console command — Use this method if you want
to use command-line options or to run Fixup directly at the server
console when there isn’t a Domino Administrator client available.
• Run Fixup using a Program document — Use this method to
schedule Fixup to run at particular times.
• Run Fixup on a Win32 platform — Use this method if you are unable
to run Fixup at the server console. This method requires that you use
the “n” prefix, for example, nfixup - F.
Monitoring
lists previous release format. Don’t select
this option unless Customer Support
recommends doing so.
Fixup -J Runs on databases that are enabled for
transaction-logged transaction logging. Without this
databases option, Fixup generally doesn’t run on
logged databases.
If you are using a certified backup
utility, it’s important that you schedule
a full backup of the database as soon
after Fixup finishes as possible.
Fixup open databases -O If you run Fixup on open databases,
Fixup takes the databases offline to
perform the fixup.
This is the default if you run Fixup and
specify a database name. Without this
option, when you do not specify
database names, Fixup does not run on
open databases.
Don’t fixup open -Z Applies only to running Fixup on a
databases single database. When a database isn’t
taken offline and is in use, then Fixup is
not run.
This is the default when Fixup is run on
multiple databases.
continued
Monitoring
folder relative to the SALES\USER1.NSF
Domino data folder
All the files specified in Load fixup DATA\SALES.NSF
an IND file created in the WEEKLY.IND DATA\DEV.NSF
Domino data folder where WEEKLY.IND DATA\SALES\USER1.NSF
contains:
DATA\SALES\NEW\all
SALES.NSF databases
DEV.NSF
SALES\USER1.NSF
SALES\NEW
Monitoring
Clusters.
You can use any of these methods to move a database:
• Use the Domino Administrator and the Administration Process to
move the database.
• Manually move the database. Use this option when you do not have
access to the Domino Administrator and the Administration Process.
Monitoring
Use this procedure to move a database to a server in another Domino
domain or to move a database when you don’t have access to the
Domino Administrator. Do not use this procedure to move a mail file.
For information on moving mail files, see the chapter “Setting Up and
Managing Notes Users.”
1. Make sure that you have Create Replica access in the Server
document of the destination server.
2. Make sure you have Manager with “Delete documents” access in the
ACL of the original database.
3. Choose File - Replication - New Replica to create a replica of the
database on the destination server.
4. Make a note of the file name and path of the original database. You’ll
include this information when you notify users of the move.
5. Choose File - Database - Delete to delete the original database.
6. If the database receives mail, change the Mail-In Database document
in the Domino Directory to reflect the new location.
7. In the ACLs of any replicas of the database, remove the name of the
server that you moved the database from and add the name of the
destination server.
8. Notify users that you have moved the database.
Monitoring
8. Click Yes to confirm the deletion.
9. Delete any Mail-In Database documents associated with the deleted
database.
10. Remove references to the database in database libraries and
bookmarks.
11. Notify users that you have deleted the database.
Database analysis
You can perform a database analysis to collect information about one or
more databases from a variety of sources — the replication history, the
User Activity dialog box, and the log file (LOG.NSF) — and view it in a
single “results” database. You can perform a database analysis only if
you have access to the Domino Administrator.
Analysis documents
Each analysis document in the results database contains fields that
describe a particular event.
Field Describes
Date Date of the event
Time Time of event
Source of Event The analyzed database or its replicas or the log file (LOG.NSF)
Information
Source Name of a database containing documents that were read
Database For database replication events, name of database from which
information was pulled
Source Name of server that stores a database containing documents
that were read or written
For database replication events, name of server that stores the
database from which information was pulled
Destination Name of a database on which documents were updated
For database replication, name of the database to which
information was replicated
Destination Name of a server that stores a database that was updated
machine For database replication, name of a server that stores a
database to which information is replicated
Description Description of the event
Monitoring
+Replicator Number of replication additions, Log file activity
updates, and deletions, as reported in the
log file (LOG.NSF)
Monitoring
Update_NO_BRP_Files When set to 1, the Fixup task creates a BRP file
when it encounters an error in a view index.
Updaters Specifies the number of Update tasks to run
concurrently on the server.
View_Rebuild_Dir Changes the temporary folder used for view
rebuilds.
Managing servers
To manage servers, you can do any of the following tasks:
• Change the server administrator
Monitoring
• Decommission a server
• Decommission a Domain Search server
• Delete a server name
• Find a server name in the domain with the Domino Administrator or
the Web Administrator
• Recertify a server ID
• Upgrade a server name to hierarchical
• Uninstall a Domino server partition
While managing servers, you may also need to recertify a certifier ID. To
do so, see “Recertifying a Certifier or User ID.”
59-1
If the name of the former administrator is included in any groups, delete
the former administrator’s name from the Group document(s), if
appropriate. Add the name of the new administrator.
1. From the Domino Administrator, select the Configuration tab.
2. Click Server, and then select one:
• Current Server Document — to change the administrator name for
the current server.
• All Server Documents — and then select the server document you
want to change.
3. Click “Edit Server.”
4. Click the Administration tab.
5. In the Administrator field, type the administrator’s name or click the
arrow and complete the following fields as necessary in the Select
Names dialog box:
Field Action
Choose address Select the address book and choose a name from the list.
book Click one of the following:
• Add — to add the name to the Names list.
• Details — to view address details from the Person
document.
Find names (Optional) Enter a user name, last name followed by first
starting with name, to search for a name if you are unsure of the
spelling or the complete name.
Add name not Enter a user name and then click Add to add the name to
in list the Names list without selecting it from an address book.
Names (Optional) Do one:
• Select a name and then click Remove to remove the
selected name from the Administrator field.
• Don’t select any names. Click Remove all to remove all
names from the Administrator field.
Select a name and click to copy a name from the open
address book to the local address book.
6. Click OK, and then click “Save & Close” in the Server document.
7. Use the Replicate server command at the console to force replication
of the Domino Directory and disseminate the change quickly.
For more information on the Replicate command, see the appendix
“Server Commands.”
Monitoring
Inconsistencies between the source and target servers are marked in the
Results database to alert you to the administrative tasks you may need to
do before you can decommission the server. Each comparison that the
Decommission Server Analysis tool makes is somewhat individual.
Relationships between analysis items are not determined by this tool;
therefore, you need to review each report and make your own
comparisons before taking any action. Perform comparisons between
only two servers at a time. You do not need to resolve all differences
before you decommission a server.
5. Click OK.
When the analysis is complete, the Results database opens to the
Reports view. This can take up to several minutes depending on
network traffic and the number of databases on both the source and
target servers.
Note You can create multiple reports in the same database or in
different databases and then use these reports to verify that differences
between the two servers are remedied and cannot be seen by the system
when you run the Decommission Server Analysis tool. You can re-run
the reports as many times as you wish.
Monitoring
Each item is represented by a document. A document’s status is
indicated by an icon to the left of the document as follows:
Icon Explanation
A difference was found when doing the comparisons and may
require the attention of an administrator.
An error was encountered when performing or trying to perform a
comparison.
No icon No attention is required because the fields being compared are
either equivalent or the source’s values are a complete subset of the
target’s values.
Monitoring
cases, the specific interpretation of blank for each field is
taken into consideration when comparisons are performed.
Document Explanation
comparison
Connection A comparison is performed on any connection in which the
documents server to be decommissioned is listed as the source server in
the Connection document. The comparison ensures that all
destination servers in those connections are also included in
the target server’s Connection documents. A report is
generated if the Tasks differ or if any corresponding
connections do not exist.
All connections listing the server to be decommissioned as
the Destination server are reported.
Program All Program documents that list the source server as the server
documents on which to run the program are included in the report. No
comparison between the source and target Program documents
is done because there is no way to ensure that the executables
exist or are the same on the source and target.
Domain All Foreign domain documents are checked to see if the
documents Gateway server name lists the source server. If one is found,
a document is generated showing which foreign domain
documents list the source.
Cross-Certificates Any cross-certificate that lists the source server in the Issued
By field is reported.
Recertifying a server ID
Follow this procedure to use the original certifier to recertify a server ID
that has a certificate that is about to expire.
Monitoring
1. To recertify a server ID, you must have:
• Author with Create documents access and the ServerModifier
role, or Editor access to the Domino Directory
• At least Author with Create documents access to the Certification
Log
2. From the Domino Administrator, click the Configuration tab, and
then click Server - All Server Documents.
3. Select the server you are recertifying.
4. Choose Actions - Recertify Selected Servers.
5. Choose one:
• Click Supply certifier ID and password — if you want to use a
certifier ID and password instead of the new server-based
certification authority (CA). To change to a different certifier ID,
click Certifier ID, select the new ID, enter the password, and then
click OK.
• Use the CA Process — Click to use the Domino server-based
certification authority (CA) to recertify the server ID. Choose a
CA-configured certifier from the list.
6. Accept the default certificate expiration date (two years from the
current date), or enter a different date.
7. (Optional) Enter a date in the field “Only renew certificates that will
expire before” if you want to limit which server IDs can be
recertified.
Monitoring
for the server name. Click Yes.
• On the Web Administrator, the status line displays a message
indicating that an administration request has been generated to
locate the server name. Click Done or enter another server name
and repeat the process.
Monitoring
name as its Domino server name, do not disable its IP address.
3. If the partitioned server used port mapping, edit the NOTES.INI file
of the port-mapping partition so that it no longer refers to the
Domino partition you want to remove. If you are uninstalling the
port-mapping partition, set up another Domino partition to do the
port-mapping.
4. If you use Windows NT, edit the NT registry as follows:
a. In the folder HKEY_LOCAL_MACHINE - SOFTWARE - Lotus -
Domino check each numbered subkey (for example, 1,2,3) that
has a named value DATA whose value is the directory path of
the partition you want to remove. Remove the whole numbered
subkey and all of its values.
b. In the folder HKEY_LOCAL_MACHINE - SOFTWARE - Lotus -
Domino, remove the corresponding numbered key from the
value of the key named PARTITIONS. Ensure that the list ends in
a comma. For example, if you are removing partition 2 from a
3-partition install, you would change the PARTITIONS value
from 1,2,3 to 1,3.
This chapter describes ways you can improve the performance of your
Domino server.
Performance
• Mail
• Web server
For more information on improving Web server performance, see the
chapter “Setting up the Domino Web Server.”
• Windows NT server
• UNIX server
For more information on performance, visit the Domino Performance
Zone at www.lotus.com/performance.
See the Notes.net column, “Performance Perspectives” for detailed
information about performance issues.
For more information on improving network performance see the
chapter “Setting up the Domino Network.” For more information on
database performance properties, see the chapter “Improving Database
Performance.”
60-1
Tools for measuring server performance
Domino offers performance tools you can use to measure and evaluate
server performance.
Domino Server.Load
Using Domino Server.Load, you run a script (a simulated workload) in
your own environment to obtain server capacity and response metrics.
You can run a built-in script or create a custom script. Domino
Server.Load includes real-time control of the test environment and
variables, such as the number of simulated users. Using Domino
Server.Load, you can evaluate the capacity of your servers and evaluate
the requirements for additional CPU, memory, or disk storage upgrades.
Server.Load can also be used to determine the effect of changes to the
machine, such as upgrading a device drive, an OS service pack, or a
Domino maintenance release.
Domino Server.Load is included as part of the Administrator client. For
details about setting up and working with Server.Load, see the chapter
“Using Server.Load.”
NotesBench
NotesBench is a collection of benchmarks (workloads) that simulate the
behavior of workstation-to-server or server-to-server operations.
Vendors and other organizations use NotesBench to evaluate the
performance of various Domino and Notes platforms and configurations.
Using NotesBench, hardware vendors and business partners generate
benchmark information, which they can distribute to their customers. In
turn, customers can use the benchmark information to evaluate vendors,
select configurations, and plan resource budgets.
To use NotesBench for testing, you must be a member of the NotesBench
Consortium, which is an independent, nonprofit organization dedicated
to providing Domino and Notes performance information to customers.
The consortium requires that each member run the NotesBench tests in
the same manner and allows tests to be audited.
To view published data and test results, go to the NotesBench Web site at
www.notesbench.org.
Performance
hardware RAID, such as RAID 0+1, to improve performance and
availability.
• Use multiple I/O controllers to distribute logical volumes (and
use file pointers to databases across separate controllers). Make
sure you have the latest BIOS for your I/O subsystem. This is an
inexpensive way to remove a likely throughput bottleneck.
2. Use faster disk drives.
3. Increase the stripe size. Refer to the NotesBench reports to see what
the vendors use. NotesBench vendors use a stripe size of 8K
(Hewlett-Packard systems) or 16K (IBM NetFinity® reports). (The
IBM NetFinity report provides additional information on I/O
settings such as IOQ Depth, Outbound Posting, PCI Line Prefetch,
and Address Bit Permitting.)
4. Use faster CPUs. NotesBench vendors have moved beyond the
Pentium®, Sparc®, and PowerPC® processors, which were in the
100Mhz to 200Mhz range, to higher speed processors. However, they
consistently use P6-based systems over the Pentium II systems for
Server_Availability_Threshold
This setting specifies the acceptable level (a percentage) of system
resources available to a server. By setting this value for each server in a
cluster, you determine how the workload is distributed among cluster
members. The default is 0, which indicates a fully available state
(workload balancing is disabled). A value of 100 indicates the server is
busy; the Cluster Manager then tries to redirect user requests to more
available cluster members.
Server_Session_Timeout
This setting specifies the number of minutes of inactivity after which the
server automatically terminates network and mobile connections. The
minimum recommended setting is 15 minutes. If you specify a lower
time, the server must reopen database server sessions too frequently,
which slows server performance. For best performance, the
recommended time is 45 minutes.
For mobile connections, X.PC has its own internal time out. If the X.PC
time-out value is shorter than the Server_Session_Timeout value, the
X.PC time out takes precedence.
ServerTasks
This setting controls the tasks that the server runs. These tasks start
automatically at server startup and continue until the server is shut
down. Improve performance by removing tasks that aren’t appropriate
to the server. Do not remove the Update task from a server. If you do so,
the Domino Directory will not update.
Performance
Translog_Status
This setting enables transaction logging for all Release 5 and later
databases on the server. Default is 0 (transaction logging disabled). Set
this to 1 to enable transaction logging. Transaction logging improves the
availability and reliability of the server.
Note You must upgrade databases to Domino Release 5 or later format
before they can use transaction logging.
Optimizing performance
If one partitioned server uses significant system resources, consider
moving that server to a different computer. If partitioned servers causes
slow disk access, consider moving the Domino data directories of the
partitioned servers to separate disk drives.
Another way to limit access to a server is to limit the number of users
who can use a partitioned server at one time. To do this, you can use the
Server_MaxUsers setting in the NOTES.INI file. When the server reaches
the number of users you specify, Domino denies additional user requests
for access to the server.
For additional information about these NOTES.INI settings, see the
appendix “NOTES.INI File.”
AMgr_DocUpdateAgentMinInterval
This setting specifies the minimum elapsed time, in minutes, between
executions of the same document update-triggered agent. This lets you
control the time interval between executions of a given agent. Default is
30 minutes. A longer interval can result in the agent running less often,
reducing server demand. If document update events are infrequent, you
can reduce the delay.
AMgr_DocUpdateEventDelay
This setting specifies the delay time, in minutes, the Agent Manager
schedules a document update-triggered agent after a document update
event. The default is 5 minutes. The delay time ensures the agent runs no
more often than the specified interval, regardless of how frequently
document update events occur. When the agent executes, it will also
process all additional events (if any) that occurred during the interval.
A longer interval results in the agent running less often, thus reducing
demand for server time. If document update events are infrequent,
however, you can reduce the delay to ensure the agent runs soon after
the event occurs.
AMgr_NewMailAgentMinInterval
This setting specifies the minimum elapsed time, in minutes, between
execution of the same new mail-triggered agent. The default is 0 (no interval
between executions). Similar to AMgr_DocUpdateAgentMinInterval,
entering an interval can result in the agent running less frequently.
AMgr_NewMailEventDelay
This setting specifies the time (in minutes) that the Agent Manager delays
before scheduling a new mail-triggered agent after new mail is delivered.
The default is 1 minute. Similar to AMgr_DocUpdateEventDelay, the
delay time ensures the agent runs no more often than the specified
interval. When the agent executes, it will also process all additional events
Performance
(if any) that occurred during the interval. A longer interval results in the
agent running less often, thus reducing demand for server time. If
document update events are infrequent, however, you can reduce the
delay to ensure the agent runs soon after the event occurs.
DominoAsynchronizeAgents
This setting specifies whether Web agents triggered by browser clients
can run at the same time (asynchronously). The default is zero (only one
agent can run at a time). Set this to 1 to allow multiple agents to run
simultaneously. This can result in faster execution of agents. However, a
high number of agents executing at the same time can slow overall
system performance. Open the Server document you want to change,
and click the Internet Protocols - Domino Web Engine tab. In the Web
Agents section, enable or disable the “Run Web agents concurrently?”
option. For “Web agent time-out (in seconds),” the default is 0 (no
time-outs).
AMgr_SchedulingInterval
This setting specifies a delay (in minutes) between running of the Agent
Manager’s scheduler. Valid values are 1 minute to 60 minutes. The
default value is 1 minute.
AMgr_UntriggeredMailInterval
This setting specifies a delay (in minutes) between running of the Agent
Manager’s check for untriggered mail. Valid values are 1 minute to 1440
minutes (the number of minutes in a day). The default value is 60 minutes.
Performance
NOTES.INI settings can affect database and Domino Directory
performance.
For more information on database performance properties, see the
chapter “Improving Database Performance.”
NSF_Buffer_Pool_Size
This NOTES.INI setting sets the size of the NSF buffer pool, a section of
memory used for buffering I/O transfers between the NSF and NIF
subsystems and disk storage. The number of server partitions, users, size
and number of views, and number of databases all affect how you should
set the buffer pool specification. The default value (determined
automatically by the server) is usually sufficient, but if Database Statistics
indicate more memory is needed, increase the value a few megabytes at a
time. You can use a performance monitor to find out if a larger value is
causing too much swapping or paging. (NSF_Buffer_Pool_Size sets the
buffer pool size in bytes; NSF_Buffer_Pool_Size_MB sets the size in
megabytes.)
Improving performance for users accessing the Web using the Web
Navigator
There are several ways to improve performance:
• Speed up your access to Web pages by speeding up your server
connection to the Internet. Contact your Internet Service Provider to
find out what options you have.
• Improve database performance by managing your database with the
Purge and Refresh agents or any other agents you may create for the
database.
• Manage the number of users retrieving pages in the Web Navigator
database by setting the maximum number of concurrent retrievals
(the number of Web pages the server retrieves at the same time). The
default maximum number of concurrent retrievals is 25. The number
of concurrent retrievals that your server allows depends on your
specific system environment.
Performance
Setting transfer limits
You set transfer limits in the Configuration Settings document on the
Router/SMTP - Restrictions and Controls - Transfer Controls tab, under
Transfer Controls.
MinNewMailPoll
This setting determines how often workstations can contact the server to
see if new mail has arrived for the user. This setting overrides the user’s
selection in the Mail Setup dialog box. You can increase the mail polling
interval if there are a large number of mail users on your server and you
want to prevent frequent polling from affecting server performance.
NoMsgCache
This setting disables per-user message caching by the IMAP task. This
can improve capacity (number of users) on a server by reducing memory
consumption. However, response time for some user operations may be
slower.
POP3_Config_Update_Interval
This setting determines how often (per minute) the Domino server that
runs the POP3 service updates its configuration information. The default
is 2 minutes.
Performance
prompt enter (format <drive>:/fs:ntfs/A:16K).
• RAID sets. When setting up data disk RAID sets, set the stripe size to
be approximately equal to the average logical disk transfer per
second measured in Perfmon for the typical workload for the server.
Set the cache write policy to “write back.” Set the cache read policy
to “read ahead.”
• Balance the I/O bandwidth for each PCI bus. Distribute the network
adapters and RAID controller across multiple buses if your server
has them. Do not put the RAID controller on a bus that has a network
adapter.
• Use LargeSystemCache. Both Windows NT and Windows 2000 have
this disk-I/O cache. The default setting favors file sharing. This uses
more memory than the other settings. If server memory is a
bottleneck, set the cache to favor network applications, or, in extreme
cases, set it to minimize memory. Otherwise, leave the default
setting.
NOTES.INI settings
Most NOTES.INI settings that affect Domino server performance apply
to all UNIX platforms.
NSF_Buffer_Pool_Size_MB
Many machines that run UNIX have very large amounts of physical
RAM. Use the parameters NSF_Buffer_Pool_Size_MB or
PercentSysAvailable Resources to control how much memory Domino is
allowed to use. Each Domino instance on a UNIX machine can reference
a maximum of 4GB of RAM.
Performance
• IBM Redbooks at www.redbooks.ibm.com
• Solaris at www.lotus.com/dominosolaris
• Windows NT and Windows 2000 internals at www.sysinternals.com
• Hewlett-Packard at www.hp.com
• IBM performance pages for the following machines:
iSeries at www-1.ibm.com/servers/eserver/iseries/
xSeries at www.pc.ibm.com/ww/eserver/xseries/domino
zSeries at www-1.ibm.com/servers/eserver/zseries/
Performance
reduce database size. Set database performance properties by opening
the Database Properties box on an existing database or as you create a
database.
Make sure you fully understand these database properties before
changing their settings.
1. Make sure you have Designer or Manager access in the database ACL.
2. Do one of the following:
• Open a database and choose File - Database - Properties.
• As you create a new database, click the Advanced button.
3. Select or deselect properties listed in the table below.
4. After you select any of these three properties, compact the database
for the property to take effect:
• Don’t maintain unread marks
• Document table bitmap optimization
• Don’t support specialized response hierarchy
61-1
Tip You can use the Compact task with specific options to enable or
disable the above three properties and then compact the database.
Property Tab To optimize Improves Reduces
performance/ database database
size performance? size?
Allow use of stored Basics Deselect option Yes Yes
forms in this
database
Display images Basics Select option Yes No
after loading
Don’t maintain Advanced Select option Yes Yes
unread marks
Document table Advanced Select option Yes No
bitmap
optimization
Don’t overwrite Advanced Select option Yes No
free space
Maintain Advanced Deselect option Yes No
LastAccessed
property
Don’t support Advanced Select the option Yes Slightly
specialized
response hierarchy
Don’t allow Advanced Select the option Prevents No
headline performance
monitoring degradation
Limit entries in Advanced Select the option Yes Yes
$UpdatedBy fields and specify the
number of
entries
$UpdatedBy
fields can
contain
Limit entries in Advanced Select the option Yes Yes
$Revisions fields and specify a
limit on the
number of
entries
$Revisions fields
can contain. The
suggested limit
is 10 entries.
Performance
them. For more information, see Lotus Notes 6 Help.
Performance
By default, the database property “Maintain LastAccessed property” is
not selected, meaning the “Accessed (In this file)” property isn’t updated
when the last document access was a read, only when the last access was
a document modification. Change the default behavior by selecting
“Maintain LastAccessed property.”
You should select “Maintain LastAccessed property” if you use the
document archiving tool, available in the Database Properties box, to
delete documents based on days of inactivity.
Performance
to specify the number of entries that the $Revisions field can contain.
When the $Revisions field reaches this limit, the oldest entry is removed
to make room for the newest entry.
Consider limiting the entries in $Revisions fields on a database with all of
the following characteristics:
• The database contains many documents.
• The database replicates often or has no replicas.
• The database contains documents that are not often edited.
A suggested upper limit is 10 entries in the $Revisions field. If you set the
limit lower than 10, you run the risk of increased replication or save
conflicts.
Soft deletions
In some databases, deleting a document permanently removes it from the
database. In other databases, such as the Notes mail file database,
deleting a document moves it into a Trash folder and stores it in a state of
“soft deletion.” From this folder, users can restore deleted documents by
dragging them from the Trash folder into another folder or by selecting
Remove from Trash.
Deleted documents are not permanently removed until a specified
expiration time or until the user empties the Trash folder. By default, soft
deletions are enabled for mail databases created from the Domino 6 mail
template (MAIL6.NTF). The default expiration time is 48 hours. You can
turn soft deletions on or off for any database and specify how long to
retain soft deletions before removing them from the database.
To display soft-deleted documents in other types of databases, you must
create a view to list the documents and provide users with an action
programmed to un-delete documents and restore them to the database.
For information on creating views to display soft-deletions, see the book
Application Development with Domino Designer.
Because deleted documents are not removed immediately from a
database that has soft deletions enabled, space in the database is not
reclaimed as quickly as in a database that does not use soft deletions. If
space consideration is an issue, consider disabling soft deletions.
Performance
NOTES.INI file or increase physical memory. Increasing the database
cache size improves system performance but requires additional
memory. The minimum number of databases allowed in the cache at one
time is 25; the maximum is 10,000.
The actual number of databases allowed in the cache is 1.5 times the
maximum allowed. This buffer increases the chance that when a user
opens a database from the cache, Domino can return the database to the
cache when the user closes it.
Statistic Description
Database.DbCache. Number of databases currently in the cache. If this number
CurrentEntries frequently approaches the value of
Database.DbCache.MaxEntries, increase the number of
databases the cache can hold.
Database.DbCache. Maximum number of databases in the cache during this
HighWaterMark running of the server program. This number may be
artificially high because of startup activity, so it may not
be a genuine indicator of cache performance.
Database.DbCache. The number of times an “InitialDbOpen” is satisfied by
Hits finding the database in the cache. A high “hits-to-opens”
ratio indicates that the database cache is working
effectively. If the ratio is low, increase the number of
databases the cache can hold.
continued
Performance
increase the number of databases the cache can hold, use the NOTES.INI
file setting, NSF_DbCache_Maxentries, as follows:
NSF_DbCache_Maxentries=value
Performance
2. Click the Info tab (i) to see the size of the database.
3. Click % Used to display the percentage of database space in use.
Compacting databases
When documents and attachments are deleted from a database, Domino
tries to reuse the unused space, rather than immediately reduce the file
size. Sometimes Domino won’t be able to reuse the space or, because of
fragmentation, can’t reuse the space effectively until you compact the
database.
Copy-style compacting
Copy-style compacting creates copies of databases and then deletes the
original databases after compacting completes, so extra disk space is
required to make the database copies. This style of compacting
essentially creates a new database with a new database ID. If you use
copy-style compacting on logged databases (using the -c option),
Performance
Users can read databases Yes Yes No (unless -L
during compacting option used)
Users can edit databases Yes Yes No
during compacting
Reduction in file size No Yes Yes
Extra disk space required No No Yes
Performance
4. Look at the File Format column in the files window.
Compact options
The following tables describe the options you can use with the Compact
server task. The first column lists the options as they appear when you
run Compact using the Task - Start tool or the Files tab in the Domino
Administrator. The second column lists the equivalent command-line
options that you use when you run Compact using a console command
or using a Program document.
For more information on database path, see the topic “Running Compact
using a console command” later in this chapter.
Compact - Options
Option Command-line Description
equivalent
Compact -S percent Compacts all databases with a specified percent
database only of unused space. For example, if you specify 10,
if unused space databases with 10% or more recorded unused
is greater than space are compacted. Note that the unused
x percent space calculation is not always a reliable
measure of unused space.
Discard any -D Discards built view indexes. Use this option to
built view compact databases just before you store them
indexes on tape, for example. Does copy-style
compacting.
Keep or revert -R Compacts databases without converting to the
database to current release file format of the server that
previous stores the databases or reverts databases in the
format current release file format to the previous
release file format. For example, on Domino 6
servers, this option compacts Domino 5
databases without converting them to the
Domino 6 file format and converts Domino 6
databases to the Domino 5 file format. This
option uses copy-style compacting.
Performance
compacting.
Compact - Advanced
The advanced compact options are not available through the Compact
tool in the Files tab of the Domino Administrator.
Option* Command-line Description
equivalent
Document table -f Disables “Document table bitmap
bitmap optimization” database property. Does
optimization: Off copy-style compacting.
Document table -F Enables “Document table bitmap
bitmap optimization” database property. Does
optimization: On copy-style compacting.
Don’t support -h Disables “Don’t support specialized response
specialized hierarchy” database property; in other
response words, support specialized response
hierarchy: Off hierarchy. Does copy-style compacting.
continued
* Select “Set advanced properties” before you enable or disable any of these
properties.
Compact - Archive
When you use the document archiving tool to archive and delete
documents in a database, you can use the following Compact options to
archive documents if the database is located on a server and you’ve
chosen the advanced archiving option “Automatically on server.”
Option* Command-line Description
equivalent
Archive only -A Archives and deletes documents from a
database without compacting the database.
Archive and then -a Archives and deletes documents from a
compact database and then compacts the database.
Delete and then -j Deletes documents from a database and
archive then compacts the database.
*The Compact tool in the Files tab of the Domino Administrator provides only
the option “Archive database;” this option archives and then compacts.
Performance
the servers icon.
2. Click the Server - Status tab.
3. In the Task pane on the right, click Task - Start.
4. Select Compactor.
5. Do one of the following:
• To run Compact with options (to control how Compact runs), click
“Show advanced options,” click Start Task, select options, and
then click OK.
• To run Compact without options, click Start Task.
For information on the options available, see the topic “Compact
options” earlier in this chapter.
Performance
Run at times Times to run Compact each day
Repeat interval of How soon to run Compact again after it
completes
Days of week The days to run Compact
* Deletion stubs are markers that remain from deleted documents so that the
documents are deleted in other replicas of the database.
In addition to these methods, you can also create an API program that
deletes documents.
For information on the “Remove documents not modified in the last x
days” setting, see the chapter “Creating Replicas and Scheduling
Replication.”
Performance
If you have disk space available and you want users to be able to access
deleted documents, archive the documents before deleting them. When
doing so, follow these guidelines:
1. Determine an archive frequency based on the type of database. For
example, you might archive an infrequently accessed database, such
as a company policy database, every three months. Archive a heavily
used tracking database, such as a customer call-tracking database,
once a month or once a week.
2. Notify users that you plan to archive the database.
3. In the About This Database document of the active database, post the
archiving schedule and the location of the archive database.
4. Archive the database when it is not in use and server traffic is low —
for example, on Sunday night.
5. After archiving is complete and you’ve deleted documents from the
active database, compact the active database.
Performance
them.”
Performance
1. Open the database and choose File - Database - Properties.
2. Click the Advanced tab.
3. Select “Allow more fields in database.”
Server.Load
Server.Load is a capacity-planning tool that you use to run tests, also
called “scripts” and “workloads,” against a targeted Domino server to
measure server capacity and response metrics.
Server.Load supports any platform that is supported by the Domino
Administrator client. The client runs the Server.Load tests and generates
the transactions that are presented to the server. A typical Server.Load
configuration has one or more client systems driving the server under
test (SUT). Each client running Server.Load generates a simulated user
load of Notes transactions against the SUT, which reports server statistics
back to the client. If you configure multiple clients, you set up and run
the test from each client system.
Performance
You can run built-in scripts, create custom scripts from a library of
commands, or submit commands manually. For example, run the built-in
R5 Simple Mail Routing script to simulate users on a Notes client reading
and sending mail. Or create a custom script to create and open a Notes
mail database and populate it with messages. To test or execute
individual commands, you can use the manual command line mode to
delete documents from a database or issue remote server commands.
Using Server.Load, you have real-time control of the test environment
and variables. Prior to running a test, you can change test parameters,
stop conditions, and existing script variables. You can also monitor
real-time server metrics. While the script is running, the Metrics window
displays an immediate characterization of server performance by
updating metrics on a per-minute basis.
62-1
Built-in and custom Server.Load scripts
Server.Load includes a set of built-in scripts. You can also create a
custom script from scratch.
Built-in scripts
The following table describes the scripts that are built into Server.Load.
To see the actual code of each script, see the appendix “Server.Load
Scripts.”
Script Description
Idle Workload Establishes the upper boundary of the number of
sessions that a Domino server can support. You can use
the metric derived from this script to help you set up
other tests.
R5 IMAP Workload Runs Notes transactions that model a server for mail
users at sites that rely on IMAP for communication. This
test stresses the IMAP protocol by receiving messages
and exercises SMTP and LDAP by sending SMTP
messages to recipients and performing LDAP lookups
on them. You use the IMAP Initialization Workload
script to initialize the SUT.
R5 Simple Mail Simulates one or more Notes mail users performing
Routing basic mail operations such as opening mail files, reading
and categorizing documents, sending calendar and
schedule items, and composing multiple mail messages
to multiple recipients. You use the NRPC Mail
Initialization Workload script to initialize the SUT.
R5 Shared Database Simulates one or more active users performing database
operations on the same Discussion database. The script
includes performing view operations, navigating unread
documents, adding users to the database, and updating
documents.
SMTP and POP3 Runs Notes transactions that model a server for mail
Workload users at sites that rely on SMTP and POP3 mail for
communication. You use the SMTP and POP3
Initialization Workload script to initialize the SUT.
Web Idle Workload Simulates users connecting to the default page or home
page on a Domino Web server.
Web Mail Workload Runs transactions that model a server for Web Mail
users. The test simulates a Web browser user sending,
retrieving, and deleting Notes mail. You use the Web
Mail Initialization Workload script to initialize the SUT.
NotesBench
A related performance tool, NotesBench is a collection of benchmarks, or
workloads, for evaluating the performance of Domino servers. To learn
more about NotesBench, go to http://www.notesbench.org.
Performance
by 2 seconds.
3. Plan to enter values for the Starting Thread No. and Max No. of
Users parameters. The values you enter depend on how many client
systems and database users the test is simulating. For example, to
simulate 400 database users across 4 client systems, with 100 users
spread across the 4 clients specify these values when you run the test
on each client.
Client Max. No. of Users Starting Thread No.
1 100.00 1.00
2.00 100.00 101.00
3.00 100.00 201.00
4.00 100.00 301.00
Server.Load agents
Server.Load includes a set of agents in the file NAMAGENT.NSF, which
is initially installed in the data directory on the Domino Administrator
client. The first agent in this list — Create NotesBench Mail Person
Documents — is used to set up Person documents for the workloads and
set the HTTP password. The rest of the agents are used to repair and
change the workload setup.
To use the agents, you must use Domino Designer to add them to the
Domino Directory on the SUT.
• Create NotesBench Mail Person Documents
• Refresh All Documents
• Set HTTPPassword to “NotesBench”
• Set Message Storage Format = MIME
• Set Message Storage Format = No Preference
• Set Message Storage Format = Notes
• Update ACL of MailDBs to include Owner (mail1, mail2, ...)
Prompt Default
Starting value to create mail users 1.00
Number of users to create 1000.00
Number of Mailn.NSF files to create 1000.00
Starting Mailn.NSF file 1.00
Location for mail databases mail\
continued
Performance
• Set Message Storage Format = No Preference
• Set Message Storage Format = Notes
• Update ACL of MailDBs to include Owner (mail1, mail2, ...) — Use
this agent for a workload that has authentication on.
Field Action
Max No. of Users Enter the number of simulated users. Default is 1.
Maximum value for this setting is 512.
Note To verify that a script is running properly, run the
test the first time with only one simulated user.
If you are running the test on multiple clients, increment
the value of the Max No. of Users parameter when you run
the test on each client.
The client should not run at anything higher than 75% to
85% CPU. If the client is running at 100%, reduce the
number of users.
Script Loop Count Enter the number of times the script runs per simulated
user. Default is 1.
To calculate total iterations, multiply Script Loop Count by
Max. No. of Users.
Note For long-duration tests, enter a large value, and
specify No Time Limit in the Test Time Parameter field.
If a test uses the ScriptIterationLimit script variable, set both
the variable and the Script Loop Count to the same value.
Thread Creation Enter the rate, in seconds, at which simulated users are
Interval (sec) created. Default is 1
To calculate total ramp-up time, multiply Thread Creation
Interval by Max. No. of Users.
Starting Thread Enter the thread number that will start the test. Default is 1.
No. Note If you use multiple clients in a test, you must stagger
the starting thread number — for example, client 1 starts at
thread 1; client 2 starts at thread 101, and so on.
Test Time Choose one:
Parameter • No time limit (default) — To run the test indefinitely.
• Run between two time periods — To run the test
between Start and Stop times that you enter in standard
format (1:00 PM) or military format (13:00).
• Specify Total Test Time — To run the test for a specific
number of minutes.
Build Recipient Click Browse and select the Domino Directory or Personal
List using Name Address Book to use when building a list of recipients of
and Address Book the test results.
Storage test Click Browse to choose the location to store test output.
output to
Database statistics
Statistic Description
Database.BufferPool.Reads Number of database buffer pool
reads.
Database.BufferPool.Used Number of bytes allocated in the
buffer control pool.
Database.BufferPool.Writes Number of database buffer pool
writes.
Database.DbCache.CurrentEntries Number of entries in the database
cache.
Performance
Database.DbCache.HighWaterMark High water mark of the database
cache.
Database.DbCache.Hits Number of hits to the database
cache.
Database.DbCache.InitialDbOpens Number of database opens done by
the database cache.
Database.NIFPool.Used Number of database NIF pools
Mail statistics
Statistic Description
Mail.AverageDeliverTime Average delivery time of messages in seconds
Mail.AverageServerHops Average number of server hops for a delivered
message.
Mail.AverageSizeDelivered Average size of message delivered, in K.
Mail.Dead Number of undeliverable messages in
MAIL.BOX. Useful for detecting problems with
the Router. Check the server MAIL.BOX to view
the dead mail messages and determine the
problem.
Mail.Delivered Number of messages received by the Router.
Mail.MaximumDeliverTime Slowest delivery time of messages in seconds.
Mail.MinimumServerHops Least number of server hops for a delivered
message.
Mail.MaximumSizeDelivered Largest message delivered, in K.
Mail.MinimumDeliverTime Slowest delivery time of messages in seconds.
Mail.MaximumServerHops Most number of server hops for a delivered
message.
Mail.MinimumSizeDelivered Smallest message delivered, in K.
Mail.TotalFailures Total number of mail failures.
continued
Network statistics
Statistic Description
NET.TCPIP.BytesReceived Amount of data received from
client to server using TCP/IP
protocol.
NET.TCPIP.BytesSent Amount of data sent from client
to server using TCP/IP protocol.
NET.TCPIP.Sessions.Established.Incoming Incoming sessions from client to
server using TCP/IP protocol.
Statistic Description
Performance
Avg. Trans (Per The average number of transactions per thread.
Thread)
Min. Trans (Per The minimum number of transactions per thread.
Thread)
Max. Trans (Per The maximum number of transactions per thread.
Thread)
Total Trans (All The total number of transactions per thread.
Threads)
Running Threads The total number of all threads currently running.
Agg. Replications The aggregate number of replications that occurred.
Avg. Rsp. Time (ms) The average NRPC response time. This is the average
response across all threads and is the best overall value
to track general server response curves.
Note This value is not applicable to the Web Mail
script
Running time (min) The total running time.
Performance
Running a custom Server.Load script
If you create a custom script, use these steps to run it.
1. On the Domino Administrator client, start Server.Load by running
SLOAD.EXE from the Program directory.
2. In the Test Type field, choose Custom. Then click Browse and select
the script you want to add; to view or edit the script, choose Edit
Script.
3. Click the Test Parameters tab. If you are running the test on multiple
clients, increment the value of the Starting Thread No. parameter
when you run the test on each client.
4. (Optional) Click the Stop Conditions tab to set a stop condition.
For more information, see the topic “Setting a Server.Load stop
condition” earlier in this chapter.
5. Click Execute.
To set up a SUT
1. Make sure that:
• The Domino server is installed and operational
• The server has adequate RAM, approximately 512KB per
simulated user (thread) across all clients used in the test
2. Make sure that you have Administrator access, Create database
access, and access to run unrestricted LotusScript and Java agents.
3. Make sure that the Server, Replicator, Router, and Update tasks are
running on the Domino server. Run additional tasks as required for
individual tests.
4. Enable performance monitoring on the Domino server by issuing the
Show Perf command.
5. Use Domino Designer to copy the file NAMAGENT.NSF to the
Domino Directory. This file contains agents that you use to set up
and change workloads.
6. Disable all screen savers.
c. Click the Servers tab, and in the home/mail server section, enter
the name of the SUT.
Note If you edit the MailServer script variable before you run a test,
you change the location of the mail server for only that run. The next
time you run Server.Load, the mail server listed in the Location
Performance
document is used.
d. Click Save and Close.
3. Make sure that you use a Notes ID that has administration access to
the SUT.
4. Do the following to verify the connection to the SUT:
a. Start the Domino Administration client and verify that the
Home/Mail Server field in the Location document contains the
fully distinguished SUT name — for example,
MailServer1/Acme.
b. Verify connectivity by running a trace from the client to the
server. Select File - Preferences User Preferences Ports.
c. Verify that the correct communication port is enabled, and click
Trace.
d. Enter the name of the SUT in the Destination field and run the
trace to verify that the client can use the desired protocol to trace
to the server.
Performance
test user are delivered to the mail databases of other test users on the
SUT.
The measurements obtained by this test are:
• Throughput of completed Notes operations
• Average response time at maximum capacity
• Maximum number of IMAP mail users supported
The resulting capacity metric for an IMAP server is the maximum
number of users that can be supported before the average user response
time becomes unacceptable.
To read the code in the test script, see the appendix “Server.Load
Scripts.”
4. In the Test Type field, choose Built-In, and then choose R5 IMAP
Initialization Workload from the list.
5. Click the Script Variables tab, and enter these values:
Variable Action
MailServer Enter the canonical name of the mail server — for
example, CN=MailServer1/O=Acme.
Performance
MailTemplate Enter the name of the mail file template — for
example, MAIL6.NTF.
nb_dbdir Enter the directory used to store mail files, relative to
the data directory.
NormalMessageSize Enter the size of the body of the message.
Recommended value is 10000.
MessageLineSize Enter the number of characters per line.
Recommended value is 80.
RecipientDomain Enter the name of the domain containing the
intended recipients — for example, acme.com.
SMTPHost Enter the fully qualified domain name of the Domino
server that is running the SMTP Listener task — for
example, server1.acme.com
ClientHost Enter the fully qualified domain name of the client —
for example, client1.acme.com
NumMailNotes Enter the number of documents to populate the mail
PerUser file when it is created. Recommended value is 100.
Performance
R5IMAPBreak Enter one:
1 — To prevent the script from quitting if errors
occur
0 — To force the script to quit if errors occur
IMAPHost Enter the fully-qualified domain name of the SUT
— for example, server1.acme.com
NormalMessageSize Enter the size of the body of the message.
Recommended value is 10000.
MessageLineSize Enter the number of characters per line.
Recommended value is 80.
NumMessageRecipients Enter the number of recipients for each message.
Recommended value is 3.
RecipientDomain Enter the name of the domain containing the
intended recipients — for example, acme.com.
continued
10. (Optional) Click the Stop Conditions tab to set a stop condition.
For more information, see the topic “Setting a Server.Load stop
condition” earlier in this chapter.
11. Click Execute.
12. (Optional) Select metrics to monitor.
For more information, see the topic “Monitoring Server.Load
metrics” earlier in this chapter.
13. (Optional) In the “Server to receive console commands” field, enter
the name of the SUT.
14. Click Start Test.
Hardware considerations
The following hard disk requirements apply to the SUT and, during
some tests, to the destination systems that receive mail from the SUT:
The R5 Simple Mail Routing test requires at least one client and the SUT.
If you use multiple client systems, identical hardware configurations are
recommended.
Performance
Running the R5 NRPC Mail Initialization Workload
1. Make sure that you already set up clients and servers for
Server.Load.
For information, see the topic “Setting up clients and servers for
Server.Load” earlier in this chapter.
2. On the Domino Administrator client, start Server.Load by running
SLOAD.EXE from the Program directory.
3. Run the “Create NotesBench Mail Person Documents” agent to
create the desired number of Person documents in the Domino
Directory. When prompted, set these variables:
Variable Setting
Message storage format 0 (NOTES)
Mail system 1 (NOTES)
7. In the “Build Recipient List using Name and Address Book” field,
enter the name of the SUT and its Domino Directory in the format
servername/org!!dominodirectory.NSF — for example,
Server1/Acme!!NAMES.NSF.
8. Verify that no errors occur while creating mail files on the client and
SUT. If a mail file is not created, the test script creates the mail file
during the first test iteration, a process that adds overhead on the
server back end. As a rule, CPU on the client and SUT should not
exceed 75%, and the percentage of disk time on the server’s data
directory should not be a factor.
9. (Optional) Click the Stop Conditions tab to set a stop condition.
For more information, see the topic “Setting a Server.Load stop
condition” earlier in this chapter.
10. Click Execute.
11. (Optional) Select metrics to monitor.
For more information, see the topic “Monitoring Server.Load
metrics” earlier in this chapter.
Performance
MailServer Enter the canonical name of the mail server — for
example, CN=MailServer1/O=Acme.
nb_dbdir Enter a database directory relative to the Notes
data directory. Recommended value is mail\.
MailTemplate Enter the name of the mail file template.
NBTestReset Enter one to control how to handle existing
documents at the start of the test:
• 1 — To delete existing documents
• 0 — To ignore existing documents
Note The number of documents deleted is
dependent on the value set for the variable
MaxDocToDelete.
MaxDocToDelete Enter the number of documents to delete when
the test starts. After deleting documents, the
initial document count is reset.
continued
Hardware considerations
The following hard disk requirements apply to the SUT and, during
some tests, to the destination systems that receive mail from the SUT.
Initial disk requirement 300MB to 400MB free space on the SUT
Subsequent disk requirement One-half of the mail test space requirement
Performance
Variable Action
MailServer Enter the canonical name of the mail server —
for example, CN=MailServer1/O=Acme
DiscussionDB Enter the name of the test discussion database
DiscTemplate Enter the name of the template used for the
discussion database
NBTestReset Enter one to control how to handle existing
documents at the start of the test:
• 1 — To delete existing documents
• 0 — To ignore existing documents
Note The number of documents deleted is
dependent on the value set for the variable
MaxDocToDelete.
MaxDocToDelete Enter the number of documents to delete when
the test starts. After deleting documents, the
initial document count is reset.
continued
Performance
For information, see the topic “Setting up clients and servers for
Server.Load” earlier in this chapter.
2. Run the Create NotesBench Mail Person Documents agent to create
the desired number of Person documents in the Domino Directory.
When prompted, set these variables:
Variable Setting
Message storage format 2 (MIME)
Mail system 6 (POP3/IMAP)
6. Click the Test Parameters tab. If you are running the test on multiple
clients, increment the value of the Starting Thread No. parameter
when you run the test on each client.
7. (Optional) Click the Stop Conditions tab to set a stop condition.
For more information, see the topic “Setting a Server.Load stop
condition” earlier in this chapter.
8. Click Execute.
9. (Optional) Select metrics to monitor.
For more information, see the topic “Monitoring Server.Load
metrics” earlier in this chapter.
10. (Optional) In the “Server to receive console commands” field, enter
the name of the SUT.
11. Click Start Test.
12. Verify that the correct number of test mail files were created in the
data directory. Each mail file is named MAILn.NSF, where n is a
number.
13. Complete the procedure “Running the SMTP and POP3 Workload
test.”
Performance
format system.domainname — for example,
Server2.acme.com.
Hardware considerations
The following hard disk requirements apply to the SUT and, during
Performance
some tests, to the destination systems that receive mail from the SUT:
Initial Disk In Domino 6, approximately 13MB on the SUT for each user
Requirement (mail database). In Domino 5, approximately 5.5MB.
Subsequent Disk Increase of 1MB an hour for the duration of the test. (This
Requirement figure is not dependent on the number of users.)
Increase of 100KB an hour as impacted by the value of the
nthIteration setting in the NOTES.INI file
The growth rate of each database is a function of the ratio of
the number of users and recipients sending and receiving
mail.
6. Make sure that the administrator has Manager access to the Domino
Directory.
7. Authentication
• By default, WebMail assumes user authentication is required.
• For authenticated users, Anonymous must have No Access and
-Default- must have Manager access. Use the
WebAuthenticationOff=0 setting in the client’s NOTES.INI file.
• To run WebMail without authentication, Anonymous must have
Manager access in the ACL of all mail databases and the Domino
Directory. Use the WebAuthenticationOff=0 setting in the client’s
NOTES.INI file.
Performance
NBTestReset Enter one to control how to handle existing
documents at the start of the test:
• 1 — To delete existing documents
• 0 — To ignore existing documents
Note The number of documents deleted is
dependent on the value set for the variable
MaxDocToDelete.
MailServer Enter the canonical name of the mail server — for
example, CN=MailServer1/O=Acme.
HTTPHost Enter the TCP/IP address or host name of the
Domino Web server
nb_dbdir Enter a database directory relative to the Notes
data directory. Recommended value is mail\.
continued
6. Verify that the client and server experience no errors while creating
mail files. If a mail file has not been created, the test script creates the
mail file during the first test iteration, but this adds overhead on the
server back end. As a rule, CPU on the client and SUT should not
exceed 75%, and the percentage of Disk Time on the Domino Server
Data directory should not be a factor.
7. Click the Test Parameters tab. If you are running the test on multiple
clients, increment the value of the Starting Thread No. parameter
when you run the test on each client.
8. Set a Server.Load stop condition.
For more information, see the topic “Setting a Server.Load stop
condition” earlier in this chapter.
9. Click Execute.
10. (Optional) Select metrics to monitor.
For more information, see the topic “Monitoring Server.Load
metrics” earlier in this chapter.
11. (Optional) In the “Server to receive console commands” field, enter
the name of the SUT.
12. Click Start Test.
13. Verify that the correct number of test mail files were created in the
data directory. Each mail file is named MAILn.NSF, where n is a
number.
14. Complete the procedure “Running the Web Mail test.”
6. Click the Test Parameters tab. If you are running the test on multiple
clients, increment the value of the Starting Thread No. parameter
when you run the test on each client.
7. (Optional) Click the Stop Conditions tab to set a stop condition.
For more information, see the topic “Setting a Server.Load stop
condition” earlier in this chapter.
8. Click Execute.
9. (Optional) Select metrics to monitor.
For more information, see the topic “Monitoring Server.Load
metrics” earlier in this chapter.
Performance
10. (Optional) In the “Server to receive console commands” field, enter
the name of the SUT.
11. Click Start Test.
63-1
• Passthru connections
• Platform statistics
• Replication
• Server access
• Server-based certification authority
• Server crashes
• Server.Load
• Transaction logging
• Web Server, Web Navigator, and the Web Administrator
Troubleshooting tools
Domino provides several tools to help you troubleshoot problems. Most
of the tools are available through the Domino Administrator. The table
below summarizes the available tools and indicates how each is useful.
If you haven’t solved your problem after reading through the section that
applies to the problem, you may want to search the Lotus Support
Services Web site or call Lotus Support Services directly for help with
troubleshooting your problem.
Tool Problems that the tool resolves How to access the tool
Server log file All problems From the Server - Analysis tab
(LOG.NSF) in the Domino Administrator
Domino Web Web server problems From the Server - Analysis tab
server log file in the Domino Administrator
(DOMLOG.NSF)
Server’s Mail routing problems From the Messaging - Mail tab
MAIL.BOX in the Domino Administrator
Mail trace Mail routing problems From the Messaging - Mail tab
in the Domino Administrator
ISpy Slow mail; server problems Configured in the Monitoring
Configuration database on the
Configuration tab in the
Domino Administrator
Mail reports Mail user activity From the Messaging - Mail tab
in the Domino Administrator
continued
Troubleshooting
statistics from the Server -
Analysis tab in the Domino
Administrator
Database analysis Database problems From the Files tab in the
Domino Administrator
Administration Administration Process From the Servers - Analysis tab
Requests database errors in the Domino Administrator
Server commands Various From the Servers - Status tab in
the Domino Administrator
Troubleshooting 63-3
Searching the Lotus Support Services Web site
(www.lotus.com/support)
You may want to search the Lotus Support Services Web site at
www.lotus.com/support for a solution to your problem. You can search
technical documents in Knowledge Base and the FTP site with one
natural language query or participate in peer-to-peer discussions. In
addition, you can make product suggestions and find information about
Lotus authorized support providers, support services, and support
phone numbers.
Troubleshooting
example, mail hops or replication
hubs — that are between the servers
that are having a problem
Troubleshooting 63-5
Overview of server maintenance
As a Domino administrator, a major part of your job is maintaining each
server that you administer. You need to ensure that:
• The server is backed up regularly.
• Users can access the server quickly and consistently.
• Mail is routed properly.
• Administration Process requests are carried out.
• Databases are replicating correctly.
• Server hardware is functioning.
• Databases are active and maintained (a task you share with the
manager of each database).
You can use a server maintenance checklist to schedule these tasks.
Task Frequency
Back up the server Daily, weekly, monthly
Monitor mail routing Daily
Run Fixup to fix any corrupted databases * At server startup and as needed
Monitor shared mail database Daily
(MAILOBJ.NSF)
Monitor Administration Requests database Weekly
(ADMIN4.NSF)
Monitor databases that need maintenance Weekly
Monitor replication Daily
Monitor modem communications Daily
Monitor memory Monthly
Monitor disk space Daily, weekly, monthly
Monitor server load Monthly
Monitor server performance Monthly
continued
* If the database is in Domino 5 or later format and you are not using transaction
logging, you can use the Fixup task to repair the corrupted database.
If the database is in Domino 5 or later format and you are using transaction
logging, you cannot run the Fixup task on that database, because the Fixup task
interferes with the way transaction logging keeps track of databases. Instead,
you must restore the corrupted database from a backup. You can run the Fixup
task on databases that are in Domino 4.x and earlier format.
Troubleshooting
before you create the backup file.
2. Copy the server ID file to a disk, and store the disk in a secure place.
3. Make a replica of the Domino Directory on a workstation and keep it
up-to-date by replicating the local replica with the server replica.
Then if the Domino Directory becomes corrupted, you can quickly
restore it by creating a new replica from the local workstation replica.
Even if you do this, continue to back up the Domino Directory to
tape. Never do this when transaction logging is used.
Troubleshooting 63-7
4. If your system uses a shared mail database, back up the shared mail
database(s) along with user mail files.
Troubleshooting
Administration Process. To correct this, restart the server.
Troubleshooting 63-9
The Administration Process is retrying a name change or deletion
from the document.
This message appears as the result of a rename or delete request. It
indicates that the Administration Process is retrying a request to rename
or delete a name from a document that was initially unavailable because
someone was accessing the document. This is a status message; no action
is required.
The certificate contained in the note was not issued by the selected
certifier.
This message appears if you choose Actions - Recertify Person or Actions
- Recertify Server but you don’t select the original certifier. If you don’t
specify the original certifier when you choose this action, you can submit
the request, but it isn’t posted in the Administration Requests database.
To correct this, choose the action again, and select the original certifier.
The selected certifier isn’t the target certifier in the move request.
This message appears if you choose “Actions - Complete move for
selected entries” to attempt to complete moving user names to a different
hierarchy and the target certifier isn’t the one you specified when you
originally chose Actions - Rename Person - Request Move to New
Certifier. If the target certifier you specified when completing the move is
wrong, select the user names in the Name Move Requests view of the
Administration Requests database, choose “Actions - Complete move for
selected entries” again, and specify the correct target certifier. If you
specified the wrong target certifier when you originally chose Actions -
Request Move to New Certifier, repeat the action again, and specify the
correct target certifier.
Troubleshooting
e. Each request in the Administration Requests database should
have a corresponding response document that shows that the
Administration Process has completed the request. Correct any
errors indicated by a response document.
f. The Certifier documents must have the correct public key; the
public key must match the key in each CERT.ID.
For more information about correcting errors in the Administration
Requests database, or for any other information regarding the
administration process, see the chapter “Setting Up the
Administration Process.”
Troubleshooting 63-11
Agent Manager and agents — Troubleshooting
These topics describe how to troubleshoot problems related to using
Agent Manager and running agents:
• Tools for troubleshooting Agent Manager and agents describes tools
you can use to troubleshoot Agent Manager and agent.
• Agent manager and agents — Problems and error messages
describes problems that may occur when the Agent Manager or an
agent isn’t working as you expect.
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Server commands
Use these server commands to troubleshoot agents:
Tell amgr schedule
Tell amgr status
Tell amgr debug
Log file
To enable agent logging in the log file (LOG.NSF), edit the NOTES.INI
file to include the Log_AgentManager setting, which specifies whether or
not the start of agent execution is recorded in the log file and displayed
on the server console. It’s important to monitor the server console or log
for information from the Agent Manager because error and warning
messages generated by the Agent Manager on behalf of the agent, as well
as output — for example, print statements — generated by a background
agent, appear on the console and in the Miscellaneous events view of the
log (LOG.NSF).
For more information on the Log_AgentManager setting, see the
appendix “NOTES.INI File.”
Troubleshooting
busy before delay” field in the Server document. Domino 5 and
higher does not support this field.
Note If you allocate more resources to the Agent Manager, fewer
will be available to run other server tasks.
Troubleshooting 63-13
An agent isn’t running as expected
In addition to the possibility that there are errors in the agent code, an
agent may fail to run properly because the agent has insufficient access
or because the agent is not set to run on the given server.
1. Insufficient access in the database ACL can prevent an agent from
running properly. For example, a user may design an agent that
copies selected documents from database A to database B. If the user
— and by extension, the agent — doesn’t have Author access in the
ACL of database B, the agent runs, but it is not allowed to copy the
documents. To determine if this problem exists, examine the Agent
Log for access errors after the agent runs unsuccessfully.
2. If an agent won’t run on a particular server, check the Agent
Restrictions on the Security tab of the Server document. This section
contains the “Run personal agents,” “Run restricted
LotusScript/Java agents,” and “Run unrestricted LotusScript/Java
agents” fields that specify who has access to run agents on the server.
Although a user who has the appropriate access in the database ACL
may be able to create an agent on the server, without the appropriate
access in the Server document, the user can’t run the agent.
You should also check the Server Access section on the Security tab
of the Server document. This section contains the “Only allow server
access to users listed in this Directory,” “Access server,” and “Not
access server” fields, which allow and deny access to the server.
Because an agent inherits the access privileges of the person who
creates it, the agent can’t run on a server for which its creator does
not have access.
3. Scheduling conflicts may prevent an agent from running. In the
Server document, click the Server Tasks - Agent Manager tab and
check the “Daytime Parameters Start time/End time” and
“Nighttime Parameters Start time/End time” fields. Any time not
specified in these fields represents downtime; if a user creates a
scheduled agent and specifies that it run during the server’s Agent
Manager downtime, the agent will not run. Compare these fields in
the Server document to the time the agent is scheduled to run. If a
conflict exists, change the Agent Manager schedule on the server, or
ask the user to reschedule the agent.
4. If a LotusScript or Java agent terminates before completing its tasks,
check the “Max LotusScript/Java execution time” fields in the Server
document. If a complex agent requires more time than is scheduled,
the Agent Manager terminates the agent before completion.
Ask the user to reschedule the agent to run at night, when the default
maximum execution time is longer; or increase the value of the “Max
Troubleshooting 63-15
3. Edit the NOTES.INI file to include the Log_AgentManager setting
and set it to 1. You can also enable this setting in the Configuration
Settings document in the Domino Directory.
4. For servers running Domino 4.6 or earlier, the “Max % busy before
delay” setting may have been exceeded. The “Max % busy before
delay” setting on the Server Tasks - Agent Manager tab of the Server
document controls the maximum percent of time the Agent Manager
spends running agents. If the percentage of time is exceeded, a delay
occurs before Agent Manager runs the next agent. After the
percentage falls below the threshold, Agent Manager resumes
running agents.
For more information on NOTES.INI settings, see the appendix
“NOTES.INI File.”
Troubleshooting
overnight, if possible.
Use a Domino 6-compliant backup program so users can access
databases on a server that is being backed up. Users can make changes to
databases as a backup occurs because Domino provides a point-in-time
image of the database, beginning with the time the database backup
starts.
Troubleshooting 63-17
The server is continuously updating a full-text index
If a database is large and active, database performance can be slow if the
server updates a full-text index too frequently. Change the full-text index
update frequency if necessary.
For more information on update frequency, see the chapter “Setting Up
and Managing Full-text Indexes.”
Troubleshooting
member of a group group, even if the individual access level is
lower than the group level.
A name is included in two or The name receives the access of the group with
more groups the highest access.
A name appears in an ACL The ACL controls database access; design
and in access lists associated element access lists refine this access to a lower
with forms, views, or level. For example, if a user has Author access to
sections a database but is not listed in the access list for a
form in the database, the user cannot use the
form to create a document.
Troubleshooting 63-19
For more information on creating access lists that refine access to specific
design elements, see the book Application Development with Domino
Designer.
Directories — Troubleshooting
These topics describe how to troubleshoot problems related to:
• Directory assistance
• Directory catalogs
• LDAP service
• Extended ACL
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Troubleshooting
WebAuth_Verbose_Trace.
Troubleshooting 63-21
2. Set “Trusted for credentials” to Yes for at least one naming rule in
the Directory Assistance document. The rule or rules should
correspond to the names of the Internet users you want to
authenticate.
3. Enter the secondary directory’s Domino domain in the “Domain
Name” field. Do not enter: the name of a condensed Directory
Catalog, the name of the server’s primary domain, or a domain name
that is used in another Directory Assistance document. If you created
the secondary directory manually and it’s not associated with a
Domino domain, make up a unique domain name.
4. If you use name-and-password authentication, and you choose the
authentication option “Fewer name variations with higher security,”
make sure users provide either their hierarchical names or common
names for authentication rather than first names, last names, or short
names only.
For more information on this server authentication option, see the
chapter “Setting Up Name-and-Password and Anonymous Access to
Domino Servers.”
If you include groups of users in database ACLs on the server that
authenticates, store those groups in the server’s primary Domino
Directory and/or in one directory enabled for “Group authorization” in
the directory assistance database.
Troubleshooting 63-23
8. If the directory is on a remote LDAP directory server that doesn’t
allow anonymous connections, make sure you’ve entered a user
name and password in the “Optional Authentication Credential”
section of the Directory Assistance document.
9. If the members of groups on a remote LDAP directory server change,
stop and restart the Domino server that connects to the LDAP server.
This ensures that the Domino server flushes its group cache and
retrieves the most up-to-date group information.
Troubleshooting
locally.
Troubleshooting 63-25
5. Select the Since field and look in the box on the right to see the date
and time the Dircat task last ran on all of the directories specified in
the Directories field. If either of the following is true, run the Dircat
task again:
• If there are fewer time/date stamps than directories — for
example, if there are four directories in the Directories field but
only two time/date stamps — when the Dircat task last ran, it
attempted to rebuild the source directory catalog but didn’t
complete the task.
• If the time/date stamps are older than expected, the Dircat task
may not have run to completion when it last did an incremental
update of the source directory catalog.
Troubleshooting
condensed Directory Catalog fails
If you’re having difficulty setting up a server to use a condensed
Directory Catalog to look up names and passwords to authenticate
Internet users, take these steps to troubleshoot the problem.
Note These steps do not apply to authentication using an Extended
Directory Catalog.
Troubleshooting 63-27
1. Test that authentication using directory assistance alone is working.
• Temporarily disable the directory catalog. Remove the directory
catalog file name from the server’s primary Domino Directory.
Remove the directory catalog file name from the Directory Profile
and from the Basics tab of the Server document; the file name is
probably stored in only one of these locations but if it is in both
locations, remove the name from both.
• Restart the appropriate Internet protocol server task. For example,
for a Web server, restart the HTTP task.
• Verify that the server can authenticate to each secondary Domino
Directory configured in the directory assistance database that you
want to use for authentication. If authentication fails, go to step 2.
If authentication is successful, go to step 3.
2. If you are trusting all the aggregated directories for authentication,
make sure you’ve selected the option on the Basics tab of the Server
document: “Trust the server based condensed directory catalog for
authentication with internet protocols.”
If you are trusting for authentication only some of the aggregated
directories, make sure you’ve created a Directory Assistance
document for each of the directories to trust in which the users to
authenticate are registered. In each Directory Assistance document,
verify that you’ve done the following:
• Set “Trusted for credentials” to Yes for at least one naming rule in
the Directory Assistance document. The rule or rules should
correspond to the names of the Web users you want to
authenticate.
• Enter the secondary directory’s Notes domain in the “Domain
Name” field. Do not enter: the name of the directory catalog, the
name of the server’s primary domain, or a domain name that is
used in another Directory Assistance document. If you created the
secondary directory manually and it’s not associated with a Notes
domain, make up a unique domain name.
• In the Replicas tab of the Directory Assistance document, make
sure one of the replicas specified is the same replica of the
secondary directory specified in the “Directories to include” field
in the directory catalog Configuration document.
Do not specify a replica of the directory catalog.
Troubleshooting 63-29
The full-text index can become corrupted if there is not enough disk
space to build the index or if you shut down the Notes or Domino
Administrator client before the index is entirely built. To correct the
problem, delete and then recreate the full-text index.
Troubleshooting
Troubleshooting 63-31
LDAP searches are slow
If LDAP searches are slow, do the following on the replica of the primary
Domino Directory. If you extend LDAP searches to secondary Domino
Directories, also do the following on each replica of the secondary
directory.
1. Create a full-text index for the directory.
2. If you’ve created a full-text index for the directory and performance
is still slow, consider editing the value of these LDAP configuration
fields:
• “Maximum number of entries returned” limits the number of
entries that the LDAP server can return. By default there is no
limit, but you might set a limit of 100 entries, for example.
• “Timeout” limits the amount of time that LDAP searches can take.
By default, there is no limit, but you might set a limit of 60
seconds, for example.
• “Minimum characters for wildcard search” increases the number
of characters that users must enter before the first wildcard in a
substring search filter. The default is 1. Don’t specify 0 unless the
directory is very small; specifying 0 can result in slow searches.
For more information on improving LDAP service performance, see the
chapter “Setting Up the LDAP Service.”
Troubleshooting
3. If the LDAP user has Author access in the ACL, verify that the LDAP
user has the proper Creator Role ([UserCreator], [GroupCreator],
[ServerCreator] for the type of entry being added.
4. Verify that Form Properties are correctly set to allow the LDAP user
to create documents with the form used to add the entry.
Troubleshooting 63-33
LDAP clients can’t connect to the LDAP service over SSL when the
server uses a self-signed Domino server certificate
If the server that runs the LDAP service uses a self-signed Domino
certificate, non-Notes LDAP clients can only perform LDAP searches
over SSL if they first connect to the Domino server over SSL using a
different protocol (for example HTTPS or IMAP). The client software
then presents a warning dialog stating that the server’s self-signed
certificate is not issued by a trusted Certificate Authority and gives the
users the option to accept the certificate. The users must accept the
certificate before they can perform LDAP searches over SSL.
Troubleshooting
field and the text (TRUNCATED) shows in the tab of the document.
In addition, the user is unable to edit the document, even if the user
has write access to the fields in it.
• If you deny a Notes or Web user access to a field in a document that
a view uses to sort the document, the name of the document is blank
in the view. The user can still select the document to open it.
• To delete a document, a Notes or Web user must be able to see the
document in a view. To see a document requires Browse access to the
document.
Troubleshooting 63-35
• To create a document, a Notes or Web user or a Notes application
must have Create access to the document as well as Write access to
the fields to which the user/application will add values.
Mail trace
To troubleshoot mail routing or test mail connections, trace a mail
delivery to test whether a message can be successfully delivered without
actually sending a test message.
1. From the Domino Administrator, click the Messaging - Mail tab.
2. If necessary, click Tools to display the tool bar.
3. From the tool bar, click Messaging - Send Mail Trace.
4. Complete these fields, and then click Send:
Field Enter
To The mail address of a particular user
Subject The subject of the trace
Send delivery Choose one:
report from Each router on path to receive a delivery report from each
router on the path
Last router only to receive a delivery report from the last
router only
Troubleshooting
• Mail routing topology by named networks
Undelivered mail
From the Domino Administrator, click the Messaging - Mail tab, then
select Mail routing status. You can also check for undelivered mail in the
mail routing events view in the log file (LOG.NSF).
Troubleshooting 63-37
Mail routing event generators
Using a mail routing event generator, you can test and gather statistics
on mail routes.
For more information on probes, see the chapter “Monitoring the
Domino Server.”
User can’t receive any mail, including mail sent by users whose mail
files are on the same server
If a user can’t receive any mail, including mail sent by other users whose
mail files are on the same mail server, check the Mail Routing Events
view of the workstation’s log file for deliveries. Also, check the
MAIL.BOX file on the user’s workstation to see if mail is being trapped
there. Modify the Log_MailRouting setting in the NOTES.INI file to log
more detailed mail routing information on the console and in the log file.
Troubleshooting
Check the Domino Directory for multiple occurrences of the recipient’s
name. There may be more than one Person document for a user, or a user
and a group may have the same name.
Troubleshooting 63-39
“User not listed in the Public Address Book” appears with returned
mail
If the recipient’s name is misspelled, mail is returned to the sender, along
with the message “User not listed in the Public Address Book.” If the
domain name is misspelled, mail is returned with the message “No route
found to domain name from server name.” Check the Domino Directory for
the correct spelling of the names, and resend the document.
Troubleshooting
document.
• An incorrect phone number (for dialup connections) in the
Connection document.
• A missing selection for “Mail Routing” in the Tasks field of the
Connection document.
5. If mail routing occurs through a non-adjacent or foreign domain,
check that the Domino Directory contains a correctly set up
Non-adjacent or Foreign domain document. For a non-adjacent
Troubleshooting 63-41
domain, verify that a Connection document to the intermediary, or
“middle,” domain also exists.
6. If your organization uses cascading address books, be sure that the
Names setting in the NOTES.INI file contains the correct names of
the cascading address books.
Then verify that the domain name is correctly spelled. To add the
Troubleshooting
Domain setting or correct the spelling of the domain name, enter this
command at the console:
Set Configuration Domain = DomainName
Troubleshooting 63-43
• Run the Fixup task with the -J option. Use this task if the database
is in Domino 5 or higher format and you are using transaction
logging. If you use a backup utility certified for Domino 5 and you
run Fixup -J, perform a full backup of the database as soon as
Fixup finishes.
If the corruption still persists, shut down the server and rename
MAIL.BOX — for example, rename it to BADMAIL.BOX. Then
restart the server to generate a new MAIL.BOX file, and copy any
uncorrupted documents from BADMAIL.BOX to MAIL.BOX.
6. Check for problems with modem connections.
For more information on errors that affect mail, see the topic “User can’t
receive mail, including mail sent by other users whose mail files are on
the same mail server” earlier in this chapter.
Troubleshooting 63-45
5. Check that the invitee saved his or her Calendar Profile after
upgrading the design to the Domino 4.5 or higher mail template.
6. Check that the user is included in the list of users who can read the
invitee’s Free time Schedule in the Calendar Profile.
7. Check that the free-time lookup finds schedule information for users
whose mail servers are in a foreign or adjacent domain. If the
free-time lookup fails, make sure a valid Domain document exists. In
addition, check the Calendar Server field in the Domain document to
make sure a valid calendar server has been defined for the domain.
8. Check that the mail servers are running the same protocol. The mail
servers must run the same protocol so that the servers can connect to
each other to perform a free-time lookup.
15. Click the check mark in the formula pane to accept the new formula.
Troubleshooting
16. Press ESCAPE, and click Yes to save the design.
17. Press ESCAPE to close the Designer.
18. Refresh the view so that all of the Note IDs appear in the database.
19. Find the Note ID that the Schedule Manager reported in the log, and
select that document in the view.
20. Choose File - Document Properties.
21. Click the Fields tab.
Troubleshooting 63-47
22. Scroll through the fields in the left box and search for a $BusyName
field.
23. Compare the information in the $BusyName field to the entries in the
BUSYTIME.NSF file and the Domino Directory. Make any
corrections.
Reading the message in the log file for a long setup string
When you customize a modem command file, you may include long
setup strings. If a long setup string contains an error, it may be difficult
to determine which command or parameter caused the problem.
Troubleshooting
6. Unplug other telephone extensions before you make an outgoing
call. You’ll lose the connection if someone attempts to use an
extension on the line you’re dialing out on.
7. Make sure that you’re using an analog line. If the phone system is
digital and your modem is analog, you won’t get a dial tone. Contact
your local phone company for an analog line.
8. Check the COM port, hang-up, dial time-out, and hardware flow
control settings. Port speed and hardware flow control settings
Troubleshooting 63-49
should be the same for modems that are trying to connect. To check
these settings, choose File - Preferences - User Preferences, select
Ports, select the COM port you want to check, and click COM
options.
9. Check the modem command file. Make sure that it’s the correct one
for your modem. Make sure it uses the correct syntax and is free of
any spelling errors, missing command parameters, and incorrect
settings or responses. Check the operating system time stamp and
last revision date of the file to make sure you’re using the correct
version of the file. To do this, use a file manager such as Windows
Explorer. Make sure you specified the correct directory for the file —
for example, the Notes\Data\Modems directory.
10. Check the Connection document in the Domino Directory. Make sure
the fields in the Connection document contain the correct
information for a dialup modem connection.
11. Check the Miscellaneous Events view in the log (LOG.NSF).
Sometimes modems that use the same modem standards can’t
connect to each other because of the way the manufacturer
implemented the standard. Contact the modem manufacturer to
resolve the problem.
12. Check the Phone Calls view in the log. Numerous CRC or
retransmission errors indicate that one or both modems detect
transmission errors. A damaged RJ-11 cord and/or poor phone line
quality may cause these errors. Try another cord and ask the phone
company to check the phone line.
The dialup server cycles through port speeds without initializing the
modem
If the log (LOG.NSF) indicates that the server continuously cycles
through port speeds without initializing the modem, the server isn’t able
to connect to or synchronize with the modem. Try these tips to solve the
problem:
1. Turn the modem on and off to reset it.
2. Check the cable connection from the server to the modem. Make sure
that the cable is attached to the correct port and isn’t damaged.
3. Make sure the communication port is correctly configured.
4. Specify a lower port speed. Choose File - Preferences - User
Preferences and select Ports. Select the port you want to modify, and
select COM Options. Select a lower port speed.
5. Replace the serial card and RS-232 interface card with one that you
know works.
Troubleshooting
recognize mixed-case commands.
2. Make sure that commands in a long setup string do not exceed the
character limit for the modem. Use the Setup=AT command at the
beginning of each line to split the setup strings into smaller sections.
Troubleshooting 63-51
Platform statistics — Troubleshooting
These topics describe common problems with monitoring statistics. You
can also search for solutions to common problems on the Lotus Support
Services Web site at www.lotus.com/support.
• Platform statistics are not fully initialized
• Setting up platform statistics on Windows NT and Windows 2000
systems
• System configuration issue for platform statistics on Windows NT
and Windows 2000 systems
Wait a few minutes and then issue the Show Stat Platform command
again.
The probable cause for this message is that platform statistics detected
that the Network Interface Object was not enabled. Enable the SNMP
service.
The probable cause is that platform statistics detected that the logical
disk counters were not enabled. Enable logical disk counters.
When the statistics are ready to be displayed, the system displays the
Troubleshooting
following message, where n is the number of current transactions or
users.
n Transactions/Minute, n Users
Troubleshooting 63-53
nnotes.dll is set to the wrong path
Platform: Notes DLL directory is different from executable
directory. Edit the following Registry setting to conform to
the server being run
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\not
estat\\Performance\\Library.
Upon Domino startup, the path to the nnotes.dll is not set or is set
incorrectly. Multiple installations of Domino may exist on the system and
an earlier installation of Domino is being invoked. Make sure that
nnotes.dll is set to this path:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\not
estat\\Performance\\Library
When the error occurs, the value for the variable “Disable Performance
Counters” is set to 1, which disables performance counters for statistics
such as CPU utilization (Platform.System.PctCombinedCpuUtil) or
Memory (Platform.Memory.PagesPerSec). These counters are found
under the services PerfOS, PerfDisk, PerfProc and PerfNet.
Although the system may have set the “Disable Performance Counters”
variable under a period of extreme stress on the system, once it has been
set, this variable continues to disable all performance counters relating to
its.dll, until it is manually set back to zero or deleted.
To reset the default counters, search the registry for the phrase “Disable
Performance Counters.” If it occurs under PerfOS, PerfDisk, PerfProc or
PerfNet, manually set it back to zero or delete the entire variable.
Troubleshooting
2. If the requesting system didn’t try to connect on a specific Notes
network port that you want to use, check that the port is enabled.
3. If the port is enabled, make sure that the server is not down.
4. If the server is running, check whether you have a local Connection
document for it, and if so, check that the port you want to use is
selected in that document.
Troubleshooting 63-55
5. If you still cannot connect, it is probably because no address can be
found for the server in the given protocol. Create or modify a local
Connection document to include the server’s protocol-specific
network address.
For more information on ports and Connection documents on Notes
workstations, see Lotus Notes 6 Help.
For more information on server ports and server name-to-address
resolution, see the chapter “Setting Up the Domino Network.”
6. If you still cannot connect, see the procedures that apply to the ports
you have enabled:
• Troubleshooting TCP/IP for NRPC
• Troubleshooting IPX/SPX
For information on preparing to call Lotus Support Services for a
network problem, see the topic “Contacting Lotus Support Services”
earlier in this chapter.
Troubleshooting
When a system running TCP/IP makes each outbound connection,
the TCP software automatically selects a local port number and
assigns it to the connection. This is required in the TCP architecture
so that the server can return packets to the client. This same port
number cannot be used by any other outbound or listening socket
until it is freed. Port numbers in the range 1 - 1024 are called
reserved ports because they are reserved for well-known system
services. The TCP software never uses reserved ports when it must
select a client-side port number at random. Rather, it selects at
Troubleshooting 63-57
random a number from a range above 1024 called the ephemeral port
range. The Internet authority uses the low-end range above 1024 to
assign port numbers to registered applications such as Lotus
Notes/Domino’s NRPC services, which use 1352. Microsoft uses the
ephemeral port range of 1024 - 5000. Therefore, when a server on a
Windows system makes an outbound connection, the ephemeral port
number chosen might be 1352. When this happens and Domino is
started, the NRPC port fails to bind. Often, on startup, servers on
Windows systems make outbound connections to the NetBIOS
session service well-known port and keep these connections active
until the system is restarted. This is the cause of the problem.
Note Most UNIX systems use an ephemeral port range that is at the
top-end of the range of ports, such as 45000 - 65000, so that there is
not likely to be a conflict between the ephemeral port number chosen
and registered port numbers.
To determine if this is the cause of the problem, run Netstat -n -a. If
what you see is similar to one of the following examples, the system
is using port number 1352 and the Domino server cannot start. To
solve this problem, restart the system.
Example 1: Netstat -n -a output of the Domino server active on the
local system using port 1352 as a server
Proto Local Address Foreign Address
State
TCP 10.20.4.137:1352 0.0.0.0:0
LISTENING
Example 2: Netstat -n -a output of the local system accessing an
external system using port 1352 ephemerally
Proto Local Address Foreign Address
State
TCP 10.20.4.137:1352 10.30.10.1:139
ESTABLISHED
To prevent future ephemeral bind conflicts on Windows systems, use
the following instructions to add a registry value that forces TCP to
skip port 1352 when it selects an ephemeral port number:
Run Regedt32 (not Regedit — Regedit does not support the data type
required for the value) and enter the following:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcp
ip\Parameters
Value Name: ReservedPorts
Data Type: REG_MULTI_SZ
Value: 1352-1352
Troubleshooting
Listener task for port <portname> is suspending for 20 seconds due to
listen errors.
See the message “Error on Listen function” earlier in this topic.
Troubleshooting 63-59
The remote TCP/IP host is not running the Domino server, or the
server is busy.
The server is currently not running, or the server can’t accept another
TCP/IP connection or Domain session. Start the server, or verify that it is
running. Check the server to determine if its workload is unacceptably
heavy.
The TCP/IP protocol stack reported that it ran out of memory. Consult
your network documentation to increase configured memory, or
reduce Notes connections by limiting clients (see
SERVER_MAXSESSIONS parameter in Notes Admin Guide).
This error can occur when your server system’s resources are not
correctly sized for the number of inbound and outbound connections or
when events push the server into resource starvation.
• If system memory appears to be low, increase it.
• If you are using Windows NT, you may be encountering a page file
limit. Both Domino and the TCP/IP stack use shared memory. If the
page file is not large enough or the number of pages exceeds what
the operating system can provide, this error appears. Upgrade the
operating system to Windows 2000 with Service Pack 2.
• If inbound client and server connections or the server’s own
outbound connections seem to be experiencing network stability
problems, verify the health of the network by using Netstat with the
-n switch (to disable reverse DNS lookups) and output the listing to a
file. Import the listing to a spreadsheet and count the total number of
connections. Then break the connections down by their state
(Established, Time_Wait, Close_Wait, Fin_Waitn). You should be
able to support more than 2,000 concurrent connections. If not,
review your operating system and TCP/IP stack settings with the
operating system and TCP/IP stack vendor. If you have a large
number of Close_Wait sessions, you may have network-level
problems. If you have a buildup of Time_Wait sessions with HTTP
services, review your TCP/IP stack’s settings to see if the stack offers
a setting to time out Time_Wait sessions sooner.
As a temporary solution or if you can’t make any alterations to the
system or TCP/IP stack, you can limit the number of NRPC sessions the
server will support concurrently, but there will be a performance cost for
doing so. To limit the number of concurrent NRPC sessions, do one of the
following:
• Edit the Port_MaxSessions setting in the NOTES.INI file to limit the
number of sessions that can run on this port.
• Edit the Server_MaxSessions setting in the NOTES.INI file to limit
the total number of active sessions the server can have.
Troubleshooting
VPN client software you can encounter packet sizing issues on the Notes
client or Domino server and/or with the firewall system’s VPN services.
The connection has timed out.
The establishment of the connection took longer than the expected
default of 5 seconds. This can happen when the connection is over a
dial-on-demand ISDN modem connection, remote bridge, or router.
From the Port Setup dialog box, increase the TCP/IP connection-time-out
interval. On a normal LAN, it is best to enter a value of no greater than
Troubleshooting 63-61
10 seconds, as the client or server won’t retry the connection until the
timer has expired.
To access the Port Setup dialog on a Notes client, use File - Preferences -
User Preferences and click Ports. To access this dialog box for a Domino
server, use the Domino Administrator’s Configuration tab and select
Server - Setup Ports from the Tools pane.
Once in the Port Setup dialog box, select the TCP/IP port and click the
port name Options button.
The server is not responding. Possible explanation.
Variations of this error can occur when name-to-address resolution has
completed on the local system, but the server would not respond to that
address. The causes of this error include:
• The Notes Name Service cache in the current Location document
contains a numeric IP address that it originally obtained from the
Server document (Net Address field) of the target Domino server,
and the Server document has since been updated with a new IP
address. Using only host names in the Net Address field makes this
error less likely to occur, as host names usually don’t change.
• The contents of the Net Address field returned by the Notes Name
Service is not the active address, either because of a typographical
error, or because there is more than one enabled Notes network port
for TCP/IP and the port listed first in the Server document is offering
a different FQDN than the second. In this case, if you are trying to
connect through the port listed second, the connection fails.
• The address returned by DNS or hosts files is not the correct address
or is not correct for this location.
To resolve problems associated with this error, follow all the steps in the
topic “How to troubleshoot TCP/IP problems in NRPC” later in this
chapter. To resolve problems involving advanced TCP/IP configurations
(more than one enabled port), see the chapter “Setting Up the Domino
Network.”
Note Verify that the ordering of the name lookup services is “Host”
first and “DNS” second; otherwise, the hosts file entries may not be
used when you expect them to be (excluding the NetBIOS Name
Service).
3. If you use the Network Information Service (NIS) for name
resolution, ask the UNIX system administrator responsible for the
NIS domain to register the server’s IP address and host name. If the
server name does not match the TCP/IP host name, request that the
server name be registered as an alias for the host name.
4. If you’re using DNS for name resolution, ask the administrator
responsible for the DNS domain to register the server’s IP address
and host name. If the server name does not match the TCP/IP host
name, request that the server name be registered as an alias
(CNAME) for the host name and place the host name in the TCP/IP
port’s Net Address field in the Server document. For example, for a
Domino server named Sales/Boston/Acme with a host name of
Troubleshooting
app01 for the A record, the CNAME record would be sales. The Net
Address field contains either the simple host name, app01, or the
FQDN, app01.acme.com. In the case of port mapping, each
port-mapped server’s common name is added as a CNAME to the A
record for the base port-mapping server.
For more information on DNS resolves, see the topic “Checking TCP/IP
name resolution in NRPC” later in this chapter, as well as the chapter
“Setting Up the Domino Network.”
Troubleshooting 63-63
How to troubleshoot TCP/IP problems in NRPC
To troubleshoot a network problem when using NRPC services over
TCP/IP, do the following in the order shown:
1. Check connectivity.
2. Check name resolution.
3. Check network layout (large LAN or WAN issues).
5. Ping the server by DNS alias name from the server itself to verify it
was added to the network correctly. Then ping the server from the
workstation. Ideally the server host alias names all should be the
same as the Domino server names. Sometimes the server’s FQDN
may differ from the Domino server’s. That is when the alias name is
used, being the same as the Domino server’s name.
For example, type:
PING Iodine
Troubleshooting
• If present, the default gateway
If new information appears when the computer is restarted, record
the information and call Lotus Support Services.
After you’ve gathered this information, perform the procedure
“TCP/IP name resolution in NRPC.”
Troubleshooting 63-65
Operating system Command/location to use Explanation
Macintosh Control Panel, TCP/IP, Not applicable
Load Ping, “TCPIP
Config” window
UNIX/Linux ipconfig <interface Different switches or
name> or commands may be required for
ifconfig <interface each UNIX platform; consult a
name> UNIX expert if necessary.
Windows ipconfig (or see the Issue this command at a
NT/2000/XP Network settings in prompt, or see the Network
Control Panel) settings in Control Panel.
Windows 95/98 winipcfg (or see the Issue this command at a
Network settings in prompt, or see the Network
Control Panel) settings in Control Panel.
2. Look at the Server document and determine if the first part of the
server’s fully qualified domain name (FQDN) in the TCP/IP port’s
Net Address field is the same as the server’s common name. For
example:
FQDN = mailhub1.lotus.com
Server common name = Mailhub1
If this is not the case, a name resolution alias is required in the hosts
file or DNS table.
Note If the first part of the FQDN is the same as the server common
name, the problem may be within DNS. For more information, see
the vendor’s documentation for the DNS server.
3. If the Server document has changed recently, restart the server in
order for the changes to take effect.
After you finish checking name resolution, see the topic “Checking a
TCP/IP network pathway” later in this section.
Troubleshooting
If checking name resolution did not solve the problem, check each
network pathway. Be sure to record the information you gather.
Using the Trace Route utility
Use the TRACERT command to determine what network pathway lies
between the source and destination systems. This command determines
the route from one host to another through the network, and displays an
ordered list of the routers in the path with the IP addresses of the
near-side interface of the routers.
Troubleshooting 63-67
Note A dedicated Trace Route utility may not be available on all
platforms, and your firewalls are most likely blocking the ICMP
sub-protocol of IP. Consult the site administrator to see if there is an
equivalent for your platform.
To use TRACERT, type the following at the prompt:
TRACERT servername -d
In this example, there are two IP routers between the workstation and the
server (three, minus the first one which reported itself, leaving two).
Checking the Maximum Transmission Unit (MTU)
Each end-node system and router port on the network has the ability to
control the size of the TCP/IP packet. Each NIC (port) can have its MTU
set to a different value, and each topology has a different default value.
The network administrator can increase or decrease this setting to meet
the requirements of the network. MTU traffic issues are handled at the
TCP/IP level and not within Notes workstations or Domino servers.
If any of the following situations exist, suspect an MTU problem, and
contact your network administrator:
• There is a mixture of Ethernet and Token-Ring or FDDI network
topologies on the LAN/WAN.
• There are routers between the source and destination of traffic that
could be set up with an incorrect MTU size.
• You are using VPN services across the Internet.
• ATM is being used with emulation [LANE].
TCP/IP frame types
Most UNIX, AS/400, or S/390 systems offer both frame types for 802.3
(Ethernet) to Ethernet V2 (DIX) and SNAP by default. You can remove
Note If using a NetWare server as a TCP/IP router, make sure that the
NetWare and Domino server systems are using the same common frame
type for TCP/IP and that only one frame type is being used to support
the TCP/IP protocol in a flat or bridged network.
Troubleshooting
Troubleshooting 63-69
Troubleshooting IPX/SPX network problems
All Domino server access is through the sub-protocol SPX or SPXII. Both
Notes clients and Domino servers use IPX’s NetWare Core Protocol
(NCP) service for name-to-address resolution.
Protocol limitations in the following areas may affect your ability to use
the Domino NRPC protocol over SPX:
• Frame types in the IPX/SPX network
• Source-routing bridges in Token-Ring networks
• IPX name resolution services (Bindery and NDS)
For common error messages in IPX/SPX, see the topic “IPX/SPX error
messages” later in this chapter.
Troubleshooting
by a source-routing bridge can’t be seen. You may need to apply
source-routing services to the IPX/SPX protocol to pass across a
source-routing bridge network.
Note You must assign the Token-Ring bridge a unique number. If the
bridge connecting two token rings does not have a unique number, the
IPX/SPX connection fails. The NetWare servers, Domino servers, and
other switches or bridges on the given Token-Ring network all share a
common IPX network number within the bridged domain.
Troubleshooting 63-71
1. Make sure that the IPX/SPX network frame types are correctly
configured.
2. Make sure that you have the latest versions of the IPX/SPX protocol
services installed on the all of the Notes clients, Domino servers, and
NetWare servers.
3. Make sure that the Domino server located on the Token-Ring
network that is using source routing can access a local NetWare
server that has source routing enabled, so that either the Bindery or
NDS name resolver service can be established. You must implement
Novell’s source-routing NetWare Loadable Module (NLM) in an
IPX/SPX network.
4. Check that the switch or bridge configuration can support the frame
sizes that the IPX/SPX protocol is using. Many units limit the buffers
to 4096 or 4500 octets (bytes). The IPX/SPX protocol stack settings on
Notes clients or Domino servers may also need to be altered so that
they don’t exceed the switch’s or bridge’s frame size limit.
*Domino servers can support only one Bindery context entry that the Notes
client and/or Domino server systems can access.
** Recommend filtering Bindery service advertising protocol (SAP) services over
WAN links if there are any Bindery-only devices present on the network.
Troubleshooting
installing the SPX port driver. This error occurs when a Novell file server,
to which you need to register the Domino server’s name, is unavailable
or the Domino server can’t reach it over the frame type it is using.
If an attempt to log into a Novell server from the Domino server fails or
an SLIST shows no Novell servers are available, the network
administrator must analyze the network to find out why the Domino
server can’t access a Novell file server so that either the Bindery or NDS
name resolve service can be invoked.
Troubleshooting 63-73
NetWare IPX/SPX could not be initialized: Packet size is too large.
This message appears when you have a mix of frame types in use for the
IPX/SPX protocol. Review the frame type the NetWare server and
Domino server are using to make sure that only one common IPX/SPX
frame type is enabled across all of the server systems and network
routers.
NetWare service advertising (SAP) failed to start. Internal error in
Notes NetWare port driver.
Depending on which IPX/SPX stack you are using, you might need to
start the SAP service so the Domino server can register its name with
either the Bindery or NDS name resolve service.
Unable to get default NetWare file server connection.
The server or workstation is unable to read the Domino server network
address from NetWare bindery. The default NetWare file server isn’t
responding to requests. Check that a NetWare file server is available on
the network and that all required NetWare client software is installed
and running.
Unexpected NetWare error. See the log file on this system for error
code.
Contact Lotus Support Services.
Unexpected NetWare IPX or SPX error. See log file for error code.
Contact Lotus Support Services.
Troubleshooting 63-75
Modem does not respond
The modem is not turned on or is not connected.
The modem software is not configured properly.
Error messages
This section lists common error messages displayed on the server console
or at the Notes client, and provides information on what caused the error
and how to recover from it.
Troubleshooting
To test a connection to a server, use the Trace command, which provides
detailed information about each step in a server connection. Using the
results of a trace command, you can troubleshoot network connection
problems.
When you attempt to connect to a server, network trace information
automatically appears on the status bar of a Notes workstation or on the
server console, depending on where you initiated the connection attempt.
You can use the NOTES.INI Console_LogLevel setting to control the
level of detail that messages on the status bar contain.
Troubleshooting 63-77
To trace a connection, you can enter this command at the console:
Trace servername
For more information about the Trace command, see the appendix
“Server Commands.”
After modifying the NOTES.INI, stop and restart the server so that
the changes take effect.
3. Make sure that the port number appended to the destination server’s
IP address matches the port number in the NOTES.INI file on the
destination server. Also, verify that the server name and
organization are correct.
For example, this setting in the port-mapping server’s NOTES.INI
file assigns the destination server’s IP address and port number:
TCPIP_PortMapping00=CN=Server1/O=Org1,198.114.89.123:135
20
Troubleshooting 63-79
You can also use the “Access this server” field in the Server
document to restrict who can use passthru to access a server. If this
field is blank on the destination server, the server does not allow
passthru access. Only the users, groups, and servers explicitly named
in this field have passthru access. Note that this field does not restrict
general access to the server, which is controlled by fields on the
Security tab of the Server document.
3. Make sure that the Connection document is properly configured.
Check the log for the message “Unable to find any path to
ServerName,” which indicates that there may not be enough
information in the Domino Directory to determine how to reach the
destination server or that the information in the Domino Directory is
incorrect — for example, server names might be misspelled.
For more information on setting up and tracing connections, see the topic
“Tracing a network connection” earlier in this chapter, as well as the
chapter “Setting Up Server-to-Server Connections.”
Replication — Troubleshooting
These topics describe how to troubleshoot replication.
• Tools for troubleshooting replication describes tools you can use for
troubleshooting replication problems.
• Replication - Problems and error messages describes problems and
errors that users or Domino servers may experience during
replication.
You can also search for solutions to common problems on the Lotus
Support Services Web site at www.lotus.com/support.
Cluster replication
The log file (LOG.NSF) provides helpful information for troubleshooting
replication problems within a cluster.
Monitoring Configuration
The Monitoring Results database (STATREP.NSF) is a repository for
pre-configured and custom statistics. It is created when you load the
Collect task, if it doesn’t already exist. You can set alarms for some of
these statistics. For example, you might set an alarm to generate a Failure
report when more than three attempted replications generate an error.
You can also report statistics to any database designed for this purpose,
although typically the database is the Monitoring Results database
(STATREP.NSF).
Note that you can edit the NOTES.INI file to include the
Repl_Error_Tolerance setting, which increases the number of identical
replication errors between two databases that a server tolerates before it
terminates replication. The default tolerance is 2 errors. The higher the
value, the more often messages such as “Out of disk space” appear.
If you run the Event task on a server, you can set up an Event Monitor
document to report replication problems. You can also create a
Replication Monitor document that notifies you if a specific database fails
to replicate within a certain time. To view events from the Domino
Administrator, click the Server - Analysis tab, click Statistics - Events,
and then view the desired report.
Troubleshooting
Replication history
The replication history for a database describes each successful
replication of a database. To view the replication history of a database,
select a database icon and choose File - Database - Properties (or File -
Database - Replication - History).
Troubleshooting 63-81
Replication schedules
You can see a graphical representation of the replication schedules of the
servers in your Domino system. To view replication schedules, from the
Domino Administrator, click the Replication tab.
For more information on viewing replication schedules, see the chapter
“Creating Replicas and Scheduling Replication.”
Troubleshooting
4. Check the Miscellaneous Events view of the log to see if a network
error message occurred when the server attempted to connect to the
other server.
5. Check the Phone Calls view of the log to see if two servers are unable
to use dialup connections.
Troubleshooting 63-83
Scheduled replication isn’t occurring between two servers
1. Check that the server names are spelled correctly in the Connection
documents.
2. Make sure that multiple Connection documents don’t have
overlapping schedules for the same task in the same direction. If
multiple Connection documents have overlapping schedules, correct
the schedules or enable multiple replicators on the server.
3. If many users access a server or if a server performs many tasks, it
takes longer for Domino to build a list of the databases that two
servers have in common, a task that occurs just prior to replication. If
building the list takes a long time, a scheduled replication may be
delayed. Check server load statistics and, if necessary, replicate only
specific databases, remove obsolete databases from the servers,
and/or move some databases to another server. You can also reduce
the number of users who access the server or reduce the number of
tasks the server performs.
4. Make sure that the server has adequate disk space. If it doesn’t,
remove obsolete databases and/or move some databases to another
server.
For more information on the log file, see the chapter “Using Log Files.”
Troubleshooting 63-85
There is no destination server in an access list
Access lists allow only a subset of people and servers in the ACL to
access documents. If such access lists exist, add the destination server to
them in the source server replica. If the access list uses a role to define
access, add the destination server to the role on the source server replica.
For more information on server access, see the chapter “Creating
Replicas and Scheduling Replication.”
Replication settings
Some replication settings cause one replica to receive only a subset of
documents and features from another replica.
View indexes
A view is used in one replica but not in another, and the replica
containing the unused view is smaller because no index is built for the
unused view.
Troubleshooting
Notes client:
• On the Advanced panel, the Deletions option under “Replicate
incoming” is not selected.
• On the Send panel, the “Do not send deletions made in this replica to
other replicas” option is selected.
Unused space
One replica has been compacted while another has not been compacted.
Troubleshooting 63-87
The database stops replicating and the option Enforce a consistent
ACL is selected
If a user changes a local or remote server database replica’s ACL when
the “Enforce a consistent access control list across all replicas of this
database” option is selected, the database stops replicating. This option is
found on the Advanced panel of the Access Control List dialog box. The
message in the log file is:
Replication cannot proceed because cannot maintain uniform
access control list on replicas
The new replica contains the ACL of the source server but you did
not copy the ACL
A replica stub is an empty replica that has not yet been populated with
documents. When you select File - Replication - New Replica, Notes
creates a replica stub and populates it with documents, either
immediately or at the next scheduled replication, depending on the
option you select.
For more information on server access, see the chapter “Creating
Replicas and Scheduling Replication.”
The server storing the replica stub doesn’t have adequate access to
pull information
If you rely on scheduled replication to populate a replica stub, the server
storing the replica stub must have at least Reader access in the source
server replica ACL to pull the documents from the source server.
For more information on server access, see the chapter “Creating
Replicas and Scheduling Replication.”
Replication is disabled
Notes cannot populate a replica stub if replication is disabled on the
source or destination server replica. To check if replication is disabled for
the database, see if the “Temporarily disable replication” option is
deselected. This option is found on the Other panel of File - Replication -
Settings in the Notes client.
Troubleshooting
level privilege “Delete documents” selected.
Troubleshooting 63-89
A replication setting is preventing deletions from replicating
Check these replication settings in File - Replication - Settings in the
Notes client:
• On the Send panel, the option “Do not send deletions made in this
replica to other replicas.” A source server doesn’t send deletions to
another replica if this setting is selected.
• On the Advanced panel, the Deletions option under “Replicate
incoming.” A replica doesn’t receive deletions if this setting is not
selected.
Troubleshooting
commands, the console has been password-protected.
Use the Set Secure command at the console or use the Domino
Administrator to clear the password.
For information on using the Set Secure command, see the appendix
“Server Commands.”
Troubleshooting 63-91
Users can’t see a new server in the list of servers
If users can’t see a new server when they try to add, create, copy, or
replicate a database, make sure that the Domino Directory contains a
Server document for the new server and that the information in the
document is accurate and correctly spelled. If no Server document exists,
create one and then make sure that the new Server document replicates
to all servers in the domain. If a Server document exists and contains
accurate information for the new server, check the log file on both the
user’s home server and the inaccessible server to see if there are network
problems.
Checking the Domino Directory for errors that affect server access
Many conditions that prevent proper access to servers can be traced to
the Domino Directory.
1. Verify that these fields in the Server document contain the correct
information and spelling. For each change you make, be sure to save
the Server document before attempting to access the server again.
Field on the Check this
Network
Configuration tab
Server name Make sure that the full hierarchical server name is
spelled correctly.
Domain name Make sure that the name is spelled correctly.
Port If a COM port is listed, remove it. X.PC COM ports are
only handled in the ports configuration section.
Notes Network Make sure that at least one Notes Network is enabled.
Each port requires a unique Notes network name.
Troubleshooting
Access server Delete the contents of this field if it contains any
information. Only those names or groups listed in the
field are allowed to access the server.
Not access server Delete the contents of this field if it contains any
information. The users or groups listed in the field are
not allowed to access the server.
Troubleshooting 63-93
2. Make sure the Server document isn’t corrupted. To determine if it is
corrupted, create a new Server document and use it instead of the
old one. If the new Server document resolves the problem, it’s likely
that the original Server document is corrupted. Be sure to create a
backup of the original Server document by either copying and
pasting the original into another Server document or by backing up
the database.
After you create the new Server document, copy the public key into it.
3. Verify that the Certified public key in the server ID file is the same as
the Public key. To do this, copy the certified key and paste it into a
text file, and then compare the two key values, which should be the
same. If the values differ, the server ID was probably created with
the same name based on a different Certifier key. Before altering the
key, create a backup of the Domino Directory.
4. Check Group documents in the Domino Directory for correct user
and server names. In particular, check the Group documents for
groups listed in the “Access server” and “Not access server” fields in
the Server document. In addition, be sure to check the Group Type
setting of these Group documents. The Group type assigned to a
group can affect server access.
5. Resolve any replication or save conflicts in the Groups and People
views.
6. Make sure that all views in the Domino Directory are updated and
not damaged. To rebuild all of the views in that database, enter this
command at the console:
Load updall names.nsf -r
Troubleshooting
3. Check for a “Public Key...” message that appears when the server
starts. Verify that the public key stored in the Server document
matches the public key stored in the server ID. To do this, copy the
ID’s public key to the clipboard, and then paste it to another
application — for example, into Windows Notepad — so that you
can compare it with the public key in the Server document. Be sure
to perform a full backup of the Domino Directory before altering the
key.
Troubleshooting 63-95
Replacing the server ID
If you suspect that the server ID is damaged, replace it with a backup of
the ID. If you don’t have a backup of the server ID available, create a new
server ID. Be sure to use the same name on the new ID as you used on
the old ID.
1. Shut down the Domino server.
2. Rename the old server ID — for example, Server.OLD. You must
rename the ID to force the ID file to a new location on the hard disk.
3. Copy the backup (or new) server ID to the correct location on hard
drive. ID files are typically located in the Notes\Data directory.
4. Restart the server.
Troubleshooting 63-97
5. If possible, capture the last screen displayed on the console or save
the Console Log file.
6. Stop all tasks running on the Domino server, and then stop the
Domino server.
7. If an NSD log file was created, verify the time and date of the file,
which should coincide with the time and date of the crash. If
necessary, Lotus Support Services will use this file to identify where
the crash occurred.
Note If a crash doesn’t produce an NSD log file, the server may be
out of disk space or memory.
8. Restart the server.
9. Check the Miscellaneous Events view in the log. Record all entries
that occurred immediately before and after the crash. To do this,
double-click the appropriate entry to open it. In particular, look for
an NSF file in the entry, which may indicate where the crash
occurred. If a particular database appears to have caused the crash,
check the replication history of that database for additional
information.
10. Collect these configuration files:
• CONFIG.SYS — For OS/2
• NOTES.INI — All platforms
• STARTUP.CMD — For OS/2
• PROTOCOL.INI — For OS/2
• NET.CFG — For OS/2 and NetWare
• AUTOEXEC.NCF — For NetWare
• STARTUP.NCF — For NetWare
• Windows diagnostics file — Windows NT
Note The Updall task can take a significant amount of time to run on a
large database. It will also take a significant amount of time if you run
Updall without specifying the database name, which forces the task to
run on all databases on the server.
Note The Updall task can take a significant amount of time to run
on a large database. It will also take a significant amount of time if
Troubleshooting
you run Updall without specifying the database name, which forces
the task to run on all databases on the server.
2. If Updall does not fix the problem, use this procedure:
a. Make a replica of the corrupted database. Be sure to give the
replica a new file name.
b. Delete the original corrupted database.
c. Use the original database file name to rename the new replica.
d. Restart the server.
Troubleshooting 63-99
The Router task causes the server to crash
In many cases, a crash occurs while a particular task is running. You can
often determine the task from the crash screen or from the NSD log file. If
the crash is related to the Router task, there could be a problem with
MAIL.BOX.
1. Rename MAIL.BOX.
2. Restart the server. The server will automatically create a new
MAIL.BOX.
3. Copy and paste the messages from the old MAIL.BOX to the new
MAIL.BOX.
Troubleshooting 63-101
CA process takes a long time to make changes to a certifier
When you create a new certifier, make changes to an existing one, or
revoke a certificate, the changes usually take place by the time the CA
process refreshes itself. Sometimes the process takes longer, because:
• The CA process has to create or update the CA configuration
documents, and, in the case of Internet certifiers, post a CRL.
• The CA process may be running on a server other than the one that
hosts the master Domino Directory, adding replication delays to the
process.
• Replication of the Administration Requests database can add delays.
A request or change may be approved on one replica, but the change
has to be replicated to other servers in the domain.
To see the results of any CA process operation immediately, at the server
console type:
tell adminp process all
Then
tell ca refresh
Then
tell ca stat
to see if the changes have been processed. You may need to repeat the
process more than once.
For more information about configuring and using a server-based CA,
see the chapter “Setting Up a Domino Server-Based Certification
Authority.”
Troubleshooting
6. Restart the server. Domino creates new log files and a control file and
assigns new DBIIDs to all Domino 5 or higher databases.
7. If “Automatic fixup of corrupt databases” is set to Yes in the Server
document, the Fixup task runs on the databases that require media
recovery or Fixup. Otherwise, you must run the Fixup task manually.
8. Perform full database backups.
If the error occurred during media recovery, an archived log file may
be corrupted.
Troubleshooting 63-103
9. Restart the server to correct the problem, and then stop the server so
it shuts down cleanly.
10. While the server is down, use the third-party backup utility to
perform media recovery. If the archived log still cannot be used,
allow database backups to be restored without the transactions in the
corrupted log.
11. Perform full database backups.
12. Restart the server.
Users are prompted multiple times for their name and password
You can configure Domino Web sites so that Domino authenticates and
asks Web users for their credentials only once when they access different
locations. Like other Web servers, Domino adheres to the HTTP
authentication model. When a user accesses a page on a Domino Web
site, the browser keeps track of user credentials, based on the realm that
Troubleshooting
Users can’t see a list of files on a Web server or access a database
When users try to use the OpenServer command to display a list of files
on a Web server and the message “Database browsing not allowed”
appears, make sure the option “Allow HTTP clients to browser
databases” is enabled in Server document for that server.
If users try to access a database and the message “Unauthorized
exception” appears, make sure they have the appropriate access in the
database ACL.
Troubleshooting 63-105
Browser receives error message “Single Sign-on not Configured”
when accessing an SSO enabled server
Verify that a Web SSO Configuration document exists for either a Web
Site or for the Server document and is enabled in the Session
Authentication field. If using Web Site documents, the Web SSO
Configuration documents appear in the Internet Sites view for the
specified web site. Otherwise, the Web SSO Configuration documents
appear in the Web Configurations view. You should also verify that the
Web SSO Configuration document is encrypted for the server to which
the browser is connecting, by checking the document to see that the
server is listed in the participating server field.
If the Server document’s public key does not match the public key in the
server ID file, then the decryption of the Web SSO document will fail.
This could happen if the ID file was created multiple times and didn’t
update the Server document correctly. Usually there is an error on the
server console indicating that the public key does not match the server
ID. If this happens, then SSO fails because the document could be
encrypted with a public key for which the server does not possess the
corresponding private key necessary for decryption. The way to correct
this is to copy the public key out of the server ID, paste it into the Server
document, and then recreate the Web SSO document.
Troubleshooting
Troubleshooting 63-107
If the host name is the Domino server’s common name, then the hosts file
or DNS will require an alias link as shown here:
2. Delete WEBADMIN.NSF.
3. Enter this command at the console:
load http
Note Do not try to refresh the database from the File menu using File -
Database - Replace Design or Refresh Design.
Troubleshooting
New policies do not appear as an option when registering users
If a policy that has been recently created does not appear as an option
during user registration, reload the Web Administrator so that the new
policy is available.
Troubleshooting 63-109
Server.Load — Troubleshooting
The dynamic link library NNOTES.DLL could not be found in the
specified path
Check to see if SLOAD.EXE was copied to the Notes program directory.
Copying SLOAD.EXE to the Notes program directory should resolve the
issue.
You can use server commands to perform all administration tasks. This
appendix describes how to enter server commands and provides
complete information on using each server command.
A-1
Capturing server command output in a file
Certain server commands display information that you might want to
capture in a file. Type the server command and on the same line, type a
space and then the following:
> filename.ext
where filename.ext is the name of the file to which you want to save
output. Enter a space after the server command but not after the
redirection symbol (>). For example, this command writes the output of
the Show Tasks command to the file TASKS.OUT in the Notes directory:
Show Tasks > TASKS.OUT
To store output in a file outside the data directory, specify the complete
path to the file.
Tip To save time and space at the command line, enter the
abbreviation for the server command. You can also press the Up
arrow to display a command that you previously entered.
4. (Optional) Use these key combinations, as necessary:
• Press CTRL+Q or PAUSE to stop the screen display and suspend
access to the server and events in process.
• Press CTRL+R to resume display and access to the server.
If you are sending several shell or Controller commands, you can change
to Shell or Controller command mode in a remote console by entering the
appropriate prefix in the Command box and pressing enter. Then you do
not have to specify the prefix each time you send a command. To exit the
specified command mode, enter the prefix again.
For example, to enter the Controller command mode, enter # in the
Command box. When you are done sending Controller commands, enter
# again to exit Controller command mode.
The following table describes the available Controller commands.
continued
4. Enter the path and file name of your Notes user ID.
5. Enter the password for your Notes user ID.
6. To exit cconsole, type:
done
Remote cconsole
The cconsole program doesn’t start if the Domino server isn’t running on
the same machine as the cconsole program. If the server fails while
cconsole is running, cconsole may not automatically shut down. In this
case, enter the “done” command to exit the cconsole program.
To run cconsole from a remote machine, first telnet to the machine
running the Domino server.
Command Result
done Exits cconsole while the Domino server continues to run
live on Enables cconsole as a live console so that you see messages sent to
the server console from other sources
live off Disables the live console so that you see only the commands
entered and the responses to these commands
Switch Result
-f Lets you enter the path and file name for the Notes user ID when you
start cconsole so that you aren’t required to respond to the prompts
-i Lets you ignore warnings; warnings continue to appear on the console,
but you won’t be required to respond to them
-l Lets you automatically start that console live when you start cconsole
For example, if you don’t want to wait for the prompt to enter the path
and file name for the Notes user ID, enter this command:
/opt/lotus/bin/cconsole -f notes/data/rrutherford.id
Broadcast
Syntax: Broadcast “message” [usernames or database]
Broadcast “(!) message” [usernames or database]
Description: Sends a message to specified users, users of the specified
database or to all users of this server. Use this command to warn users
when a server is brought down for maintenance. By default, the message
you enter appears in the user’s status bar. To display the message in the
middle of the user’s screen, precede the message with (!).
Examples:
Broadcast “Server ACME will be down in 10 minutes” — Sends a
warning message about impending maintenance on server ACME to all
users on this server.
Broadcast “(!) Server ACME will be down in 10 minutes” — Sends the
same warning message as shown in the example above, but this message
displays in the center of the user’s screen. Note that parentheses () are
entered as part of the command string.
Dbcache Flush
Syntax: Dbcache flush
Description: Closes all databases that are currently open in the database
cache. Use this command before maintaining databases to flush
databases from the cache.
For more information on the database cache, see the chapter “Improving
Database Performance.”
Drop
Syntax: Drop username
Description: Closes one or more server sessions. To visually confirm
which sessions are dropped, you must enter the Log_Sessions=1 setting
in the server’s NOTES.INI file.
For information on Log_Sessions, see the appendix “NOTES.INI File.”
Exit
Syntax: Exit
Description: Stops the server. This command is identical to Server -
Shutdown.
Before you use Exit to stop the server, use the Broadcast server command
to warn users so they can finish their current tasks before you stop the
server.
If you stop a server while it’s replicating databases or routing mail, these
tasks resume at the next scheduled interval after you restart the server.
Replication or mail routing continues until the databases are fully
replicated and until the complete mail message is transferred or returned
to sender.
Tip You can also stop the server from the Domino Administrator. From
the Domino Administrator, click the Server - Status tab, and then click
Server - Shutdown.
Load
Syntax: Load programname
Description: Loads and starts a specified server task or program on the
server. You can start a server add-in program or one that takes a
command line for additional data, such as a backup program. The
program you run must be on the server’s search path.
Use the Load command to run a program until it completes or, if the
program runs continually, until you stop the server. Where applicable,
you can include arguments that determine how the program runs.
Note Most server commands support the arguments “-?” and “/?” to
display online help. For example, you could enter one of these to obtain
help for the server command Load Compact:
Load Compact -?
Load Compact /?
Examples:
Load Fixup — Loads and runs the Fixup server task.
Load Object Info OBJECT.NSF — Loads and runs the Shared Mail
Manager and passes along arguments that execute the Info task.
For more information, see the appendix “Server Tasks.”
Arguments Description
Time [<sampling period>] Used with an optional argument, changes the
sampling period to the specified value in minutes. If
not used, displays the current sampling rate. Default
is 1 minute.
Reset Resets the value of primary statistics to zero, and
gathers new set of metrics.
Reset Interval Enable Resets all values each time a new sampling period
begins. Uses the sampling period defined using the
Time argument.
Reset Interval Disable Disables the Reset Interval Enable command.
Pause Pauses the collection and update of performance data.
Resume Resumes the collection and update of performance
data.
Use the Platform Reset command so that prior existing values are not
used in calculating minimum, average, or maximum values. You may
want to use this command when platform statistics have been
accumulating overnight and you want to clear out the accumulation. For
example:
platform reset
Use the Platform Reset Interval Enable command to reset all values each
time you begin a new sampling period. For example:
Platform Reset Interval Enable
Pull
Syntax: Pull servername [databasename]
Description: Forces a one-way replication from the specified server to
your server. You can also replicate a single database from the specified
server to your server by including the database name on the command
line. The initiating server receives data from the named server, but
doesn’t request that the other server pull data from it. This forces a server
to replicate immediately with the initiating server, overriding any
replication scheduled in the Domino Directory. Enter the server’s full
hierarchical name, if applicable.
You can pull changes immediately if an important database, such as the
Domino Directory, has changed or if a database on your server is
corrupted or has been deleted.
For replication to succeed, make sure that:
• The Domino Directory contains a Server document for each server in
the domain.
• The Domino Directory contains a Connection document to connect to
a remote server.
• Each server’s ID file contains a certificate that the other server
recognizes and trusts.
Replicate
Syntax: Replicate servername [databasename]
Description: Forces replication between two servers (the server where
you enter this command and the server you specify). Use the server’s full
hierarchical name. If the server name is more than one word, enclose the
entire name in quotes. To force replication of a particular database that
the servers have in common, specify the database name after the server
name. The initiating server (where you’re currently working) first pulls
changes from the other server, and then gives the other server the
opportunity to pull changes from it. You can use this command to
distribute changes quickly or to troubleshoot a replication or
communication problem.
Note The existing replication schedule between the servers determines
how the second server responds to this command. If this replication falls
within the timeframe that the second server replicates with the initiating
server (based on calling schedules and the repeat interval), the second
server pulls changes. Otherwise, it waits for the next scheduled
replication time.
Restart Port
Syntax: Restart Port portname
Description: Disables transactions (or messages) on the specified port
and then re-enables the port after a brief delay. The command lets you
stop and start a port without stopping the Domino server.
When you are supporting Internet servers that rely on TCP/IP, you can
restart the TCP/IP port and the Internet ports enter a waiting state. The
Internet ports suspend and keep checking for the TCP/IP port. You will
see the following when using restart port TCPIP:
>restart port tcpip
06/28/2002 12:34:08 PM LDAP Server: Listener failure:
Request failed because the requested port is inactive
06/28/2002 12:34:08 PM LDAP Server: Suspended, waiting 20
seconds for Notes Port Driver [TCPIP] to be restarted
06/28/2002 12:34:11 PM POP3 Server: Listener failure:
Request failed because the requested port is inactive
06/28/2002 12:34:11 PM POP3 Server: Suspended, waiting 20
seconds for Notes Port Driver [TCPIP] to be restarted
06/28/2002 12:34:11 PM SMTP Server: Listener failure:
Request failed because the requested port is inactive
06/28/2002 12:34:11 PM IMAP Server: Listener failure:
Request failed because the requested port is inactive
06/28/2002 12:34:11 PM SMTP Server: Suspended, waiting 20
seconds for Notes Port Driver [TCPIP] to be restarted
06/28/2002 12:34:11 PM IMAP Server: Suspended, waiting 20
seconds for Notes Port Driver [TCPIP] to be restarted
06/28/2002 12:34:28 PM LDAP Server: Suspended, waiting 20
seconds for Notes Port Driver [TCPIP] to be restarted
06/28/2002 12:34:29 PM Port TCPIP was successfully disabled
To see a list of ports you can restart, issue the console command Show
Configuration.
Example:
Restart Port TCP — Disables and re-enables the port named TCP.
Restart Server
Syntax: Restart Server
Description: Stops the server and then restarts the server after a brief
delay.
If you stop a server while it’s replicating databases or routing mail, these
tasks resume at the next scheduled interval after you restart the server.
Replication or mail routing continues until the databases are fully
replicated and until the complete mail message is transferred or returned
to the sender.
Before you use Restart Server to stop the server, use the Broadcast server
command to warn users to finish their current tasks before you stop the
server.
Tip You can also use the Domino Administrator to restart the server.
From the Domino Administrator, click the Server - Status tab and use the
tool Server - Restart.
Restart Task
Syntax: Restart Task taskname
Description: Shuts down and restarts a specified server task.
Example: The following command shuts down and restarts the LDAP task:
Restart Task LDAP
Tip You can also use the Domino Administrator to restart a task. From
the Domino Administrator, click the Server - Status tab and use the tool
Task - Restart.
Examples:
Route Marketing\Acme — Sends mail to the Marketing server in the
Acme domain. The server console displays messages indicating when
routing begins.
Route * — Sends mail to all pending destinations.
Route [$LocalDelivery] — Overrides the next scheduled retry time and
attempts local delivery immediately.
Set Rules
Syntax: Set Rules
Description: Reloads the server’s mail rules, enabling new rules to take
effect immediately.
Server mail rules enable administrators to filter messages based on
content in the message headers or body. At startup, the server retrieves
these rules from the Configuration document and registers them as
monitors on each MAIL.BOX database in use. The Server task checks to
see if the server’s mail rules need to be reloaded every 5 minutes. New
rules take effect only after the server reloads the mail rules.
Set SCOS
Syntax: Set SCOS Databasename [Active | Inactive]
where Databasename is the full pathname to a shared mail database.
Description: Activates or deactivates a shared mail database. The Shared
Mail tab of the Server document lets you specify the delivery status and
availability for all shared mail databases in the directory. Using the Set
SCOS command, you can change the availability of an individual shared
mail database.
Set Secure
Syntax: Set Secure currentpassword
Description: Password-protects the console.
After you password-protect the console, you can’t use the Load, Tell,
Exit, Quit, and Set Configuration server commands or other programs
that aren’t run automatically through Program documents in the Domino
Directory or through the NOTES.INI file until you enter the password.
Console security remains in effect until you clear the password by
entering a second Set Secure command with the same password.
Even if the console is password-protected, keep the server physically
secure to prevent breaches of security at the operating system level.
Examples:
Set Secure abracadabra — Password-protects the console if no password
is currently in effect. In this case, the new password is “abracadabra.”
Set Secure abracadabra sesame — Changes the existing password
“abracadabra” to “sesame.”
Set Secure abracadabra — If the console is already protected by a
password — in this case “abracadabra” — entering a second Set Secure
command with the same password clears the password.
Set Statistics
Syntax: Set Statistics statisticname
Description: Resets a statistic that is cumulative. Statisticname is a
required parameter that names the statistic to be reset. You can’t use
wildcards (*) with this argument.
For more information on monitoring statistics, see the chapter
“Monitoring the Domino Server.”
Example:
Set Stat Server.Trans.Total — Resets the Server.Trans.Total statistic to 0
Show Agents
Syntax: Show Agents database name [-v]
Description: The Show Agents server command shows all agents
available in the database. The verbose mode ([-v]) shows all agents and
script libraries in the database as well as detail information on both.
Examples:
Show Agents DatabaseName.nsf
Show Agents -v DatabaseName.nsf
Show Configuration
Syntax: Show Configuration setting
Description: Displays the current value for a NOTES.INI setting. Use the
Show Configuration and Set Configuration server commands together to
ensure that you correctly set the NOTES.INI settings.
Wildcards are allowed.
Show Directory
Syntax: Show Directory
Description: Lists all database files (for example, NSF and NTF) in the
data directory and specifies whether the data directory contains multiple
replicas of a database. This command works only for the data directory;
you can’t specify another directory.
Tip From the Domino Administrator, click the Files tab to view a list of
all database files in the data directory.
You can also use the Show Directory command to check which databases
have transactional logging enabled.
To see only logged databases, enter this command at the console:
show dir *log
Show Diskspace
Syntax: Show Diskspace location
Description: Displays the amount of space, in bytes, available on the disk
drive (Windows NT), or file system (UNIX). If you do not specify a
location, Domino displays the space available on the disk or file system
containing the Domino program directory. If available disk space is low
— for example, under 10MB — free up disk space by deleting
documents, databases, and other files that you don’t need.
Show Memory
Syntax: Show Memory
Description: The Show Memory server command displays the amount of
RAM available on a server, plus the amount of swap memory available
on the boot drive of the Domino server. If the number shown here and
the number shown when you enter a Show Diskspace command are
almost equal, the server may need more RAM.
Examples:
Show Memory — The server responds with a message such as:
Memory Available (including virtual): 5776K bytes
Show Opendatabases
Syntax: Show Opendatabases
Description: The Show Opendatabases server command displays a list of
the open databases on the server as well as the statistics shown in the
example below.
Example: Show Opendatabases
Returns a list of databases in the format shown below:
Database Name Opens|Modi-| File | Sem |Avg
Wait|Wait-| Max
|fied |Handles|Waits|
(ms) | ers |Waiters
Show Performance
Syntax: Show Performance
Description: Displays the per minute user/transaction values when the
Domino Server is running. To stop showing performance, enter Show
Performance a second time.
Show Port
Syntax: Show Port portname
Description: Displays traffic and error statistics and the resources used
on the network adapter card or communications port. portname can be
any configured port — for example, LAN0tcpip, SPX, LAN1nb,
LAN2ipx, TCPIP, COM1, or COM2..
Tip To check port status from the Notes workstation program, choose
File - Preferences - Notes Preferences - Ports. Highlight the port and
select Show Status. To check the port status from the Domino
Administrator, click the Server - Status tab, and then click Servers - Port
Information. Highlight the port, and select Show Status.
Example:
Show Port LAN0tcpip — Displays the status of LAN0tcpip. As
information appears, press PAUSE to stop the scrolling, and press ENTER
to resume scrolling. Note that using PAUSE at the console stops server
operation. Users can’t access the server until you resume the display.
Show Stat
Syntax: Show Stat statisticname
Description: Used without the optional statisticname argument, displays
a list of server statistics for disk space, memory, mail, replication, and
network activity. To display a single statistic, enter the name of the
statistic as the optional argument. To display only a subset of statistics,
add a group of statistics as an optional argument by using an asterisk (*)
as a wildcard.
You can enter this command at the server console to display statistics for
the local server or at the remote server console to display statistics for a
remote server.
For more information on statistics, see the chapter “Monitoring the
Domino Server.”
Tip To view server statistics from the Domino Administrator, click the
Server - Statistics tab.
Examples:
Show Stat — Displays a complete list of statistics
Show Stat Database — Displays statistics for all statistics of the type
Database.x.x
Show Stat Disk.C.* — Displays all disk statistics for drive C
For a list of statistics, see the Advanced - Names & Messages - Statistic
Names view of the Monitoring Configuration database (EVENTS4.NSF).
Tip You can also use the Domino Administrator to view a list of active
tasks. From the Domino Administrator, click the Server - Status tab.
Show Transactions
Syntax: Show Transactions
Description: When the Domino Server is running, displays the following
for each type of transaction: the total number of NRPC transactions
(Count), the minimal duration of the transaction (Min), the maximum
duration of the transaction (Max), the total time to perform all
transactions (Total), and the average time to perform the transaction
(Avg). All times are reported in milliseconds. This command identifies
transactions that require excessive amounts of time.
Note For Internet Protocol Servers — for example, SMTP, POP3, IMAP,
HTTP — use the Show Stat command to monitor statistics. For example,
enter these commands at the server console:
SH STAT SMTP
SH STAT POP3
SH STAT IMAP
SH STAT LDAP
SH STAT Domino (for HTTP Server stats)
SH STAT DIIOP
Show Users
Syntax: Show Users
Description: Displays a list of all users who have established sessions
with the server, whether the users are actively working in databases or
not, the names of databases that each user has open, and the elapsed
time, in minutes, since the databases were last used.
Tip You can also use the Domino Administrator to view the status of
active users. From the Domino Administrator, click Server - Status. Then
select Database Users. A list of users displays in the middle panel.
Example:
Show Users — Displays user information — for example:
Show Xdir
Syntax: Show Xdir
Description: Provides information about each directory a server last
used for name resolution. The output displays the following columns of
information.
DomainName The DomainName columns displays the name of the
domain in which a directory resides. If a directory is configured in the
directory assistance database, the “Domain Name” field in the Directory
Assistance document for the directory determines the directory’s domain
name.
Example 2
This example shows output on a server that uses a Configuration
Directory, a remote primary Domino Directory, and an Extended
Directory Catalog accessed over the network.
Start Consolelog
Syntax: Start Consolelog
Description: Enables output to the console log file.
Example:
Start Consolelog
The Start Consolelog and the Stop Consolelog server commands enable
and disable console logging just as the NOTES.INI variable
CONSOLE_LOG_ENABLED does. The difference between the server
console commands and the NOTES.INI settings is that the console
commands are in effect for the current server session only, whereas the
NOTES.INI settings are “permanent” and take effect each time the server
is started.
For more information on CONSOLE_LOG_ENABLED, see the appendix
“NOTES.INI File.”
Stop Consolelog
Syntax: Stop Consolelog
Description: Disables output to the console log file.
Example:
Stop Consolelog
The Start Consolelog and the Stop Consolelog server commands enable
and disable console logging just as the NOTES.INI variable
CONSOLE_LOG_ENABLED does. The difference between the server
console commands and the NOTES.INI settings is that the console
commands are in effect for the current server session only, whereas the
NOTES.INI settings are “permanent” and take effect each time the server
is started.
For more information on CONSOLE_LOG_ENABLED, see the appendix
“NOTES.INI File.”
Stop Port
Syntax: Stop Port portname
Description: Disables transactions (or messages) on the specified port.
This command allows you to make changes to the port that take effect
immediately without stopping the Domino server. When you’re finished
making changes to the port, use the Start Port command to re-enable it.
To see a list of ports you can disable, issue the console command Show
Configuration.
Example:
Stop Port TCP — Disables the port named TCP.
Example:
Tell Router Quit — Stops only the Router task. All other tasks on the
server continue to run.
Command Result
Tell Adminp Process All Processes all new and modified immediate,
interval, daily, and delayed requests.
This command doesn’t override timed requests
execution time.
Tell Adminp Process Daily Processes these requests:
• All new and modified daily requests to update
Person documents in the Domino Directory.
• Any outstanding “Rename Person in Unread
List” requests.
Tell Adminp Process Processes all new and modified delayed requests.
Delayed These are requests that are usually carried out
according to the “Start executing on” and “Start
executing at” settings in the Server document.
continued
Command Result
tell ca quit Stops CA process.
tell ca stat Displays summary information for the certifiers using the
CA process; this includes the certifier’s number, its
hierarchical name, certifier type (Notes or Internet), whether
it is active, and name of the ICL database.
continued
Option Action
quit Stops the Change Manager and all plug-ins.
stop Stops the Change Manager and all plug-ins. Same as Quit.
exit Stops the Change Manager and all plug-ins. Same as Quit.
help Refers you to documentation.
? Refers you to documentation. Same as Help.
restart Stops and then restarts the Change Manager and all plug-in
subsystems.
start plug-in Starts the plug-in. Currently, Control and Monitor are the
defined plug-ins.
stop plug-in Stops the plug-in. Currently, Control and Monitor are the
defined plug-ins.
Note Alternatively, you can also use the forms plug-in stop,
plug-in quit and plug-in kill.
restart plug-in Stops and then starts the plug-in. Currently, Control and
Monitor are the defined plug-ins.
Note Alternatively, you can also use the form plug-in
restart.
plug-in command Attempts to issue the command to the named plug-in, if it
exists and is running.
reset Resets the internal lookup caches.
control process Requests the “PlanControl ” (control) plug-in to process and
check all plans.
Command Result
Tell DIIOP Dump Provide a list of the configuration data that DIIOP is
Config using from the Domino Directory. Using dump the
configuration is written to the file diiopcfg.txt in the
server’s data directory.
Tell DIIOP Show Provide a list of the configuration data that DIIOP is
Config using from the Domino Directory. Using show the
configuration is displayed on the server console.
continued
Command Result
Tell Dircat Pause The Dircat task finishes aggregating the directory catalog it
is currently processing, and then goes idle. Use this
command before shutting down a server that is in the
middle of Dircat processing.
Tell Dircat Resume Resumes a Dircat task that is paused.
Command Result
Tell LDAP Quit Stops the LDAP task on a server.
Tell LDAP When run on the Domino Directory administration
ReloadSchema server, the schema daemon updates the LDAP
service in-memory schema with any new schema
changes defined with Domino Directory forms or
with the Domino LDAP Schema database. The
schema daemon then publishes the updated schema
into the Schema database, and then replicates the
Schema database to others servers in the domain
that run the LDAP service.
When run on a subordinate server in the domain
that runs the LDAP service, the schema daemon
replicates the Schema database from the
administration server, if it detects changes on the
administration server replica. The schema daemon
then loads the updated schema now published in its
local Schema database into memory.
Tell LDAP Showconfig Shows:
• LDAP service settings from the LDAP tab of the
Configuration Settings document.
• LDAP service port settings
• Status of LDAP Activity Logging (enabled or
disabled.)
Tell LDAP Showconfig Shows current NOTES.INI settings related to the
Debug LDAP service, as well as the information shown by
Tell LDAP Showconfig.
continued
Command Result
Tell SMTP Update Config By default, whenever you restart the SMTP
service, and at two-minute intervals thereafter,
the SMTP service automatically checks the
NOTES.INI file, Configuration Settings
document, and Server document to see if any
settings have changes. If the service detects that
settings have changed, it rebuilds its internal
configuration to incorporate the changes.
The “Tell SMTP Update Config” server console
command will manually trigger such a service
update. Using the console command allows
Administrators to immediately put into effect
changes to the SMTP configuration without
disrupting normal service operation.
Command Result
Tell Web Help Lists all the Web Navigator server console commands.
Tell Web Refresh Refreshes all the Web Navigator global settings. Use this
command if you edit the Administration document while
the Web server task is running.
Tell Web Quit Stops all running copies of the Web Navigator.
This chapter explains how to run server tasks that perform complex
administration procedures.
where taskname is the name of the server task that you want to run.
B-1
From the Domino Administrator Start - Task tool
1. From the Domino Administrator click the Server - Status tab.
2. Click Server Tasks.
3. Open the set of Task tools.
4. Click Start.
5. In the Start New Task box, select a server task from the list. Select
advanced options to specify additional parameters.
6. Click Start Task.
In a Program document
To run a task on a server at a regularly scheduled time or at server
startup, create a Program document in the Domino Directory. You can
also use a Program document to run a UNIX shell script or program, or
an API program.
If you create a UNIX shell script or API program, you can use any of these
characters for the name: A - Z, 0 - 9, & - . _ ’ / (ampersand, dash, period,
space, underscore, apostrophe, forward slash). Do not use \ (backslash) or
any other characters because this can cause unexpected results.
1. From the Domino Administrator, open the Domino Directory. Go to
the Servers view, and open the Server document.
2. Choose Create - Server - Program.
3. On the Basics tab, complete these fields:
Field Enter
Program name The name of the server task you want to run.
Command line The command that starts the task, including any
arguments to the command.
Server to run on The full hierarchical name of the server on which to run
the task.
Comments A program description or additional information.
This appendix contains NOTES.INI settings that you can modify. The
settings are listed in alphabetical order. For information on using
NOTES.INI settings to improve server performance, see the chapter
“Improving Server Performance.”
C-1
To edit the NOTES.INI file using a Configuration Settings document
1. From the Domino Administrator, open the Domino Directory and
click the Configuration tab.
2. To edit an existing Configuration Settings document, highlight it and
then click Edit Configuration. To create a new configuration
document, highlight the server for which the Configuration Settings
document will apply, then click Add Configuration.
3. To modify NOTES.INI settings on the server, click the NOTES.INI
Settings tab. This tab lists a number of current settings in the server’s
NOTES.INI file.
4. To add or change a setting, click Set/Modify Parameters to display
all settings that you can set in the Configuration Settings document.
Select the setting(s) you want to add/modify.
5. Save and close the document.
Admin
Syntax: Admin=username
Description: Specifies the user name of the server administrator. Enter
each part of the name in canonical format, separated by a slash (/),
where:
CN is the common name
OU is the organization unit
O is the organization
C is the country code
For example:
Admin=CN=John Smith/OU=Marketing/O=Acme
Applies to: Servers
Default: None
UI equivalent: The Administrators field in the Server document in the
Domino Directory
Allow_Access_portname
Syntax: Allow_Access_portname=names
Description: Specifies servers, users, and groups that can access a server
port. The portname parameter indicates the name of the port you enabled
in the Port Setup dialog box and in the Server document. An asterisk
represents everyone listed in the Domino Directory. An asterisk followed
by a view name represents everyone listed in that view of the Domino
Directory. An asterisk followed by a slash (/) and a hierarchical
certifier’s name represents everyone certified by that certifier. For
example:
Allow_Access_lan3=*
All users listed in the Domino Directory can use the LAN3 port on
this server.
Applies to: Servers
Default: None
UI equivalent: None
Allow_Passthru_Callers
Syntax: Allow_Passthru_Callers=names
Description: Specifies servers, users, and groups that can instruct this
server to establish a connection to call a destination server. If you do not
enter a name, no calling is allowed. An asterisk represents everyone
listed in the Domino Directory. An asterisk followed by a view name
represents everyone listed in that view of the Domino Directory. An
asterisk followed by a slash (/) and a hierarchical certifier’s name
represents everyone certified by that certifier.
Applies to: Servers
Default: None
UI equivalent: The Cause calling field in the Passthru Use section of the
Security tab of the Server document. If a conflict exists between the
NOTES.INI setting and the Server document, the Server document takes
precedence.
Allow_Passthru_Targets
Syntax: Allow_Passthru_Targets=names
Description: Specifies the destination servers that this server can connect
to using passthru. If you do not specify a name, this server can route to
all servers.
Applies to: Servers
Default: None
UI equivalent: The Destinations allowed field in the Passthru Use section
of the Security tab of the Server document. If a conflict exists between the
NOTES.INI setting and the Server document, the Server document takes
precedence.
AMgr_DisableMailLookup
Syntax: AMgr_DisableMailLookup=value
Description: By default, a mail-triggered agent performs a mail lookup
of the user who last modified it. It only runs if the server running the
agent is also the user’s mail server. When users create or modify a
mail-triggered agent on a server other than their own mail server, you
can use this setting on the server to disable mail lookup so that the agent
AMgr_DocUpdateAgentMinInterval
Syntax: AMgr_DocUpdateAgentMinInterval=number of minutes
Description: Specifies the minimum elapsed time, in minutes, between
the execution of the same document update-triggered agent.
Applies to: Servers and workstations
Default: 30
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
AMgr_DocUpdateEventDelay
Syntax: AMgr_DocUpdateEventDelay=number of minutes
Description: Specifies the delay time, in minutes, that the agent manager
schedules a document update-triggered agent after a document update
event.
Applies to: Servers and workstations
Default: 5
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
AMgr_NewMailEventDelay
Syntax: AMgr_NewMailEventDelay=number of minutes
Description: Specifies the time (in minutes) that the Agent Manager
delays before scheduling a new mail-triggered agent after new mail is
delivered.
Applies to: Servers and workstations
Default: 1
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
AMgr_SchedulingInterval
Syntax: AMgr_SchedulingInterval=number of minutes
Description: Specifies a delay (in minutes) between running of the Agent
Manager’s scheduler. Valid values are 1 minute to 60 minutes.
Applies to: Servers and workstations
Default: 1
UI equivalent: None
AMgr_WeekendDays
Syntax: AMgr_WeekendDays=day1, day2, ...
Description: When agents use the On Schedule trigger, the Run on
Schedule options box is available and includes the Don’t run on weekends
check box option. When you select this option, the agent does not run on
weekend days. The default value for weekend days is Saturday (7) and
Sunday (1). You can specify any number of days, up to 7. For example:
AMgr_WeekendDays= 1,6,7
Causes agents that have the Don’t run on weekends option checked
not to run on Sundays, Fridays, and Saturdays.
Applies to: Servers and workstations
Default: 7 (Saturday) and 1 (Sunday)
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
AppleTalkNameServer
Syntax: AppleTalkNameServer=servername
Description: Applies to AppleTalk users only. Identifies the name of the
user’s secondary AppleTalk server. For more information, see your
AppleTalk network documentation.
Applies to: Servers and workstations
Default: None
UI equivalent: File - Preferences - User Preferences - Ports. Select the
AppleTalk port, and click Options to select or modify the server.
BatchRegFile
Syntax: BatchRegFile =filename
Description: Specifies the name of a batch registration file. If you add
this variable, Domino does not prompt you for the filename when you
import users from a text file.
Applies to: Servers
Default: None
UI equivalent: None
BillingAddinOutput
Syntax: BillingAddinOutput=value
Description: Specifies where Domino logs billing events. Use the
following values to set this variable:
1 - Billing database (BILLING.NSF)
8 - Binary file (BILLING.NBF)
9 - Both the billing database and binary file
Domino creates the BILLING.NSF database and/or the BILLING.NBF
file the first time the billing add-in task is started with this option set.
Applies to: Servers
Default: 1
UI equivalent: None
BillingAddinWakeup
Syntax: BillingAddinWakeup=number of seconds
Description: Specifies how often the billing add-in task runs. For
example, BillingAddinWakeup=300 specifies that the billing add-in task
wakes up every five minutes (300 seconds) to process the billing records
in the billing message queue. The BillingAddinWakeup value must be
greater than the value you specify for BillingAddinRuntime.
Applies to: Servers
Default: 60
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
BillingClass
Syntax: BillingClass=class(es)
Description: Specifies one or more of six classes of billing activity:
• Agent
• Database
• Document
BillingSuppressTime
Syntax: BillingSuppressTime=number of minutes
Description: Specifies the frequency of record stamping during session
and database activities if session and database activities are specified for
the BillingClass variable. If you want billing data collected more
frequently, decrease the default value (15 minutes). To minimize the
billing workload on your system, increase the value.
Applies to: Servers
Default: 15
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
CDP_Command
Syntax: CDP_Command=value
Description: The set of CDP settings control the opening, handling, and
closing of applications using OLE. All OLE applications use these
variables:
CDP_NEW
CDP_OPEN
CDP_EDIT
CertificateExpChecked
Syntax: CertificateExpChecked=path and date
Description: Specifies the path to the local ID file and the last time the ID
was checked for certificates that have expired or are about to expire.
Applies to: Servers and workstations
Default: The ID file and last date checked for expiration.
UI equivalent: None
CertifierIDFile
Syntax: CertifierIDFile=path
Description: Specifies the path to the certifier ID. The path must contain
the drive letter or network drive, directories, and file name. For example:
CertifierIDFile=C:\LOTUS\DOMINO\IDS\CERT.ID
CertifierIDFile=M:\LOTUS\NOTES\IDS\ACME.ID
Clrepl_Obeys_Quotas
Syntax: Clrepl_Obeys_Quotas=value
Description: Specifies whether the Cluster Replicator obeys quotas.
0 - Disables the Cluster Replicator from obeying quotas.
1 - Enables the Cluster Replicator to obey quotas.
Applies to: Servers
Default: The Cluster Replicator does not obey quotas.
UI equivalent: None
Cluster_Replicators
Syntax: Cluster_Replicators=value
Description: Use this setting to start multiple cluster replicators, where
value is the number of cluster replicators required.
Applies to: Servers
Default: None, but Domino starts one cluster replicator by default.
UI equivalent: You can also specify this setting in the NOTES.INI
Settings tab of the Configuration Settings document in the Domino
Directory.
Unless you are experienced with modems and ports, use the
user-interface to configure ports.
Applies to: Servers and workstations
Default: Depends on the modem type selected
UI equivalent: File - Preferences - User Preferences - Ports dialog box.
Compact_Retry_Rename_Wait
Syntax: Compact_Retry_Rename_Wait=number of seconds
Description: If you have specified a value for the
Num_Compact_Rename_Retries setting, Domino waits 30 seconds before
trying to rename a database that was copy-style compacted. You can
request a different amount of time to wait by specifying the value of the
Compact_Retry_Rename_Wait setting in the NOTES.INI file. For
example, to request that Domino wait 2 minutes before trying rename a
database that was copy-style compacted, specify
Compact_Retry_Rename_Wait=120.
Console_Log_Enabled
Syntax: Console_Log_Enabled=value
Description: Specifies whether to enable logging to the Console Log file
(CONSOLE.LOG, by default).
0 - Disable Console Log file logging
1 - Enable Console Log file logging
Tip To toggle logging to the Console Log file from the server console,
use the “start consolelog” and “stop consolelog” commands.
Applies to: Servers
Default: 0
UI equivalent: None
Console_Loglevel
Syntax: Console_Loglevel=value
Description: Controls the level of information displayed on the status
bar when you trace a connection. The following values are possible:
0 - No information displayed
1 - Only errors are displayed
2 - Summary progress information is displayed
3 - Detailed progress information is displayed
4 - Full trace information is displayed
Console_Log_Max_Kbytes
Syntax: Console_Log_Max_Kbytes=value
Description: Specifies the maximum size for the Console Log file
(CONSOLE.LOG, by default). If the Console_Log_Max_Kbytes setting is
not present or is set to 0, then the file size is unlimited. When the
maximum file size is reached, new logging output starts to overwrite
existing logging output at the beginning of the file.
This setting can be changed at any time during a server session and when
a new maximum file size is specified, it takes effect upon the next write.
If the new maximum file size is less than or equal to the current
maximum file size, then the maximum size will be set to the current size
to prevent growth and the new size will take effect upon the next server
session.
Applies to: Servers
Default: None
UI equivalent: None
Country_Language
Syntax: Country_Language=value
Description: Specifies the language used for the Domino/Notes
interface.
Applies to: Servers and workstations
Default: en-US (US English)
UI equivalent: File - Preferences - User Preferences - International -
Content Language dialog box. You can also specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Create_Replica_Access
Syntax: Create_Replica_Access=names
Description: Specifies the groups that can create replicas on the server.
You must specify a hierarchical name in hierarchical format, for example,
Alice Jones/Acme. If you don’t specify a group, all certified users can
create replicas. An asterisk (*) represents everyone listed in the Domino
Directory. An asterisk followed by a view name represents everyone
listed in that view of the Domino Directory. An asterisk followed by a
slash (/) and a hierarchical certifier’s name represents everyone certified
by that certifier.
Default: None
Applies to: Servers
UI equivalent: The Create Replica Databases field in the Security tab of
the Server document. Note that the Server document takes precedence
over the NOTES.INI setting. Domino uses the Create_Replica_Access
setting only if the Create Replica Databases field is empty.
DDE_Timeout
Syntax: DDE_Timeout=seconds
Description: The amount of time (in seconds) Notes waits for another
DDE application to respond to a DDE message
Applies to: Workstations
Default: 10 seconds
UI equivalent: None
Debug_Outfile
Syntax: Debug_Outfile=filename
Description: Specifies the file name for the Console Log file. If both this
setting and the LogFile_Dir setting exist and Debug_Outfile contains a
fully qualified path name, then LogFile_Dir is not used.
If only the Debug_Outfile setting exists and it contains only a file name,
then the default path
\DATADIRECTORY\IBM_TECHNICAL_SUPPORT is used. If neither
Debug_Outfile or LogFile_Dir exist, then the default path is
\DATADIRECTORY\IBM_TECHNICAL_SUPPORT and the default
path is CONSOLE.LOG.
Applies to: Servers
Default: None
UI equivalent: None
Default_Index_Lifetime_Days
Syntax: Default_Index_Lifetime_Days=number of days
Description: Specifies a default lifetime for view indexes if none was
selected by the database designer in the view properties box. If the index
is inactive for the specified number of days, the Indexer task purges the
index. For example:
Default_Index_Lifetime_Days=60
sets the lifetime of indexes to 60 days.
Default: 45 days
Applies to: Servers
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Deny_Access
Syntax: Deny_Access=names
Description: Specifies servers, users, and groups that are denied access
to the server. You must specify a hierarchical name in hierarchical
format, for example, Alice Jones/Acme. An asterisk (*) represents
everyone listed in the Domino Directory. An asterisk followed by a view
name represents everyone listed in that view of the Domino Directory.
An asterisk followed by a slash (/) and a hierarchical certifier’s name
represents everyone certified by that certifier. The Deny_Access setting
overrides the Allow_Access setting.
Deny_Access_portname
Syntax: Deny_Access_portname=names
Description: Specifies servers, users, and groups that are denied access
to a specific server port. The portname parameter indicates the name of
the port you enabled in the Port Setup dialog box and in the Server
document. An asterisk (*) represents everyone listed in the Domino
Directory. An asterisk followed by a view name represents everyone
listed in that view of the Domino Directory. An asterisk followed by a
slash and a hierarchical certifier’s name represents everyone certified by
that certifier. For example:
Deny_Access_SPX=Terminations
The users in the Terminations group cannot access the SPX port.
Applies to: Servers
Default: None
UI equivalent: None
Desktop
Syntax: Desktop=path
Description: Use this setting to specify the location of the
DESKTOP5.DSK file used to customize the Notes workspace.
For example, on the Macintosh:
Desktop=Notes:Desktop
For example, in Windows:
DESKTOP=C:LOTUS\NOTES\DESKTOP5.DSK
DIIOPConfigUpdateInterval
Syntax: DIIOPConfigUpdateInterval=number of minutes
Description: Specifies the time interval, in minutes, at which DIIOP
should refresh its configuration data from the Domino Directory.
Applies to: Servers
Default: The default value is 3 minutes.
UI equivalent: None
DIIOPCookieCheckAddress
Syntax: DIIOPCookieCheckAddress=value
Description: Modifies the behavior of server-based cookies used with
applets that are downloaded by the domino HTTP server. Set the value
to 1 to enable the checking of client IP addresses for these cookies.
Applies to: Servers
Default: The default value is 0 (disabled), which means that DIIOP will
not require the client’s IP address using one of these cookies to match the
IP address of the client to whom the cookie was issued.
Client IP addresses will not match in most cases because the cookie is
issued to the browser using the HTTP protocol, which is typically routed
through proxy servers and therefore the client appears to be the proxy
server. While the user of the cookie is the applet running in the browser,
its network traffic does not go through a proxy server.
UI equivalent: None
DIIOP_Debug_Invoke
Syntax: DIIOP_Debug_Invoke=value
Description: Use for debugging only. It provides a level of logging
beyond that of DIIOPLogLevel. Each transaction that the DIIOP task
receives is logged along with the object ID that was the target, as well as
the session ID. Valid values are:
1 - Show transaction details when a transaction finishes
2 - Show transaction details when a transaction starts
Applies to: Servers
Default: None.
UI equivalent: None
DIIOPDNSLookup
Syntax: DIIOPDNSLookup=value
Description: Specifies that DIIOP should do a DNS name lookup for
every client that connects and uses DIIOP services. This information is
visible when using the server console command “show tasks.” Set the
value to 1 to enable DNS lookups for clients.
Applies to: Servers
Default: The default value is 0 (disabled).
UI equivalent: None
DIIOPIORHost
Syntax: DIIOPIORHost=hostname
Description: To have DIIOP advertise its existence using an alternate
hostname or IP address, you can set DIIOPIORHost to an alternate host
name or address other than the server default. The server default is
based on the value specified in the Server document setting “Fully
qualified Internet host name.”
Applies to: Servers
Default: The default value is to use the setting in the Server document.
UI equivalent: The preferred method of setting this value is through the
Server document, on the DIIOP section of the Internet Protocols tab.
Note Prior to Domino 6, this variable was known as DIIOP_IOR_HOST.
It is still valid for backwards compatibility.
Dircat_Include_Readerslist_Notes
Syntax: Dircat_Include_Readerslist_Notes=value
Description: When set to 1 the Dircat task aggregates documents that
contain Readers lists. Users that are not in the Readers lists can
nevertheless read these documents in the directory catalog.
Applies to: Servers
Default: None. Without this setting the Dircat task does not aggregate
documents that contain Readers lists. Note that even users who are
included in the Readers list cannot access the documents through the
directory catalog.
UI equivalent: None
Disable_Cluster_Replicator
Syntax: Disable_Cluster_Replicator=value
Description: Use this setting to disable/enable cluster replication.
0 - Cluster replication enabled
1 - Cluster replication disabled
Applies to: Servers
Default: None, but cluster replication is on by default.
UI equivalent: None
Disable_View_Rebuild_Opt
Syntax: Disable_View_Rebuild_Opt=value
Description: Use this setting to enable/disable the view rebuild
optimization feature, which presorts the view entries in temporary files
before inserting them into the view index.
Use the following values for this setting:
0 - Enables
1 - Disables
Applies to: Servers
Default: None, although the view rebuild optimization feature is enabled
in Domino by default.
UI equivalent: None
DisableLDAPOnAdmin
Syntax: DisableLDAPOnAdmin=value
Description: If set to DisableLDAPOnAdmin=1 prevents the LDAP task
from running on the administration server of the Domino Directory for a
domain. Since this administration server manages the schema and
verifies the directory tree for all servers in the domain that run the LDAP
service, use this setting only if you do not run the LDAP task on any
server in a domain. To disable the LDAP service on the Domino
Directory administration server, you must also remove the LDAP task
from the server’s ServerTasks NOTES.INI setting.
To prevent the LDAP task on the Domino Directory administration
server from processing LDAP requests but still allow it to manage the
schema and verify the directory tree for other servers in the domain that
run the LDAP service, disable the ports for the LDAP service on the
administration server.
Applies to: Servers
Default: None
UI equivalent: None
DominoNoBanner
Syntax: DominoNoBanner=value
Description: Web pages created with Domino display a Domino banner
in source headers, as follows:
<HTML>
<! — Lotus-Domino Release [release number] - [date of release] on
[platform] —>
<HEAD>
Use the DominoNoBanner setting to hide/display the banner.
0 - Displays the banner
1 - Hides the banner
Applies to: Servers
Default: 1. Hiding the banner provides greater default security.
UI equivalent: None
DominoR5IntlURLDecoding
Syntax: DominoR5IntlURLDecoding=value
Description: Use DominoR5IntlURLDecoding to enable decoding of
international URL strings using a proprietary encoding scheme.
0 - Disables Domino 5 international URL decoding
1 - Enables Domino 5 international URL decoding
Applies to: Servers
Default: 0. By default, Domino 6 encodes URLs according to the IRI
(International Resource Identifiers) standard and does not decode URL
strings encoded by Domino 5.
UI equivalent: None
DominoXURLProcess
Syntax: DominoXURLProcess=value
Description: Use DominoXURLProcess to enable a Domino Web server’s
URL command parser to accept ’!’ as an alternative query component
separator.
0 - Disables ’!’ as an alternative query component separator
1 - Enables ’!’ as an alternative query component separator
Applies to: Servers
Default: 0. By default, Domino does not recognize ’!’ as an alternative
query component separator.
UI equivalent: None
DSTlaw
Syntax: DSTlaw=begin_month, begin_week, begin_day, end_month,
end_week, end_day
Description: Specifies when daylight saving time (DST) is observed. By
default, the DST period is defined as the first Sunday in April to the last
Sunday in October. (This is the period during which DST is observed in
the United States.) The variables begin_month, begin_week, and begin_day
define the month, week, and day, respectively, when DST begins. The
variables end_month, end_week, and end_day define when DST ends.
Months are 1 (January) through 12 (December); weeks are 1 through 4;
days are 1 (Sunday) through 7 (Saturday). You can use negative numbers
to specify the weeks, where -1 is the last week of the month, -2 is the
second to last week, and so on. For example:
DSTlaw=4 1 1 10 -1 1
Defines DST as beginning in April (4), on the first week (1), on
Sunday (1); and ending in October (10), on the last week (-1), on
Sunday (1).
DST_Begin_Date
Syntax: DST_Begin_Date=date
Description: date is the date when daylight saving time will begin,
specified in dd/mm/year format.
In most cases, this parameter is not necessary. Some regions of the world
do not recognize the beginning of daylight saving time on the first
Sunday in April. If your server is in a region where this is true, use this
parameter to specify the exact date when DST begins. Use this setting
along with DST_End_Date, which specifies when daylight saving time
ends.
Applies to: Servers
Default: None, although if this setting is omitted, daylight saving time
begins the first Sunday in April.
UI equivalent: None
For information on additional ways to adjust the time stamp for daylight
saving, see the topics “DST,” “DST_End_Date,” and “DSTlaw” in this
chapter.
DST_End_Date
Syntax: DST_End_Date=date
Description: date is the date when daylight saving time will end,
specified in dd/mm/year format.
In most cases, this parameter is not necessary. Some regions of the world
do not recognize the ending of daylight saving time as the last Sunday in
October. If your server is in a region where this is true, use this
parameter to specify the exact date when DST will end. Use this setting
EditExpnumber
Syntax: EditExpnumber=value1, value2, value3, value4, value5...
Description: Settings used for file exports done at the document level.
These are valid values:
Parameter Enter
value1 Program name and file type
value2 The following append options:
0 - No append option offered
1 - Append option offered through a dialog box
2 - Automatically write to a temporary file to avoid the 64K limit
value3 Name of the export routine called
value4 Not currently used
value5 - x File extensions to automatically select a file type in the File Export
dialog box
Parameter Enter
value1 Program name and version
value2 Not used; always 0
value3 Name of the import routine called
value4 Not currently used
value5 - x File extensions to automatically select a file type in the File Import
dialog box
Applies to: Workstations
Default: None
UI equivalent: None
EmptyTrash
Syntax: EmptyTrash=value
Description: Specifies when and how the Trash folder will be purged of
documents marked for deletion. Options are:
0 - Prompt the user before closing the database
1 - Always empty the Trash folder before closing the database
2 - Empty the Trash folder manually
Applies to: Workstations
Default: 0
UI equivalent: File - Preferences - User Preferences - Basics - Empty
Trash folder.
EnableBiDiNotes
Syntax: EnableBiDiNotes=value
Description: Turns On/Off the support for BiDirectional Languages
(Arabic, Hebrew).
0 - Turns BiDirectional support off
1 - Turns BiDirectional support on
Applies to: Workstations
Default: 0 (off)
UI equivalent: None
FileDlgDirectory
Syntax: FileDlgDirectory=path
Description: Specifies the default directory for all file searches. If you
specify this setting, Domino looks only in the specified location.
Applies to: Servers
Default: None, although if this setting is omitted, Domino searches the
Domino Data directory.
UI equivalent: None
Fixup_Tasks
Syntax: Fixup_Tasks=number of tasks
Description: Specifies the maximum number of Fixup tasks that are
created at server startup. A Fixup task performs a consistency check on
any database that requires it. Server initialization continues while Fixup
tasks run.
Applies to: Servers
Default: Twice the number of CPUs on the system.
UI equivalent: None
FT_Domain_Idxthds
Syntax: FT_DOMAIN_IDXTHDS=number of threads
Description: Specifies the number of indexing threads to use for Domain
Search. Using more threads lets the Domain Catalog server index more
files simultaneously, but requires more CPU utilization, and response to
search queries may be slow. With fewer indexing threads, search speeds
up because of greater CPU availability, but changes are not reflected in
the index as quickly.
Applies to: Servers
Default: None, although if this setting is omitted, the default number of
threads used is two per CPU. For example, a server with two CPUs uses
four indexing threads by default when indexing. Do not exceed eight
threads per server or you may degrade the performance of the server,
even on servers with more than four CPUs.
UI equivalent: None
FT_Intl_Setting
Syntax: FT_Intl_Setting=language
Description: Imposes several limitations on full text functionality to let
Notes work properly with the Japanese language. When enabled (set to
1), this setting turns off stemming, makes all full text indexes
case-sensitive, and ignores the setting for the stop word file.
Applies to: Workstations
Default: None
UI equivalent: None
FT_Max_Search_Results
Syntax: FT_Max_Search_Results=number of entries
Description: Specifies the maximum number of results (up to
2147483647) that can be retrieved at one time on a database without any
index. For example:
FT_Max_Search_Results=10000
allows a single NotesDatabase or NotesDocumentCollection
“FTSearch” to return up to 10000 entries.
Applies to: Servers and workstations
Default: 5000
UI equivalent: None
FTG_No_Summary
Syntax: FTG_No_Summary=value
Description: Specifies whether document summaries can be displayed in
search results. If you use server access lists within a domain to limit
access to information, you might need to check the ACLs of databases on
those servers to ensure that results are filtered. Otherwise, a search might
return a result to a user who cannot access the result document. If the
Domain Catalog server is on a Windows system, search results can
include document summaries whereby users might be able to discern
confidential information. If you are running Domino on Windows and
are not sure that you can properly maintain database ACLs to prevent
this, you might want to disable document summaries by using this
setting in the Domain Catalog server’s NOTES.INI file.
XXX - Allows the display of document summaries in search results.
1 - Prevents the display of document summaries in search results.
Applies to: Servers
Default: XXX
UI equivalent: None
For information on Domain Search security, see the chapter “Setting Up
Domain Search.”
Health_Report_Purge_After_N_Days
Syntax: Health_Report_Purge_After_N_Days=N
Description: Used for server health monitoring. N is the number of days
that historical documents remain in the database. By default, historical
reports are purged from the database after seven days. To override the
default, add this variable to the NOTES.INI file, and specify the number
of days for which historical documents remain in the database.
Applies to: Servers
Default: 7 (days)
UI equivalent: None
HTTPLogUnauthorized
Syntax: HTTPLogUnauthorized=value
Description: When set to 1, the Web Server logs Error 401 instances to
the server console. These instances are generated in two cases:
• A user attempts to access a resource but is not authorized for it
• A user has failed to authenticate
Applies to: Servers
Default: None. Without this setting, Error 401 instances are not logged to
the server console. With or without this setting, Error 401 instances are
logged to the Web Server logs.
UI equivalent: None
IMAILExactSize
Syntax: IMAILExactSize=value
Description: Specifies that the IMAP service report the exact size of a
MIME message when requested by a client.
0 - The IMAP service estimates the message size
1 - The IMAP service reports the exact message size
By default, the IMAP service estimates the message size. This helps
improve server performance. Set this to 1 only if clients require the exact
size.
Applies to: Servers
Default: 0
UI equivalent: None
IMAP_Config_Update_Interval
Syntax: IMAP_Config_Update_Interval=number of minutes
Description: Specifies in minutes how frequently the IMAP server checks
for configuration changes made to the Domino Directory.
Applies to: Servers
Default: None, although the update interval is 2 minutes if this setting is
not included in NOTES.INI file.
UI equivalent: None
IMAP_Convert_Nodisable_Folder_Refs
Syntax: IMAP_Convert_Nodisable_Folder_Refs=value
Description: Specifies whether the mail conversion utility (CONVERT)
preserves folder references when updating mail files for use with the
Domino 6 IMAP service.
0 (or variable not set) - The conversion process disables folder
references.
1 - The conversion process preserves folder references
Applies to: Servers
Default: None, although without this setting, Domino removes folder
references during conversion.
UI equivalent: None.
In earlier releases of Domino, the IMAP service used folder references in
the mail template to retrieve IMAP folder and message data. Because the
Domino 6 IMAP service does not use folder references, and preserving
folder references retards IMAP performance, by default, when you run
the mail conversion utility (CONVERT) to prepare mail files for IMAP
use, it removes folder references from the converted mail files.
Set this variable only in environments where Domino applications other
than the IMAP service use folder references in mail files to track
information. When this variable is set, folder references are preserved
during all mail file conversions, whether performed manually from the
server console, or automatically as the result of an IMAP user logging in
to the IMAP service for the first time. Following conversion, the IMAP
folder and message data maintained by folder references is initially
synchronized with the Domino 6 IMAP information. However, as the
Router delivers new messages to the mail file, folder references are not
updated.
IMAPDisableMsgCache
Syntax: IMAPDisableMsgCache=value
Description: Specifies whether the IMAP server will cache the last
fetched message.
1 - Disable the cache
Applies to: Servers
Default: The IMAP server caches the last fetched message.
UI equivalent: None
IMAPGreeting
Syntax: IMAPGreeting=greeting
Description: Customizes the greeting the IMAP server sends to clients
connecting over TCP/IP.
Applies to: Servers
Default: None, although without the setting the following greeting is
used:
* OK Domino IMAP4 Server V5.0 ready Mon, 10 May 1999
17:57:13 -0500
UI equivalent: None
IMAPRedirectSSLGreeting
Syntax: IMAPRedirectSSLGreeting=greeting
Description: Customizes the message the IMAP server sends to clients
attempting to connect over TCP/IP when the TCP/IP port is configured
to Redirect to SSL.
Applies to: Servers
Default: None, although without the setting the following greeting is
used:
IMAP Server configured for SSL Connections only. Please
reconnect using the SSL Port portnumber.
UI equivalent: None
IMAP_Session_Timeout
Syntax: IMAP_Session_Timeout=number of minutes
Description: Specifies when the IMAP server drops idle IMAP client
sessions. We recommend specifying a setting greater than ten minutes;
many IMAP clients poll for new mail every ten minutes and the
overhead of supporting idle session is less than the overhead required to
support clients logging on and opening mailboxes.
IMAPShowIdleStatus
Syntax: IMAPShowIdleStatus=value
Description: If enabled, the command “sh task” at the server console will
show idle IMAP threads.
1 - Enable the display of idle IMAP threads
Applies to: Servers
Default: Off
UI equivalent: None
IMAPSSLGreeting
Syntax: IMAPSSLGreeting=greeting
Description: Customizes the greeting the IMAP server sends to clients
connecting over SSL.
Applies to: Servers
Default: None, although without the setting the following greeting is
used:
* OK Domino IMAP4 Server V4.6 ready Mon, 12 May 1997
17:57:13 -0500
UI equivalent: None
INET_Authenticate_with_Secondary
Syntax: INET_Authenticate_with_Secondary=value
Description: Allows a Domino POP3 server to use passwords stored in
directories other than the primary for services other than HTTP, such as
LDAP, IMAP, and POP3.
0 - Disables this setting.
1 - Enables this setting
Applies to: Servers
Default: 1
UI equivalent: None
InstallType
Syntax: InstallType=value
Description: Identifies the type of Notes client installed, as follows:
0 - Designer License Type
1 - Administration License Type
2 - Designer and Administration License Type
This line is updated when you perform an incremental setup after
installing Notes 5.
Applies to: Workstations
Default: None
UI equivalent: None
JavaJITName
Syntax: JavaJITName=name
Description: Enables the specified JIT. You must provide the named JIT
or an error is reported by the Java Virtual Machine (JVM), although
execution continues without the named JIT. Use the JavaJITName setting
to load a JIT other than the default JIT (if one is provided).
Caution JITs can be unstable and lead to unexpected crashes.
Applies to: Servers
Default: None
UI equivalent: None
JavaMaxHeapSize
Syntax: JavaMaxHeapSize=number of bytes
Description: Specifies the maximum—not initial—size the Java heap can
reach. The Java Virtual Machine (JVM) starts out at 16MB of heap space
and most of it is uncommitted. If the JVM needs more heap than it
currently has, it will expand the heap in increments but will not exceed
the maximum. Exceptions such as “java.lang.OutOfMemoryError”
indicate that a heap has reached its maximum size. You can specify the
number of bytes directly or use the suffix “MB” to indicate megabytes,
for example, specifying “64MB” is the same as specifying “67108864.”
Applies to: Servers
Default: 64MB
UI equivalent: None
JavaNoAsyncGC
Syntax: JavaNoAsyncGC=value
Description: Prevents the Java Virtual Machine (JVM) from running the
garbage collection (GC) mechanism in a separate background thread.
Specify 1 as the JavaNoAsyncGC value to debug internal JVM problems.
Applies to: Servers
Default: 0
UI equivalent: None
JavaNoClassGC
Syntax: JavaNoClassGC=value
Description: Prevents the garbage collection (GC) mechanism of classes,
which protects static fields. Specify 1 as the value to enable the
JavaNoClassGC setting.
Applies to: Servers
Default: 0
UI equivalent: None
JavaUserClasses
Syntax: JavaUserClasses=list
Description: Allows code-sharing across agents and applets. The value
list is a list of directories, JAR files, or ZIP files that are added to the Java
Virtual Machine’s internal classpath so that classes can be found via the
system loader (rather than via attachment to the agent or applet). Note
that this doesn’t replicate and requires access to the file system on the
server.
Use a semicolon (;) to separate list items for Win32 and OS/2 systems
and use a colon (:) to separate list items for UNIX systems; for example, a
valid list for Win32 is:
c:\classes;d:\appxyz\stuff.jar
JavaVerbose
Syntax: JavaVerbose=value
Description: Enables the verbose setting of the Java Virtual Machine
(JVM), which causes the JVM to issue many messages while it runs.
Specify 1 as the JavaVerbose value to troubleshoot runtime problems.
Applies to: Servers
Default: 0
UI equivalent: None
KeyFileName
Syntax: KeyFileName=path
Description: Specifies the location of the server ID or the user ID file.
This setting lets an administrator use one ID to run the server. For
example:
On Macintosh, KeyFileName=Notes:JForgo.ID
On UNIX, KeyFileName=/home/server1/notes/kbowker.id
On Windows, KeyFileName=C:\Lotus\Notes\DMccarrick.ID
For information on specifying a server ID file for a machine that runs
both the Notes workstation and Domino server programs, see the topic
“ServerKeyFileName” later in this chapter.
Applies to: Servers and workstations
Default: The ID for the administrator that you specify when you set up
the server.
UI equivalent: None
LANnumber
Syntax: LANnumber=port_driver, unit_ID, not_used, buffer_size
Description: Specifies information about network ports on servers and
workstations. For example:
LAN0=spx, 1, , 2000
LAN1=netbios, 0, 15, 2000, , 12288
The LAN0 port is configured for an SPX network connection. The LAN1
port is configured for a NetBIOS connection and contains additional port
setup information. Exclude the _ or i prefix and the .DLL extension from
the port driver name.
Applies to: Servers and workstations
Default: Specified during the Install program.
UI equivalent: On a workstation, File - Preferences - User Preferences -
Ports; on a server, the Ports tab in the Server document.
LDAPConfigUpdateInterval
Syntax: LDAPConfigUpdateInterval=number of minutes
Description: Specifies the interval at which the LDAP service detects and
puts into effect changes to these configuration settings:
• Settings in the domain Configuration Settings document except
“Choose fields that anonymous users can query via LDAP” and
“Allow LDAP users write access”
• NOTES.INI settings related to the LDAP service set through the Set
Configuration command
• LDAP activity logging settings on the Activity Logging tab of a
Configuration Settings document
LDAPGroupMembership
Syntax: LDAPGroupMembership=value
Description: The LDAP service always searches Domino groups
specified as “Multi-purpose,” “Access Control List only,” “Servers only,”
or “Deny List only” groups because it can do so quickly. However
because searches of Domino groups specified as “Mail only” groups or of
groups that do not have a value for the GroupType attribute can be slow,
by default the LDAP service does not always search these types of
groups. The LDAP service does not search these types of groups if a
search query meets all of the following criteria, indicating a query that is
typically used for authentication:
• A search query uses the equality filter objectclass=value, where value
is one of these object classes: groupOfNames, groupOfUniqueNames,
dominoGroup, or group.
• A search query uses an equality filter with one of these attributes:
member, uniqueMember, or members.
• The two filters above are concatenated using the AND operator.
For example, by default the LDAP service does not search Domino “Mail
only” groups and groups that do not have values for the GroupType
attribute if search queries such as these are specified:
• (&(objectclass=dominoGroup)(member=cn=jack
brown,o=acme))
• (|(&(objectclass=groupOfUniqueNames)(uniqueMember=cn=
jackbrown,o=acme))(&(objectclass=groupOfNames)(member=
cn=jack brown,o=acme)))
LDAPNotesPort
Syntax: LDAPNotesPort=port name
Description: Specifies the name of the Notes network port for TCP/IP that
you are linking the LDAP service with. This setting is required for a
partitioned server hosting LDAP, and for a single server hosting it if the
server more than one Notes port for TCP/IP.
Applies to: Servers
Default: None
UI equivalent: None
For information on binding an Internet service to an IP address, see the
chapter “Setting Up the Domino Network.”
Location
Syntax: Location=location_name
Description: Identifies the user’s current location.
Applies to: Workstations
Default: None
UI equivalent: File - Mobile - Choose Current Location.
Parameter Value
logfilename The log database file name, usually LOG.NSF
log_option Log options:
1 - Log to the console
2 - Force database fixup when opening the log file
4 - Full document scan
not_used Always set to zero; this parameter is not currently used
days The number of days to retain log documents
size The size of log text in event documents
For example:
Log=LOG.NSF,1,0,7,20000
The log file (LOG.NSF) is deleted in seven days and can contain up
to 20,000 bytes. All log information is also sent to the console.
Applies to: Servers
Default: Log=LOG.NSF,1,0,7,40000
UI equivalent: None
Log_AgentManager
Syntax: Log_AgentManager=value
Description: Specifies whether or not the start of agent execution is
recorded in the log file and shown on the server console:
0 - Do not log agent execution events
1 - Log agent execution events (partially and completely successful)
2 - Log agent execution events (completely successful only)
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Field Description
T Ticket Width
Examples of values are 64 and 128.
E Encryption Bit
Examples of values are 1 (Encrypted), 0 (Not encrypted), and 1:e
(Escrow for International).
S Encryption Strength
The first value is the key length; for example, 128, 64, and 40.
The second value is the algorithm; for example, 22 (RC4) and 2F (RC2).
continued
Log_Connections
Syntax: Log_Connections=value
Description: Specifies whether or not connection logging is enabled on
the server. When connection logging is enabled, the server console
displays the Notes network port, the network address of the requesting
system, and the network address of the destination server.
0 - Do not log connections
1 - Log connections
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Log_Console
Syntax: Log_Console=value
Description: Security administrators can use this setting to enforce the
logging of server console command output, which can otherwise be
prevented if the command is prefixed with an exclamation point (!).
0 - Console command logging turned off
1 - Console command output logged, unless it’s prefixed with an
exclamation point
Log_DirCat
Syntax: Log_DirCat=value
Description: Controls which information related to the Directory
Cataloger task is logged to the console and to the Miscellaneous Events
view of the log file (LOG.NSF):
1 - Logs when the Directory Cataloger starts and finishes, the name
and domain of each source Domino Directory as it is aggregated, the
number of entries processed.
3 - Logs same information as 1, except in addition, logs the names of
all entries processed. Using 3 is not recommended because it slows
performance and fills the log file. If you do use 3, use it only
temporarily.
Applies to: Servers
Default: None, although without this setting the log file only shows
when the Directory Cataloger starts.
UI equivalent: None
LogFile_Dir
Syntax: LogFile_Dir=directoryname
Description: Specifies the directory for the Console Log file
(CONSOLE.LOG, by default). If both this setting and the
Debug_Outfile setting exist and Debug_Outfile contains a fully
qualified path name, then LogFile_Dir is not used. If neither
Debug_Outfile or LogFile_Dir exist, then the default path
\DATADIRECTORY\IBM_TECHNICAL_SUPPORT is used.
Log_Replication
Syntax: Log_Replication=value
Description: Specifies the level of logging of replication events
performed by the current server:
0 - Do not log replication events
1 - Log that a database is replicating
2 - Log summary information about each database
3 - Log information about each replicated document (both design
and data documents)
4 - Log information about each replicated field
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Log_Sessions
Syntax: Log_Sessions=value
Description: Specifies whether individual sessions are recorded in the
log file and displayed on the console:
0 - Do not log individual sessions
1 - Log individual sessions
Applies to: Servers
Default: None
UI equivalent: The Log All Client Events setting that is an Advanced
server Setup option. You can also specify this setting in the NOTES.INI
Settings tab of the Configuration Settings document in the Domino
Directory.
Log_Update
Syntax: Log_Update=value
Description: Specifies the level of detail of Indexer events displayed at
the server console and in the log file:
0 - Records when the Indexer starts and shuts down.
1 - Records when the Indexer starts and shuts down and when the
Indexer updates views and full text indexes for specific databases.
2 - Records when the Indexer starts and shuts down and when the
Indexer updates views and full text indexes for specific databases.
Also records the names of views the Indexer is updating.
Applies to: Servers
Default: None
UI equivalent: None
MailCharSet
Syntax: MailCharSet=value
Description: Specifies the character set a POP3 server uses when
downloading mail messages to a POP3 client. value corresponds to a
character set as follows:
MailCompactHour
Syntax: MailCompactHour=value
Description: Use this setting to specify the time at which the router
should perform mailbox compaction.
Value is based on a 24-hour clock. For example, MailCompactHour=22
will cause compaction to initiate around 10pm.
Applies to: Servers
Default: In the absence of the setting, the router will perform mailbox
compaction at 4 AM.
UI equivalent: None
MailConvertMIMEonTransfer
Syntax: MailConvertMIMEonTransfer=value
Description: Enables or disables MIME message conversion on the
router. This can help minimize conversion overhead on the server
running the SMTP listener task.
0 - Router does not perform conversions for MIME messages
1 - Router performs conversions for MIME messages
Applies to: Servers
Default: 0
Mail_Disable_Implicit_Sender_Key
Syntax: Mail_Disable_Implicit_Sender_Key=value
Description: Determines whether to encrypt an encrypted message with
the sender’s public key:
0 - Does not encrypt the encrypted message with the sender’s public
key
1 - Encrypt the encrypted message with the sender’s public key
Applies to: Workstations
Default: 0
UI equivalent: None
Mail_Log_To_MiscEvents
Syntax: Mail_Log_To_MiscEvents=value
Description: Determines whether all mail event messages are displayed
in the Miscellaneous Events view of the log file:
0 - Does not display mail events in the Miscellaneous Events view
1 - Displays mail events in the Miscellaneous Events view
Applies to: Servers and workstations
Default: None, although if this setting is omitted, mail events are not
displayed in the Miscellaneous Events view.
UI equivalent: None
MailServer
Syntax: MailServer=server
Description: Specifies the server where the user’s mail file resides.
Applies to: Servers and workstations
Default: None
UI equivalent: The Mail Server field in the Mail tab of the Person
document in the Domino Directory.
MailSystem
Syntax: MailSystem=value
Description: Specifies the mail system that the user selected during the
workstation setup procedure:
0 - Notes mail
1 - cc:Mail or a non-Lotus mail system
Applies to: Servers and workstations
Default: None
UI equivalent: The mail system selection made during workstation
setup.
MailTimeoutMinutes
Syntax: MailTimeoutMinutes=number of minutes
Description: Specifies the number of minutes after which the server
returns undelivered mail to the sender. The maximum number of
minutes is 1440 (24 hours).
Note To specify a time greater than one day, use the NOTES.INI setting
MailTimeout.
Applies to: Servers
Default: None
UI equivalent: None
Map_Retry_Delay
Syntax: Map_Retry_Delay=number of minutes
Description: Specifies the number of minutes that a server waits after an
unsuccessful attempt to call another server before it tries again.
Applies to: Servers
Default: None
UI equivalent: None
MinNewMailPoll
Syntax: MinNewMailPoll=number of minutes
Description: Determines how often workstations can contact the server
to see if new mail has arrived for the user. This setting overrides the
user’s selection in the Mail Setup dialog box. You can increase the mail
polling interval if there are a large number of mail users on your server,
and you want to prevent frequent polling from affecting server
performance.
Applies to: Servers
Default: None
UI equivalent: None
Move_Mail_File_Expiration_Days
Syntax: Move_Mail_File_Expiration_Days=number of days
Description: Specifies the number of days that the Notes client updates
mail file related Change Requests. After this time period, these become
obsolete Change Requests. For example:
Move_Mail_File_Expiration_Days=30
Applies to: Servers
Default: None
UI equivalent: None
MTMaxResponses
Syntax: MTMaxResponses=number of responses
Description: Specifies the maximum number of message tracking
responses returned from a query. The number of responses returned will
be less than or equal to the MTMaxResponses value. Whenever a query
returns more than the MTMaxResponses limit, a message indicating this
appears on the Admininstration panel status line.
Applies to: Servers
Default: None, although if this setting is omitted, the maximum number
of message tracking responses returned from a query is 100.
UI equivalent: None
Names
Syntax: Names=name(s)
Description: Specifies the names of the secondary Domino Directories
that Domino searches to verify recipient names in mail messages. By
default, Domino searches only the primary Domino Directory, which is
typically named NAMES.NSF.
Note It is strongly recommended that you use directory assistance
rather than this setting to do lookups in secondary Domino Directories.
This NOTES.INI setting allows additional directories to be searched in
the order in which they appear and stops searching when it finds a
NetWareSpxSettings
Syntax: NetWareSpxSettings=value
Description: Specifies the decimal value of the Domino server’s IPX
socket.
Applies to: Servers
Default: None
UI equivalent: None
NewMailInterval
Syntax: NewMailInterval=number of minutes
Description: Defines how often (in minutes) Notes checks the user’s
Inbox for new mail.
Applies to: Workstations
Default: 1
UI equivalent: File - Preferences - User Preferences - Mail - Check for
new mail every x minutes.
NoDesignMenu
Syntax: NoDesignMenu=value
Description: Hides the Design menu on workstations.
0 - Shows the Design menu
1 - Hides the Design menu
Applies to: Workstations
Default: None, although if this setting is omitted, the Design menu
appears
UI equivalent: None
NoExternalApps
Syntax: NoExternalApps=value
Description: Protects against “mail bomb” viruses by disabling the
following workstation features:
• OLE, DDE, DIP, @Command
• @DBLookup, @DB Column (when using non-Notes drivers)
• @MailSend, @DDExxx
• Launching file attachments
• Subscribe on a Macintosh workstation
Use the following values to set this variable:
0 - Enables the workstation features listed above
1 - Disables the workstation features listed above
No_Force_Activity_Logging
Syntax: No_Force_Activity_Logging=value
Description: Controls whether the Statlog task automatically enables
activity logging on all databases:
0 - Allows automatic activity logging on all databases
1 - Prevents automatic activity logging on all databases
Even when activity is not being recorded for the database, the
information is still recorded in the Activity entry of the Database Usage
view in the server’s log file.
Applies to: Servers
Default: None, although if this setting is omitted, the Statlog server task
enables the Record Activity option for every database on the server and
adds 64Kb to each database.
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
NoMailMenu
Syntax: NoMailMenu=value
Description: Hides the Mail menu. When set to 1, the Mail menu doesn’t
appear on workstations. This setting also sets the user’s mail system to
None.
Applies to: Workstations
Default: None, although if this setting is omitted, the Notes Mail menu
appears.
UI equivalent: None
NSF_Buffer_Pool_Size
Syntax: NSF_Buffer_Pool_Size=number of bytes
Description: Specifies the maximum size (in bytes) of the NSF buffer
pool, a section of memory dedicated to buffering I/O transfers between
Domino and disk storage. The maximum size depends on any limitations
of the operating system, and the amount of system memory available.
The minimum size is 4MB.
Note You can also use NSF_Buffer_Pool_Size_MB to set the maximum
size of the NSF buffer pool. This is the same as NSF_Buffer_Pool_Size,
except it specifies the size in megabytes instead of bytes. Use
NSF_Buffer_Pool_Size_MB to avoid the 2GB limitation that exists for
NSF_Buffer_Pool_Size due to NOTES.INI variable limits. (NOTES.INI
variables are signed variables, and cannot be larger than 2GB.)
Applies to: Servers and workstations
Default: Determined automatically by the server or workstation. (This is
strongly recommended, except on partitioned servers.) The more
memory is available, the larger the server sets the default
NSF_Buffer_Pool_Size. On workstations, the maximum setting of the
NSF_Buffer_Pool_Size is 8MB (4MB for MAC). On the server, the default
maximum is determined to be between 1/8 and 3/8 of available physical
memory, depending on the overall size of physical memory. The defaults
are not automatically adjusted on partitioned servers, so it will usually be
necessary to adjust the maximum values in each partition to a fraction of
memory such that the memory used by all partitions adds up to
approximately 1/4 to 3/8 of memory.
UI equivalent: None
NSF_DbCache_Maxentries
Syntax: NSF_DbCache_Maxentries=number of databases
Description: Determines the number of databases that a server can hold
in its database cache at one time, where n is the number of databases.
Increasing the database cache size can improve system performance but
requires additional memory. The minimum number of databases allowed
in the cache at one time is 25; the maximum is approximately 2000,
depending on the server platform.
Applies to: Servers
Default: None, although if this setting is omitted, the number of
databases that the server can hold in its cache at one time is either 25, or
the NSF_Buffer_Pool_Size value divided by 300K (whichever is greater).
UI equivalent: None
Num_Compact_Rename_Retries
Syntax: Num_Compact_Rename_Retries=number of times to retry
Description: Domino attempts only once to rename a database that was
copy-style compacted. You can request additional attempts by specifying
a value in the Num_Compact_Rename_Retries setting in the NOTES.INI
file. Domino tries to rename until it succeeds or the number of retries is
exhausted. For example, to request that Domino try once again to rename,
specify Num_Compact_Rename_Retries=1; to request that Domino try 5
more times to rename, specify Num_Compact_Rename_Retries=5.
NWNDSPassword
Syntax: NWNDSPassword=NDS password
Description: Specifies the password for Domino to log in to the Novell
Directory Service (NDS) tree on system start-up. Until this setting is
added to the NOTES.INI file, an administrator must log in to the NDS
tree before starting the Domino server.
Applies to: Servers
Default: None
UI equivalent: None
For information on setting up NDS for a Domino server, see the
appendix “Novell Directory Service for the IPX/SPX Network.”
NWNDSUserID
Syntax: NWNDSUserID=NDS user ID
Description: Specifies the user ID for Domino to log into the Novell
Directory Service (NDS) tree on system start-up. Until this setting is
added to the NOTES.INI file, an administrator must log into the NDS
tree before starting the Domino server.
Applies to: Servers
Default: None
UI equivalent: None
For information on setting up NDS for a Domino server, see the
appendix “Novell Directory Service for the IPX/SPX Network.”
Passthru_LogLevel
Syntax: Passthru_LogLevel=value
Description: Specifies the level of trace information recorded for all
network connections (including passthru) in the Miscellaneous Events
view of the log file.
0 - No information is recorded
1 - Only errors are recorded
2 - Summary progress information is recorded
3 - Detailed progress information is recorded
4 - Full trace information is recorded
5 - Full trace information plus driver messages are recorded
Applies to: Servers and workstations
Default: 0
UI equivalent: File - Preferences - User Preferences - Ports - Trace -
Notes Log options
PhoneLog
Syntax: PhoneLog=value
Description: Specifies whether phone calls are recorded in the log file:
0 - Does not record phone calls to the log file
1 - Records all calls, except those that fail because of a busy signal
2 - Records all phone calls
PKCS11_Library
Syntax: PKCS11_Library=path
Description: Specifies the location of the server’s locally installed
PKCS#11 file for enabling Smartcards. For example:
PKCS11_Library=C:\Program Files\Schlumberger\Smart Cards and
Terminals\Common Files\slbck.dll
Applies to: Servers
Default: None
UI equivalent: The Smartcard installation wizard will prompt the user to
install the appropriate DLL for the Smartcard.
Platform_Statistics_Disabled
Syntax: Platform_Statistics_Disabled=value
Description: By default, Domino tracks performance metrics of the
operating system and captures the results in the Domino server. Use the
following setting to disable statistic reporting:
Platform_Statistics_Disabled=1
Note You must remove the setting from the NOTES.INI file altogether
to re-enable platform statistic reporting.
Applies to: Servers
Default: None
UI equivalent: None
POP3_Disable_Cache
Syntax: POP3_Disable_Cache=value
Description: Enables/disables message caching for users.
0 - Enables message caching
1 - Disables message caching
Applies to: Servers
Default: 0
UI equivalent: None
POP3DNSLookup
Syntax: POP3DNSLookup=value
Description: Enables/disables reverse DNS lookups of client host names.
0 - Disables reverse DNS lookups of client host names
1 - Enables reverse DNS lookups of client host names
Applies to: Servers
Default: 0
UI equivalent: None
POP3_Enable_Cache_Stats
Syntax: POP3_Enable_Cache_Stats=value
Description: Enables/disables message caching statistics.
0 - Disables message caching statistics
1 - Enables message caching statistics
Applies to: Servers
Default: 0
UI equivalent: None
POP3MarkRead
Syntax: POP3MarkRead=value
Description: Specifies whether POP3 messages should be marked as
read after downloading. A value of 1 instructs the server to mark the
messages as read. Default is 0 (messages are marked as unread).
0 - Do not mark POP3 messages as read
1 - Mark POP3 messages as read
Applies to: Servers
Default: 0
UI equivalent: None
POP3NotesPort
Syntax: POP3NotesPort=port name
Description: Specifies the name of the Notes network port for TCP/IP that
you are linking the POP3 service with. This setting is required for a
partitioned server hosting POP3, and for a single server hosting it if the
server has more than one Notes port for TCP/IP.
Applies to: Servers
Default: None
UI equivalent: None
For information on binding an Internet service to an IP address, see the
chapter “Setting Up the Domino Network.”
portname_MaxSessions
Syntax: portname_MaxSessions=number of sessions
Description: Restricts the number of sessions on a specified port.
Applies to: Servers
Default: None
UI equivalent: None
ProgramMode
Syntax: ProgramMode=value
Description: If the user sets up Notes with a Notes Mail ID or switches to
a Notes Mail ID (not a Lotus Notes Desktop ID), a value is written to the
NOTES.INI ProgramMode setting:
0 - Full Notes
1 - Notes Mail
8 - Desktop
Applies to: Workstations
Default: 1 (Full Notes)
UI equivalent: None
ReplicationTimeLimit
Syntax: ReplicationTimeLimit=number of minutes
Description: Specifies a time limit (in minutes) for replication between
one server and another. If this setting is not included in the NOTES.INI
file, there is no time limit.
Applies to: Servers
Default: None
UI equivalent: The Replication Time Limit field in the
Routing/Replication tab in the Connection document in the Domino
Directory.
Replicators
Syntax: Replicators=number of tasks
Description: Specifies the number of Replicator tasks that can run
concurrently on the server.
Note You must shut down and restart the server for this setting to take
effect.
Applies to: Servers
Default: 1
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Report_DB
Syntax: Report_DB=path
Description: When the Monitoring Configuration database
(EVENTS4.NSF) is created, it is placed in the Domino Data directory. Use
this setting to specify the location of the database if it is located
somewhere other than in the Domino Data directory.
Applies to: Servers
Default: None, but in the absence of any Report_DB setting in the
NOTES.INI file, the default path is Lotus\Domino\Data\events4.nsf.
UI equivalent: None
ReportUseMail
Syntax: ReportUseMail=value
Description: Allows the Reporter task to use the Router to send statistics
to another server in the same domain:
1 - Use the Router
0 - Use the network
Using the Router can be useful for reporting statistics over dial-up
connections to a central collection server.
Applies to: Servers
RouterAllowConcurrentXferToAll
Syntax: RouterAllowConcurrentXFERToALL=value
Description: Use this setting to enable/disable multiple concurrent
transfer threads for inter-domain Notes routing.
1 - Enables
0 - Disables
Applies to: Servers
Default: None, but if the setting does not appear in the NOTES.INI file,
Domino’s default behavior is to disable multiple concurrent transfer
threads for inter-domain Notes routing.
UI equivalent: None
For information on enabling multiple concurrent transfer threads
between Domino domains, see the chapter “Customizing the Domino
Mail System.”
RouterDisableMailToGroups
Syntax: RouterDisableMailToGroups=value
Description: Specifies whether the router should allow or deny mail
addressed to a group.
0 - Allow the Router to expand groups and forward a message to the
group members.
1 - Router will not expand any groups. It will return the message as a
failure report to the sender - rejected for policy reasons.
Applies to: Servers
Default: 0
UI equivalent: None
RouterEnableMailByDest
Syntax: RouterEnableMailByDest=value
Description: Use this setting to generate verbose mail routing statistics
per destination. These statistics may be useful when attempting to
troubleshoot routing related problems.
0 - No destination based statistics are generated by the router.
1 - Router maintains statistics for each mail routing destination,
which include the last successful/unsuccessful transfer time, total
number of messages routed, and the total number of failures.
Applies to: Servers
Default: None
UI equivalent: None
Sched_Dialing_Enabled
Syntax: Sched_Dialing_Enabled=value
Description: Enables or disables dialing out to check Busy Time.
Use the following values:
0 - Disables dialing out to check Busy Time
1 - Enables dialing out to check Busy Time
Applies to: Workstations
Default: Dialing out to check Busy Time is disabled.
UI equivalent: None
Sched_Purge_Interval
Syntax: Sched_Purge_Interval=number of days
Description: Specifies how many days prior to the current day to keep
busytime data. A value of 0 means data is never purged.
Applies to: Servers
Default: 7
UI equivalent: None
Schedule_No_CalcStats
Syntax: Schedule_No_CalcStats=value
Description: Enables or disables whether SchedMgr updates/calculates
statistics on an hourly daily basis, as follows:
0 - Enables update/calculation
1 - Disables update/calculation
Applies to: Servers
Default: 0
UI equivalent: None
Schedule_No_Validate
Syntax: Schedule_No_Validate=value
Description: Enables or disables whether SchedMgr validates its
busytime database entry on a daily basis, as follows:
0 - Enables validation
1 - Disables validation
Validation should be enabled under normal conditions.
Applies to: Servers
Default: 0
UI equivalent: None
Schema_Daemon_Idletime
Syntax: Schema_Daemon_Idletime=number of minutes
Description: Specifies how long (in minutes) the schema daemon
spawned by the LDAP service remains idle after it has completed its
tasks. After the schema daemon has been idle for the specified interval, it
begins its tasks again.
Applies to: Servers
Default: None, although without this setting, the schema daemon
remains idle for 15 minutes.
UI equivalent: None
Schema_Daemon_Reloadtime
Syntax: Schema_Daemon_Reloadtime=number of hours
Description: Specifies how often (in hours) the schema daemon spawned
by the LDAP service adds schema elements for new or changed Domino
Directory forms and fields to its in-memory schema. This operation
occurs only on the administration server for the Domino Directory and
not on other servers in the domain that run the LDAP service.
Schema_Daemon_Resynctime
Syntax: Schema_Daemon_Resynctime=number of hours
Description: Specifies how often (in hours) the schema daemon spawned
by the LDAP service updates the schema published in the Domino LDAP
Schema database with a newer in-memory schema. This operation occurs
only on the Domino Directory administration server, and not other
servers in the domain that run the LDAP service.
Synchronizing the Schema database with in-memory schema is a
CPU-intensive operation. You might set different intervals for
Schema_Daemon_Reloadtime and Schema_Daemon_Resynctime so the
two operations occur at different times. Or you might increase the
interval during periods when there are no schema changes.
Applies to: Servers
Default: None, although without this setting the schema daemon resync
interval is 24 hours.
UI equivalent: None
SecureMail
Syntax: SecureMail=value
Description: Entering 1 as the value forces the mail program to sign and
encrypt all mail sent from the workstation:
1 - Removes the Sign and Encrypt options from all dialog boxes
0 - Restores the Sign and Encrypt options
Applies to: Workstations
Default: None, although if this setting is omitted, the Sign and Encrypt
options appear
UI equivalent: File - Preferences - User Preferences - Mail - Encrypt sent
mail
Server_Cluster_Default_Port
Syntax: Server_Cluster_Default_Port=portname
Description: Specifies the port used for intracluster network traffic. The
value should be a port name — for example, TCP — as specified in the
Ports tab of the Server document.
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
ServerKeyFileName
Syntax: ServerKeyFileName=ID_file
Description: Specifies the server ID file to use on a machine that runs
both the Notes workstation program and the Domino server program.
Then, you edit the NOTES.INI KeyFileName setting to specify your user
ID as the ID to use when you run the Notes workstation or API programs
on the server machine.
For more information, see the topic “KeyFileName” earlier in this
chapter.
Applies to: Servers
Default: None
UI equivalent: None
Server_MaxSessions
Syntax: Server_MaxSessions=number of sessions
Description: Specifies the maximum number of sessions that can run
concurrently on the server. To prevent server overload, decrease this
number if you set up multiple Replicators or Routers.
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Server_MaxUsers
Syntax: Server_MaxUsers=number
Description: Sets the maximum number of users that are allowed to
access a server. When this number is reached, the server state becomes
MAXUSERS, and the server stops accepting new Database Open requests.
Use the following values to set this variable:
0 - Unlimited access to server by users
number - Restricts number of active users to the number you specify
ServerName
Syntax: ServerName=name
Description: Specifies the full hierarchical name of the server
Applies to: Servers
Default: None
UI equivalent: The Server Name field in the Server document.
ServerNoReplRequests
Syntax: ServerNoReplRequests=value
Description: Forces the server to refuse all replication requests from
other servers. When this feature is enabled, to replicate with this server,
the requesting server must perform pull-push replication:
0 - Accepts replication requests from other servers
1 - Refuses replication requests from other servers
Applies to: Servers
Default: None, although omitting this setting allows the server to accept
replication requests.
UI equivalent: None
ServerPushReplication
Syntax: ServerPushReplication=value
Description: Specifies that all scheduled replication initiated from this
server must be push-pull replication. This server does not request that
the other server replicate back.
0 - Scheduled replication occurs normally (push-pull replication is
not forced)
1- Other servers pull changes from this server, but this server cannot
pull changes from other servers
Applies to: Servers
Default: None, although omitting this setting allows for normally
scheduled replication.
UI equivalent: None
Server_Restricted
Syntax: Server_Restricted=value
Description: Enables or disables server access to a server. If access is
disabled, the server does not accept new Open Database requests.
Use the following values to set this variable:
0 - Server access is unrestricted
1 - Server access is restricted for the current server session. Restarting
the server clears the setting.
2 - Server access is restricted persistently, even after server restarts
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Server_Session_Timeout
Syntax: Server_Session_Timeout=number of minutes
Description: Specifies the number of minutes of inactivity after which
the server automatically terminates network and mobile connections. The
minimum recommended setting is 30-45 minutes. A lower setting may
negatively impact server performance. The ideal setting depends on
factors such as server load and the number of concurrent users on the
server.
Server_Show_Performance
Syntax: Server_Show_Performance=value
Description: Specifies whether or not server performance events are
displayed on the console.
1 - Displays server performance events on console
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
ServerTasks
Syntax: ServerTasks=name(s)
Description: Specifies the tasks that begin automatically at server startup
and continue until the server is shut down. For example:
ServerTasks=Replica, Router, Update, Stats, AMgr, Adminp, Sched,
CalConn, Event, Collect, MTC, RunJava ISpy
The server runs the Replicator, Router, Indexer, Stats, Agent Manager,
Administration Process, Schedule Manager, Calendar Connector, Event,
Collector, Mail Tracker Collector, and Mail Probe server tasks. Each task
increases the server’s load and may adversely affect server performance.
Note that RunJava ISpy is case sensitive and must be specified exactly as
shown.
ServerTasksAthour
Syntax: ServerTasksAthour=name(s)
Description: Schedules automatic server and database maintenance
functions. Enter the time in 24-hour format, where 0 is 12 AM (midnight)
and 23 is 11 PM. For example:
ServerTasksAt3=Catalog
ServerTasksAt7=Updall
ServerTasksAt16=Catalog, Updall, Statlog
At 3 AM, the server runs the Catalog task. At 7 AM, the server runs the
Updall task. At 4 PM, the server runs the Catalog, Updall, and Statistics
tasks.
Applies to: Servers
Default:
ServerTasksAt1=Catalog, Design
ServerTasksAt2=Updall, Object Collect mailobj.nsf
ServerTasksAt3=Object Info -Full
ServerTasksAt5=Statlog
UI equivalent: None
Setup
Syntax: Setup=revision number
Description: Identifies the version number of the software. The setting is
used by the Install program to determine whether or not to run the Setup
program. This variable also provides an upgrade audit.
Applies to: Servers and workstations
Default: None
UI equivalent: None
SetupServerAddress
Syntax: SetupServerAddress=address
Description: Identifies the address of the setup server. This can be either
a DNS name, or a telephone number (XPC or DUN) to connect to the
server. SetupServerAddress, together with SetupServerName, instruct
the Notes setup program to obtain setup information from the specified
server. If either variable is missing from NOTES.INI, the setup program
prompts the user for setup information.
Applies to: Workstations
Default: None
UI equivalent: None
SetupServerName
Syntax: SetupServerName=name
Description: Identifies the name of the setup server. SetupServerName,
together with SetupServerAddress, instructs the Notes setup program to
obtain setup information from the specified server. If either variable is
missing from NOTES.INI, the setup program prompts the user for setup
information.
Applies to: Workstations
Default: None
UI equivalent: None
SMIME_Strong_Algorithm
Syntax: SMIME_Strong_Algorithm=value
Description: Specifies the encryption method for encrypting MIME
messages to recipients whose public keys are longer than 512 bits, but do
not have the special “strong encryption” flag in their certificates. Possible
values are:
RC2_40
RC2_56
RC2_64
RC2_80
RC2_128
RC5_5
RC5_7
RC5_10
RC5_16
DES
3DES
SMIME_Weak_Algorithm
Syntax: SMIME_Weak_Algorithm=value
Description: Specifies the encryption method for encrypting MIME
messages to recipients whose public keys are shorter than 512 bits.
Possible values are:
RC2_40
RC2_56
RC2_64
RC2_80
RC2_128
RC5_5
RC5_7
RC5_10
RC5_16
DES
3DES
Applies to: Workstations
Default: None
UI equivalent: None
SMTPAllHostsExternal
Syntax: SMTPAllHostsExternal=value
Description: Use this setting to determine whether all hosts should be
subject to the anti-spam controls specified for the server.
0 - Exempts internal hosts from anti-spam controls.
1 - Internal hosts included for anti-spam controls.
SMTP_Config_Update_Interval
Syntax: SMTP_Config_Update_Interval=number of minutes
Description: Determines how often (in minutes) Domino checks to
determine whether the user has updated SMTP configuration
information. You can change Configuration documents while servers are
running. For the change to take effect, the server must periodically check
the Configuration document for changes. If the server discovers a
change, it rereads all settings. This setting lets you change the server’s
checking interval. A shorter time results in slightly higher overhead for
checking, but changes are noticed more quickly.
Applies to: Servers
Default: 2
UI equivalent: None
SMTPDebug
Syntax: SMTPDebug=value
Description: Controls the level of console logging performed by the
SMTP task.
0 - No logging
1 - Log errors
2 - Log Protocol commands
Applies to: Servers
Default: 0
UI equivalent: None
SMTPExpandDNSBLStats
Syntax: SMTPExpandDNSBLStats=value
Description: Use this setting to generate DNS blacklist filter statistics for
each connecting host found in a DNS blacklist site.
0 - Host specific DNS blacklist filter statistics are not generated by
the SMTP server.
1 - SMTP server generates host specific DNS blacklist filter statistics
which indicate the total number of hits per DNSBL site, per
connecting host’s IP address.
Applies to: Servers
Default: In the absence of this setting, the SMTP task maintains statistics
that track the total number of connecting hosts that were found on the
combined DNSBL of all sites combined, as well as how many were found
on the DNSBL of each configured site.
UI equivalent: None
SMTPNotesPort
Syntax: SMTPNotesPort=port name
Description: Specifies the port for the SMTP service, where port name is the
name of the Domino port for TCP/IP. This is required for partitioned
servers, and single servers that have more than one TCP/IP port.
Applies to: Servers
Default: None
UI equivalent: None
For information on binding an Internet service to an IP address, see the
chapter “Setting Up the Domino Network.”
SMTPNoVersionInRcvdHdr
Syntax: SMTPNoVersionInRcvdHdr=port name
Description: Use this setting to prevent Domino server product
information from being disclosed in SMTP Received headers.
0 - Domino-generated SMTP Received header will contain Domino
server product information, which includes the server version.
1 - Domino-generated SMTP Received header will not contain
Domino server product information.
Applies to: Servers
Default: In the absence of this setting, Received headers added by the
Domino server will include product information such as the server version.
UI equivalent: None
SMTPMTA_Space_Repl_Char
Syntax: SMTPMTA_Space_Repl_Char=character
Description: Specifies the character the SMTP MTA uses to replace
spaces in names. Choices are underline (_) or period (.). The following
restrictions apply to using periods as replacement characters:
• User names in the Domino Directory cannot contain periods. For
example, John R. Doe is not valid.
• You cannot use periods as the domain name separator if you
configure Domino domains to appear to the left of the @ sign in mail
addresses. If you do, a user name with periods replacing spaces can
be confused with domain names separated by periods.
Applies to: Workstations
Default: Underline
UI equivalent: None
SMTPSaveImportErrors
Syntax: SMTPSaveImportErrors=value
Description: Specifies whether mail message import errors are recorded,
as follows:
0 - No messages are recorded.
1 - When an arriving message fails to be written as a note in
MAIL.BOX, Domino writes the data stream to a temporary directory,
and logs the name of the file.
2 - All arriving messages have their data streams written to the
temporary directory.
SMTPStrict821AddressSyntax
Syntax: SMTPStrict821AddressSyntax=value
Description: Specifies whether the SMTP task requires addresses that
appear in MAIL FROM commands or RCPT TO commands be properly
formed according to the 821 standard (must contain <>):
0 - Does not enforce 821 standard
1 - Enforces 821 standard
Applies to: Servers
Default: 0
UI equivalent: None
SMTPStrict821LineSyntax
Syntax: SMTPStrict821LineSyntax=value
Description: Specifies whether the SMTP task requires all protocol text
be terminated by CRLF:
0 - 821 standard is not enforced (LF is accepted as a line terminator)
1 - 821 standard is enforced
Applies to: Servers
Default: 0
UI equivalent: None
SSLCipherSpec
Syntax: SSLCipherSpec=value1value2value3...
Description: (SSL users only) Determines which SSL-compliant cipher to
use to encrypt files on the server. Specification numbers correspond to
the following ciphers:
SSL_Resumable_Sessions
Syntax: SSL_Resumable_Sessions=number of sessions cached
Description: Specifies the number of resumable SSL sessions that will be
cached on the server. Setting this variable to 1 disables SSL session
resumption on the server.
Applies to: Servers
Default: 50
UI equivalent: None
SSL_Trace_KeyFileRead
Syntax: SSL_Trace_KeyFileRead=value
Description: Enables viewing of information on the current keyring in
use on a Domino server. To enable viewing, set SSL_Trace_KeyFileRead
to a value of 1. This enables viewing of protocols other than HTTP to see
if there is a valid keyring file present in the server’s Server document or
Internet site documents from the server console.
Applies to: Servers
Default: None
UI equivalent: None
SwapPath
Syntax: SwapPath=location
Description: Specifies the location of the server’s swap file. If this setting
exists in the NOTES.INI file, the Reporter or Collector server task uses
this location for the Server.Path.Swap statistic.
Applies to: Servers
TCP_EnableIPV6
Syntax: TCP_EnableIPV6=value
Description: Use this setting to enable Domino for IPv6.
0 - disables the feature
1 - enables the feature
Applies to: Servers
Default: None, but in the absence of the setting, IPV6 is disabled.
UI equivalent: None
TCP/IPportname_PortMappingNN
Syntax: TCP/IPportname_PortMappingNN=CN=servername/
O=organization,IPaddress:TCP/IP portnumber
Description: Specifies the TCP/IP port number of each partitioned
server sharing the IP address of the port mapping server. TCP/IPportname
is the name of the TCP/IP port which is specified in the NOTES.INI file
by the settings Ports=TCPIP. This entry is only valid in the NOTES.INI
file of the port mapper server. NN is any number from 00, 01, 02, and so
on to 99; only 00 to 04 are currently supported. Numbers must be
assigned in ascending order as an invalid break in the number sequence
causes subsequent entries in the NOTES.INI file to be ignored.
For example:
TCP/IPportname
_PortMapping00=CN=Server1/O=ACME,192.94.222.169:13520
TCP/IPportname
_PortMapping01=CN=Server2/O=ACME,192.94.222.169:13521
TCP/IPportname
_PortMapping02=CN=Server3/O=ACME,192.94.222.169:13522
The last number is the port number assigned to each partitioned server.
This number must be an available number as specified in Assigned
Numbers RFC 1340.
TCP/IPportname_TCPIPAddress
Syntax: TCP/IPportname_TCPIPAddress=0,IPaddress:TCP/IP portnumber
Description: Defines the IP address and port number for a Domino
server. TCP/IPportname is the name of the TCP/IP port which is specified
in the NOTES.INI file by the setting Ports=TCPIP. For example:
TCP/IPportname_TCPIPAddress=0,192.94.222.169:1352
Applies to: Servers
Default: None
UI equivalent: None
Temp_Index_Max_Doc
Syntax: Temp_Index_Max_Doc=number of entries
Description: Specifies the maximum number of results (up to
2147483647) that can be retrieved at one time—by an agent running on a
server—on a database without any index. For example, specifying
Temp_Index_Max_Doc=10000
allows a single NotesDatabase or NotesDocumentCollection “FTSearch”
running on a server to return up to 10000 entries.
To use the Temp_Index_Max_Doc setting for an agent running on a
server, you must also use the FT_Max_Search_Results setting and specify
the same value, for example
FT_Max_Search_Results=10000
For information on the FT_Max_Search_Results setting, see the topic
“FT_Max_Search_Results” earlier in this chapter.
Applies to: Servers
Default: 5000
UI equivalent: None
Topology_WorkInterval
Syntax: Topology_WorkInterval=number of hours
Description: Use this setting to specify how often the Maps server add-in
task updates the topology map data in the Domino Directory. Once set, it
will refresh n hours after the maps add-in program is started, and every
n hours after that.
Note You should not use the setting to refresh too frequently, because
the map data is stored in your Domino Directory and updates are
replicated throughout the domain.
Applies to: Servers
Default: None, however the Topology maps task normally refreshes
topology information once a day, every night at 2 AM.
UI equivalent: None
TransLog_Path
Syntax: TransLog_Path=path
Description: Specifies the path to the transaction log. The default
location is \logdir in the server’s data directory. However, it is strongly
recommended to store the transaction log on a separate mirrored device,
such as a RAID level 0 or 1 device with a dedicated controller. If you
change this field and have an existing transaction log, you must use the
operating system to move all the log files to the new log path.
Applies to: Servers
Default: logdir in the server’s data directory, for example c:\data\logdir
UI equivalent: “Log path” field in the Transactional Logging tab of the
Server document.
TransLog_Performance
Syntax: TransLog_Performance=value
Description: Specifies the trade-off between transactional log runtime
and restart recovery time, as follows:
1 - Favor runtime. The system stores more database changes in
memory writes fewer changes to the transaction log. Fewer writes to
disk improves server runtime.
2 - Standard (default)
TransLog_Status
Syntax: TransLog_Status=value
Description: Enables transaction logging for all Domino 5 databases on
the server, as follows:
0 - Transactional logging disabled
1 - Transactional logging enabled
You must upgrade databases to Domino 5 format before they can use
transaction logging.
Applies to: Servers
Default: 0
UI equivalent: “Transactional logging” field in the Transactional
Logging tab of the Server document.
TransLog_Style
Syntax: TransLog_Style=value
Description: Specifies the type of transaction logging. Options are as
follows:
0 - Circular (default). The system continuously reuses the extent log
files, overwriting old transactions.
1 - Archive. The system does not reuse extent log files and allows
you to use a backup utility to archive log files. This is recommended.
Applies to: Servers
Default: 0
UI equivalent: “Logging style” field in the Transactional Logging tab of
the Server document.
Update_No_BRP_Files
Syntax: Update_No_BRP_Files=value
Description: Determines whether or not the Fixup task creates BRP files.
When set to 1, the Fixup task will not create a BRP file when it encounters
an error in a view index.
Applies to: Servers
Default: None
UI equivalent: None
Update_No_Fulltext
Syntax: Update_No_Fulltext=value
Description: Turns off full-text indexing on a server.
0 - Turns full-text indexing on
1 - Turns full-text indexing off
Applies to: Servers
Default: None, although if this setting is omitted, full-text indexing is on.
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Update_Suppression_Limit
Syntax: Update_Suppression_Limit=value
Description: Overrides the NOTES.INI Update_Suppression_Time
setting if a certain number of duplicate requests to update indexes and
views are received.
Applies to: Servers
Default: None
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
Update_Suppression_Time
Syntax: Update_Suppression_Time=number of minutes
Description: Specifies the delay time between full-text index and view
updates, even if immediate indexing is scheduled as a server task.
Applies to: Servers
Default: 5
UI equivalent: None, although you can specify this setting in the
NOTES.INI Settings tab of the Configuration Settings document in the
Domino Directory.
UseFontMapper
Syntax: UseFontMapper=value
Description: Determines whether the font mapper is used to guess the
closest mappings between the font face name in a CGM metafile and the
currently installed fonts on a Notes workstation.
1 - Enables the font mapper
0 - Disables the font mapper
Applies to: Servers and workstations
Default: 1
UI equivalent: None
Parameter Enter
value1 Program name and file type
value2 The following append options:
0 - No append option offered
1 - Append option offered through a dialog box
2 - Automatically write to a temporary file to avoid the 64K limit
value3 Name of the export routine called
value4 Not currently used
value5 - x File extensions to automatically select a file type in the File Export
dialog box
ViewImpnumber
Syntax: ViewImpnumber=value1, value2...
Description: Specifies parameters to be used by file imports done at the
view level.
Parameter Enter
value1 Program name and version
value2 Not used, always 0
value3 Name of the import routine called
value4 Not currently used
value5 - x File extensions to automatically select a file type in the File Import
dialog box
WebAuth_Verbose_Trace
Syntax: WebAuth_Verbose_Trace=value
Description: Use this setting to troubleshoot problems with Web server
user authentication and Web server group searches for database access
verification. With the setting enabled, a Domino Web server records
detailed information about specific Web user authentication sessions at
the server console. Information includes authentication success or failure,
group cache information used to verify Web users’ membership in
groups for database access control, and the search filters used to find
user and group entries in an LDAP directory.
0 - Disabled
1 - Enabled
Note After you correct the problem, be sure to disable this feature (or
remove the setting altogether), because it slows Web server performance.
Applies to: Servers
Default: None
UI equivalent: None
Window_Title
Syntax: Window_Title=text
Description: Uses the specified text on the title bar.
Applies to: Servers and workstations
Default: None
UI equivalent: None
WinInfoboxPos
Syntax: WinInfoboxPos=value1, value2
Description: Determines the position of the InfoBox.
Applies to: Workstations
Default: 85, 193
UI equivalent: None
XPC_Console
Syntax: XPC_Console=value
Description: Displays the XPC console, which shows modem
input/output (if logged).
1 - Displays the console
0 - Hides the console
Applies to: Servers and workstations
Default: 0
UI equivalent: None
D-1
Template title and file Template name Purpose
name
Catalog (6) StdNotesCatalog Records and stores information
CATALOG6.NTF about the databases on a Domino
server.
Certificate StdCertificate Acts as a front-end to a single
Requests (6) Requests CA-process Internet certifier,
CERTREQ.NTF implementing a Web-based UI for
browser users to request client
certificates for their browser or
other internet client, and a Notes UI
for creating server key rings for
SSL-enabled Domino servers.
Certification Log StdNotes Maintains records of certified Notes
CERTLOG.NTF CertificationLog IDs in a Notes community.
Cluster Analysis (6) StdR4Cluster Generates reports about the cluster
CLUSTA4.NTF Analysis configuration to verify if the cluster
was configured correctly; locates
problems with the configuration.
Cluster Directory (6) STDR4Cluster Records and stores information
CLDBDIR4.NTF Directory about databases in a server cluster.
Database Analysis StdR4DBAnalysis Stores the results of a single
DBA4.NTF database analysis.
Database Library StdR4DatabaseLib Contains a list of public databases to
DBLIB4.NTF which users can request access.
Decommission Server StdNotes Produces reports to help
Reports Decommission decommission one server and
DECOMSRV.NTF Server replace it with a server that is
already set up.
DECS Administrator DECS Configures real-time back-end
Template Administrator connectivity between Domino and
DECSADM.NTF Template external systems when using the
DECS (Domino Enterprise
Connection Services) add-in task.
Design Synopsis DesignSynopsis Stores the results from a design
DSGNSYN.NTF synopsis of a database.
Directory StdMasterAddress Provides directory assistance to
Assistance (6) Book4.5 multiple directories.
DA50.NTF
continued
E-1
Rules for customizing the Domino Directory
To avoid rendering Domino inoperable, follow these rules when you
customize the Domino Directory.
For more information on designing views, fields, and forms, see
Application Development with Domino Designer.
New views
You can add new hidden views and new visible views. However, new
views might have an impact on the performance of both the Domino
Directory and the server.
Default fields
Do not change formulas, data types, multi-value settings, and keyword
choices for default directory fields. You can change the format of the
fields, including changing font, size, and color. You can relocate fields, as
long as fields that, by default, have a constraint — for example, a field
that contains a formula that depends on a value in the field above it —
maintain their relative placement. If you reformat or relocate default
directory fields, you must re-create your customizations when you
upgrade to a new version of the default Domino Directory template.
New fields
To add fields to a default form that comes with the Domino Directory,
create a subform that contains the new fields. If the default form has a
corresponding $xxxExtensibleSchema subform, insert the subform you
create into the $xxxExtensibleSchema subform. For example, to add
fields to the Person form, insert a new subform into the
$PersonExtensibleSchema subform. If you use an $xxxExtensibleSchema
subform and you later upgrade to a new version of the default Domino
Directory template, Domino preserves your customizations
automatically.
Default forms
Do not change the names of the forms that come with the Domino
Directory. You can add aliases, which are duplicate names. An alias
appears in the Form Properties box to the right of the form name and is
preceded by a vertical bar. It’s best to add a new alias rather than edit an
existing one. By doing so, programs that use the existing alias continue to
work properly. If you add or edit an alias, when you upgrade to a new
version of the default Domino Directory template, you must re-create
your customizations.
To hide a section of an existing form, select the section in the form,
choose Text - Text Properties, click the Hide tab (the fifth tab from the
left) and select appropriate hide options. If you later upgrade your
company’s Domino Directory with a new version of the default Domino
Directory template, you must repeat this step. If you hide a section of an
existing form, select the form, choose Design - Design Properties, click
the Design tab, and make sure “Prohibit design refresh or replace to
modify” is selected.
New forms
You can create new forms. If you want documents created from the
forms to be LDAP-accessible, you must follow a specific procedure to
create the forms.
For more information, see the topic “Using the Domino Directory to
extend the LDAP schema” later in the chapter.
Database icon
You can change the icon.
5. Click Template Server and select a server that stores the default
Domino Directory template (PUBNAMES.NTF).
6. Click “Show advanced templates.”
7. Choose Domino Directory (PUBNAMES.NTF) from the list of
templates.
8. Ensure that the “Inherit future design changes” field is checked.
Then when a new version of the default Domino Directory template
becomes available, ACMENAMES.NTF will inherit the design
changes.
9. Click OK. Acme’s Domino Directory template is now open.
10. Choose File - Database - Properties, and then click the Design tab
(fourth tab from the left).
11. Choose “Database file is a master template,” and then in the
Template name field, enter the template name:
StdAcmeDominoDirectory
d. Leave the other properties the same, and close the Subform
Properties box.
e. Save and close the new ExtensibleSchema subform.
6. Do the following to insert the new ExtensibleSchema subform into
the InheritableSchema subform:
a. With Subforms still selected, open the InheritableSchema
subform you created previously, for example
$acmePrinterInheritableSchema.
b. On the Extensible tab choose Create - Resource - Insert Subform.
c. Select the ExtensibleSchema subform you created — for example
$acmePrinterExtensibleSchema
d. Click OK.
7. Save and close the InheritableSchema subform.
8. Complete the procedure “Using the Domino Directory to create an
LDAP auxiliary object class.”
Form:
acmeLaserPrinter
Subform:
$acmeLaserPrinterInheritableSchema
(Attributes a, b, c)
Subform:
$acmePrinterInheritableSchema
(Attributes d, e, f)
You can also configure a new structural object class to inherit from a
default object class in the schema that is defined by a form.
1. Make sure that you are working in a copy of the Domino Directory
template (ACMENAMES.NTF) and that you have Designer or
Manager access in the ACL.
2. From the Domino Designer, open ACMENAMES.NTF.
3. In the left pane, select Shared Code and then Subforms.
4. Open the $xxxInheritableSchema subform for the subordinate object
class. For example, if you want the acmeLaserPrinter object class to
inherit from the acmePrinter object class, open the
$acmeLaserPrinterInheritableSchema subform.
5. Click the Inheritable tab, and do the following:
a. Choose Create - Resource - Insert Subform.
b. Select the InheritableSchema subform for the superior object
class. For example, select the $acmePrinterInheritableSchema
subform if you want the acmeLaserPrinter object class to inherit
from the acmePrinter object class.
c. Click OK.
6. Save and close the InheritableSchema subform for the subordinate
object class.
The preferred method for extending the LDAP schema is to use the
Domino LDAP Schema database. Use the Domino Directory to extend
the schema only if Notes or Web users require access to the new schema
elements through documents in the directory.
d. Specify the formula for the field in the pane below as follows:
FIELD $objectclass := $objectclass : “subform”;1
Where subform is the name of the subform you specified in step 5
— for example:
FIELD $objectclass := $objectclass : “building”;1
F-1
Create replica
Create a Roaming User
Delegate mail file
Delegate mail file on administration server
Delegate Web mail file
Delete database
Delete group in Domino Directory
Delete hosted organization
Delete person in Domino Directory
Delete Policy in Domino Directory
Delete resource
Delete roaming user
Delete server name in Domino Directory
Downgrade user from Roaming to Non-Roaming user
Find name in domain
Maintain Trends database record
Modify CA Configuration in the Domino Directory
Modify ID recovery information in Domino Directory
Modify resource
Modify user information stored in the Domino Directory
Move database from a cluster server
Move database from a non-cluster server
Move a mail file from one server to another
Move roaming user to another server
Place server’s Notes build number into Server record
Recertify Certificate Authority in Domino Directory
Recertify servers
Recertify users
Register hosted organization
Remove servers from cluster
Check access
Triggered by: Initiating the command from the Domino
Administrator.
Carried out on: The server that contains the database being
replicated.
Carried out: Immediately
Result: The Administration Process on the source server checks that
the user submitting the request and the destination server have at
least Reader access in the ACL of the database. If the user and
destination server have the necessary access and if a Connection
document between the source and destination server exists, the
Administration Process generates a “Create replica” request in the
Administration Requests database of the source server.
Create replica
To populate the replica, the user submitting the request and the source
server must have Create Replica access to the destination server.
Triggered by: Successful completion of the Check Access
administration request.
Carried out on: The destination server for the database.
Carried out: Immediately
Result: A new replica of the database is placed on the destination
server. The database is populated during the next replication.
Delete Database
You can delete (retract) a database and, optionally, delete all replicas of
the database. From the Domino Administrator, choose Files and select
the database you are deleting, and then choose Files - Delete. You are
prompted to verify that you do want to delete the selected file(s) and
presented with a check box in which to indicate whether you want to
delete all replicas. Click the check box to delete all replicas of those
databases.
Delete Replica
Triggered by: Completion of the “Request Replica Deletion” request.
Carried out on: Server on which the database exists.
Carried out: According to the “Interval” setting in the
Administration Process section of the Server document.
Result: The replica is deleted.
Delete
Yes from Domino Directory No
immediately?
Delete in Delete in
Access Control List Address Book
1 Hour 1 Hour
Delete in
Reader/Author
Fields
Weekly
Yes Delete No
from Domino Directory
immediately?
Delete in Delete in
Access Control List Address Book
1 Hour 1 Hour
Delete
No Delete Delete in Delete in Delete in Delete No mailfile, person No
mail file? Reader/Author Access Control Person mail file? record, and all
Fields List Documents replicas?
Weekly 1 Hour Daily Yes
Yes
Yes
End Delete in End End
Reader/Author
Fields
Weekly, Daily,
Get Information for or Combination
Deletion
Immediately Approve Deletion
of Private Design
Get Information Delete Approve File Elements
for Replica Deletion
replicas
Deletion? Yes
Upon Administrator Approval
Request to Delete
Request File
Private Design
Deletion
Elements
Immediately
Delete Unlinked
Mail File
2 Weeks
No Delete Yes
replicas of
mail file?
End
Delete resource
Approve resource delete
Triggered by: Performing a “Delete Resource” action in the Resource
Reservations database.
Carried out on: Any server.
Carried out: According to administrator’s approval.
Result: If you approve the request, the administration process
creates a “Remove Resource” administration request.
Delete resource
Triggered by: Approval of the “Approve resource delete” request.
Carried out on: The administration server of the Domino Directory.
Carried out: Immediately
Result: Removes the mail-in database resource for the Resource from
the Domino Directory.
Delete
Yes from Domino Directory No
immediately?
Delete in Delete in
Access Control List Address Book
1 Hour 1 Hour
Delete in
Reader/Author
Fields
Weekly
Delete replica
Triggered by: Successful processing of the “Approve Replica
Deletion” request.
Carried out on: The server on which the roaming files are stored.
Carried out: According to the “Interval” setting in the
Administration Process section of the Server document.
Result: Deletes all replicas of the user’s roaming files.
Move Replica
Immediately
1 Hour
Move replica
Triggered by: Completion of the “Check Access for move replica
creation” request.
Carried out on: The destination server (the server to which the
database is being moved).
Carried out: Immediately
Result: The Administration Process checks that the administrator
and the source server have Create Replica access to the destination
server. If so, the Administration Process creates a replica. The replica
is populated with documents the first time any server with the
complete replica replicates with the destination server. If Tivoli
Analyzer is running on the source server, posts the administration
request “Maintain Trends database record.” If Tivoli Analyzer is not
running on the source server, posts the administration request
“Monitor replica stub.”
Non-Cluster
Move Replica
Immediately
Approve Deletion
of Moved Replica
Request to Delete
Non-Cluster
Move Replica
Delete Non-Cluster
Move Replica
Delete Replica
This request is generated three times, once each for journal.nsf,
bookmark.nsf, and names.nsf.
Triggered by: Successful completion of the “Request replica
deletion” administration request.
Carried out on: Deletes the replicas on the old roaming server.
Carried out: According to the “Interval” setting in the
Administration Process section of the Server document.
Result: The replicas are deleted from the old roaming server.
Recertify servers
Triggered by: Initiating the Recertify Server command from the
Actions menu.
Carried out on: The administration server for the Domino Directory.
Carried out: According to the “Interval” setting in the
Administration Process section of the Server document.
Result: The server’s public key is updated, and the Server document
is updated with the new public key.
Rename Group in
Address Book
1 Hour
Rename Group
in Reader/
Author Fields
Weekly
Rename person
You can rename a user with the Administration Process by choosing
People - Rename from the tools pane of the Domino Administrator. The
following flowchart shows the sequence of Administration Process
requests that occur when you rename a person in the Domino Directory.
(Boxes represent requests.) The timing shown for each request is the
default, which you can customize through the Server Tasks -
Administration Process section of the Server document.
Initiate Rename in
Address Book
1 Hour
Change Request
Expires
Person accepts
No new name before
change request Delete Obsolete
expires? Change
End Requests
Yes
Daily
Rename Person
in Address Book
1 Hour
Rename Person in
Rename in Access Rename in Person
Free Time
Control List Documents
Database
1 Hour Daily Immediately
For information on renaming a Web user, see the topic “Rename Web
user” in this appendix.
For information on the administration requests that are generated when a
user refuses a proposed name change, see the topic “Rename person -
Name change refused.”
Initiate Rename in
Address Book
1 Hour
Change Request
No Server updates Expires
its ID before
change request
expires? Delete Obsolete
Change Requests
Yes
End Daily
Rename Server in
Address Book
1 Hour
Rename in
Reader/Author
Fields
Weekly
Check
No Yes Create
access for
new replica request is Replica
End creation mailed
G-1
Domino NDS object attributes
To examine the attributes of Domino NDS objects, use either NetWare
Administrator with Domino NetWare Administrator Snap-in
(NDSNOTES.DLL) or the Lotus NDS Manager. The following table
contains attributes for a Domino NDS object.
Attribute Description
Server Name NDS name of Domino server — for example,
CN=Chicago.OU=Sales.O=Acme
Network Address IPX address: network address: node address: socket number
— for example, IPX: 030000508: 00805F685BDA: 506f
Status UNINITIALIZED or INITIALIZED. If UNINITIALIZED, the
Domino server has not updated this object with its network
address. If INITIALIZED, the Domino server has updated
the object. However, if you are using Windows, the status
attribute shows UNINITIALIZED.
Version Domino build number — for example, 143
Description Optional comments about the object — for example, the
administrator’s name and location
NetWare Administrator
NetWare Administrator is Novell’s standard tool for administering NDS
and all objects in the tree. To access NetWare Administrator, run one of
the following:
• NWADMINNT.EXE if you are using a Windows NT or 2000 client
• NWADMIN95.EXE if you are using a Windows 95, 98, or XT client
Domino supplies a snap-in (NDSNOTES.DLL) to the NetWare
Administrator that allows Domino servers to be administered using one
standard tool. You must configure NetWare Administrator before you
can use the snap-in.
Using NetWare Administrator, you can access menus to determine the
actions that can be performed on the Domino server NDS object. Using
the snap-in, the Domino server becomes an object class. The Domino
server NDS object class and servers are represented by the Domino icon.
Task Command
Create the Domino server -c
NDS class
Remove the Domino server -r
NDS class
Add a Domino server to the -a
tree For example, this command adds the Domino
server Burke to the tree:
-a cn=Burke.o=Acme
Delete a Domino server from -d
the tree For example, this command deletes the Domino
server Burke from the tree:
-d cn=Burke.o=Acme
Read a Domino server’s -s
object attributes
Task Action
Create a Domino server NDS object Choose Tools - Define Notes Class.
class
Delete Domino server NDS object class Choose Tools - Define Notes Class.
Add a Domino server NDS object class Choose Object - Create.
Select Domino server object.
Enter the Domino server name.
Delete a Domino server NDS object Select the Domino server.
Choose Object - Delete.
Read a Domino server NDS object’s Select the Domino server.
attributes
View a Domino server NDS object’s Double-click the Domino server NDS
attributes object.
5. To add each Domino server NDS object to the NDS tree, do the
following:
• If you are using NetWare Administrator, choose Object - Create -
Notes Server Object and enter the Domino server name. You can
add information to the description if necessary.
• If you are using NDSMgr, enter this command:
ndsmgr -a cn=server_name.o=preferred_tree,
Setting Description
NWNDSUserID Specifies the NDS Service/UserID, which Domino uses
to log into the NDS tree.
NWNDSPassword Specifies the NDS Service Password, which Domino uses
to log into the NDS tree.
H-1
Enabling and using extended accelerator keys
Before you can use extended accelerator keys to navigate through the
Bookmark bar or the window tabs, you must enable the keys.
To enable extended accelerators for the Bookmark bar:
1. Choose File - Preferences - User Preferences.
2. Select Basics.
3. In the Additional Options box, select “Show extended accelerators”
and then click OK.
Keyboard shortcuts
The keyboard shortcuts in this section are based on U.S. standard
keyboards. If you are using a screen reader, you may want to maximize
your window so the tables of shortcuts are completely expanded and
accessible.
Press To do this
ALT+B, then number (extended Open bookmark on Bookmark bar
accelerators in User Preferences
must be enabled)
ALT+F5 Restore Domino Administrator to default
minimized size
ALT+F7, then ARROW keys, then Move position of active window
ENTER
ALT+F8, then ARROW keys, then Change size of active window
ENTER
ALT+F9 Minimize active window
ALT+F10 Maximize active windows
ALT+underlined letter for menu Access menu item
item
ALT+underlined letter for menu Move to next menu item
item, or ARROW keys
ALT+W, then number (extended Open window tab on task bar
accelerators in User Preferences
must be enabled)
CTRL+BREAK Stop operation in progress
CTRL+L, type URL, then ENTER Go to a Web page
CTRL+Q or ALT+F4 Exit Domino Administrator
CTRL+TAB Move to next window tab
ESC or CTRL+W Close active window
F1 Get Help on current feature
F5 Lock User ID
F6 Move to next pane or frame
F10 or ALT Access menu bar
SHIFT+ALT+S Open search menu
SHIFT+CTRL+TAB Move to previous window tab
continued
Press To do this
ARROW keys Move through embedded element
CTRL+N Create new database
CTRL+O Open database
ENTER Select item in embedded outline
ESC Exit embedded element
ESC or CTRL+W Close current database
F9 Refresh current document (in Edit mode),
view or workspace
MINUS (-) key Collapse folder in embedded outline
PAGE DOWN Move to bottom of active page
PAGE UP Move to top of active page
PLUS (+) key Expand folder in embedded outline
SHIFT+CTRL+F9 Update all views in current database
SHIFT+F9 Rebuild current document, view, workspace
(must have Manager access)
SPACEBAR Give focus to embedded element
UP and DOWN ARROW Move through embedded outline
Press To do this
DOWN ARROW or RIGHT Select next item in a list or set of options in
ARROW dialog box
ESC Cancel changes and close dialog box
F1 Get Help on current dialog box
SHIFT+TAB Move to previous option or set of options in
dialog box
SPACEBAR Access default or selected item(s) in dialog
box
TAB Move to next option or set of options in
dialog box
UP ARROW or LEFT ARROW Select previous item in a list or set of
options in dialog box
Press To do this
ALT+DOWN ARROW Open Color box in Font tab
ALT+UP ARROW Close Color box in Font tab
ALT+ENTER Open or close properties box
CTRL+ALT+ENTER Open or close express tools in properties
box
CTRL+END Move to last properties box tab
CTRL+HOME Move to first properties box tab
CTRL+PAGE DOWN Move to next properties box tab
CTRL+PAGE UP Move to previous properties box tab
DOWN ARROW or RIGHT Select next item in a list or set of options in
ARROW properties box
continued
Press To do this
CTRL+DOWN ARROW Move to next highlighted search word in
document appearing in preview pane
CTRL+E Edit document
CTRL+END Move to bottom of document
CTRL+F Find text and replace
CTRL+G Find next occurrence of text
CTRL+HOME Move to top of document
CTRL+P Print selected document
CTRL+PAGE DOWN Move to next tab in tabbed table
CTRL+PAGE UP Move to previous tab in tabbed table
CTRL+UP ARROW Move to previous highlighted search word
in document appearing in preview pane
continued
Press To do this
CTRL+A Select all contents of document
CTRL+C Copy selected text or object
CTRL+DOWN ARROW Move item in list or table one row down
CTRL+UP ARROW Move item in list or table one row up
CTRL+V Paste text or object
CTRL+X Cut selected text or object
DELETE Delete selected graphic
DELETE Delete selected text or object
SHIFT+CTRL+DOWN ARROW Select text up to same point of next line
SHIFT+CTRL+LEFT ARROW Select previous word
SHIFT+CTRL+RIGHT ARROW Select next word
SHIFT+CTRL+UP ARROW Select text up to same point of previous line
SHIFT+DOWN ARROW Select text to end of current line, move focus
to next
SHIFT+END Select text to end of current line
SHIFT+HOME Select text to beginning of current line
SHIFT+LEFT ARROW Select previous character
SHIFT+RIGHT ARROW Select next character
SHIFT+UP ARROW Select text to beginning of current line,
move focus to previous
Press To move to
CTRL+LEFT ARROW Beginning of current word
CTRL+RIGHT ARROW Beginning of next word
END End of line
HOME Beginning of line
SHIFT+TAB Previous field in a form
SHIFT+TAB Previous row in table
TAB Next field in a form
TAB Next row in table
Press To do this
CTRL+B Bold selected text
CTRL+E Put document in Edit mode (toggle)
CTRL+F Find text and replace
CTRL+G Find next
CTRL+I Italicize selected text
CTRL+J Format paragraphs (alignment, spacing, and
so on)
CTRL+K Format text (font, size, color, and so on)
CTRL+R Show/Hide ruler
CTRL+T Change text style to default (color changes only
if the text style is from a Paragraph Style)
CTRL+U Underline selected text
CTRL+Z Undo last action
F2 Enlarge selected text to next available point
size
continued
Press To do this
CTRL+A Select all documents in view
CTRL+C Copy selected document
CTRL+F Find text in view
CTRL+P Print selected document or view
CTRL+V Paste selected document
CTRL+X Cut selected document
DELETE Delete selected document (place document in
Trash folder)
ENTER Select item in embedded view
F3 Move to next selected document
F4 or TAB Move to next unread document
F9 Refresh current document (in Edit mode),
view, or workspace
SHIFT+CTRL+F9 Update all views in current database
SHIFT+DELETE Delete selected document permanently
SHIFT+F3 Move to previous selected document
SHIFT+F9 Rebuild current document, view, or
workspace (must have Manager access)
SPACEBAR Select or deselect document
This appendix describes the commands that you use to create a custom
Server.Load script.
Server.Load commands
Server.Load scripts consist of statements in a simple command language,
the Server.Load specification language. Each command simulates an
aspect of the Notes client functionality. You can build a script containing
a series of these commands to perform a complex task, such as reading
and deleting mail.
I-1
*Close the view
close
drop
@Else command
Use with the @If command in a Server.Load script.
Example
@If[DeleteEntry]
delete 1
@Else
add 1
@EndIf
@EndIf command
Use with the @If command in a Server.Load script.
Example
@If[DeleteEntry]
delete 1
@Else
add 1
@EndIf
@If command
Used in a Server.Load script to execute [Commands] if [Value] is
non-zero. @If is used to execute multiple commands or to use an @Else
condition.
Syntax
@If [Value] [Commands] [@Else [Commands]] @EndIf
Where:
• [Value] — Typically a NOTES.INI setting
Add command
Use in a Server.Load script to create new documents in a database
according to the value of a. Each new document consists of: an author
field with the current user’s name; a recipient’s field with the current
user’s name; the ordinal number of the document as a summary item; the
subject (summary) text item; the optional attachment item; and the body
(non-summary) text item.
If no number is specified, one note is created. If b is not specified, the
length of the summary data is a uniform random number between 1 and
100 bytes. If c is not specified, the length of the non-summary data is a
uniform random number between 100 and 300 bytes.
Syntax
Add(a, b, c)
Where:
• a — Number of documents to be added
• b — Length of summary item\“Subject\” (optional; default is \“”)
• c — Length of non-summary item \“Subject\” (optional; default
value is \“”)
Note The body (non-summary) value cannot exceed 65000 bytes.
Example 1
This example adds documents to the default view All Document $all.
changeto [mailserver]!!mail\mail[#].nsf mail60.ntf
-keepopen
add [a]
drop
Example 2
This example adds documents to the Inbox folder using -f (foldername).
changeto [mailserver]!!mail\mail[#].nsf mail46.ntf -keepopen
add [a] -f $Inbox
drop
Example 3
This example adds 1 document to the Inbox view with the subject
(Length of summary item) set to 30 bytes and the Body (Length of
non-summary item) is set to 10000 bytes.
changeto [mailserver]!!mail\mail[#].nsf mail46.ntf -keepopen
add 1 30 10000 -f $inbox
drop
BeginCrit command
Use in a Server.Load script to mark the beginning of a script’s critical
region. A critical region is a series of lines in a script that can only be
executed by one Server.Load simulated user (thread). The critical region
is marked by the BeginCrit and EndCrit pair. There can be a maximum of
6 critical regions per script.
BeginLoop command
Use in a Server.Load script to mark the start of the loop and the point to
which the Rewind statement returns control. A script can have one loop.
Break command
Use in a Server.Load script to allow the user to set program control after
an error.
Syntax
Break [x]
Where x is:
• 1 — To terminate program upon error
• 0 — To move on to next line upon error
The default is Break 1.
Cal command
Use in a Server.Load script to schedule an appointment or invitation.
Syntax
Appointment:
cal -a <db> <msgsz> <dur> <startrng> <endrng> <nthiter>
Invitation:
cal -i <db> <msgsz> <dur> <startrng> <endrng> <numrecip>
<nthiter>
Where:
• <dur> — Duration, in minutes
• <startrng> — Lower bound for the number of days ahead to
schedule
• <endrng> — Upper bound for the number of days ahead to
schedule
• <numrecip> — Number of recipients
• <nthiter> — Nth iteration of the script
Syntax
ChangeTo [database name] [database template name]
[-keepopen]
Where:
• [database name] — Full file name of the database
• [database template name] — File name of the template database
• [-keepopen] — Keeps the database open
Example 1
Using changeto to create a local database.
* Create local file using the journal template (journal.ntf)
* NOTES.INI contains setting templateversion=4
changeto journal.nsf journal[templateversion].ntf -KeepOpen
pause 5000
Example 3
Create and initialize mail file(s)
Note Uses Script Variable [NumMailNotesPerUser]
* Script to create and initialize mail file(s)
changeto [MailServer]!!mail\mail[#].nsf mail60.ntf
Console command
Use in a Server.Load script to allow you to issue remote server console
commands, similar to the Domino server console in the Domino
Administrator console. You must have administration rights on the sever
you are attempting to issue commands to.
Syntax
Console [server] [command]
Where:
• [server] — The server at which to execute the console command
• [command] — The command executed to the server
Example
This example uses the console command to issue a Show Stat command.
• The console command is analogous to remote console capability
• In this example sh stat is issued. Any server command can be
substituted.
Console [MailServer] sh stat
DbDelete command
Use in a Server.Load script to delete a database (locally or on a server). If
the database is on a server, you must have delete database access.
Syntax
DbDelete [dbname]
Where:
• [dbname] — Full database name. (Use server!!file if remote
database.)
Syntax
Delete [#]
Where:
• [#] — Number of documents to delete
Drop command
Use in a Server.Load script to drop all network connections on the
specified port.
Syntax
Drop [hangup] [port]
Where:
• [hangup] — Causes the connection to be disconnected.
• [port] — The port to be disconnected.
Example 1
Disconnects the connection on the port specified.
changeto [MailServer]!!mail\mail[#].nsf mail46.ntf
pause 1min
drop hangup tcpip
Example 2
Disconnects all user sessions on specified port
changeto [MailServer]!!mail\mail[#].nsf
pause 1min
Entries command
Used in a Server.Load script to simulate a user pressing PgUp and PgDn
or pressing Up and Down arrows to traverse a view.
Syntax
Entries [start] [end] <navigation option>
Where:
• [start] — Starting index ordinal position (optional; default is 1)
• [end] — Number of index entries to be read (optional; default is
“All”)
• <navigation option> — One of the navigation options, described
in the Navigate command.
ErrorDelay command
Used in a Server.Load script to set a time delay after a nonfatal error
occurs.
Syntax
ErrorDelay [delay]
Where:
• [delay] — Time to delay, in milliseconds. (Default is 150000 -
20000ms, or 15 to 20 seconds)
Syntax
FindByKey "[KeyField]#searchstring"
Where:
• key list — List of keys separated by semicolons. Each key is in the
<item>#<value> format, where <item> is the item, name, and
<value> is the value. The FindByKey “key list” argument is the
Field Name of the column searched, and the value of the data as it
appears in the column.
• option list — One or more of the following, each separated with a
space:
NO_ACCENT — Accent insensitive
NO_CASE — Case insensitive
PARTIAL — Partial compare
FIRST_EQUAL — First equal entry
LAST_EQUAL — Last equal entry
GREATER_THAN — All entries greater than
LESS_THAN —All entries less than
UPDATE_IF_NOT_FOUND — Update if not found
Example
Search a view containing a column referencing the field “Status” and
search for those “complete.”
FindByKey "[Keyfield]#complete"
Syntax
FindByName [searchstring] <optionlist>
Where:
• [searchstring] — The search collection whose primary sort key
matches the given null-terminated string
• <optionlist> — See the FindByKey command for <optionlist>
choices.
GetAll command
Used in a Server.Load script to fetch the ID table of all Note IDs from the
database. This command must be used before other commands — for
example, Stamp — that operate on random documents in the database
because those commands pick random notes out of this table. If this
command is not used, the master ID table will start from scratch.
Help command
Used in a Server.Load script to display help text. If [command] is
specified, help text for the command is displayed.
Syntax
Help [command]
@If command
Used in a Server.Load script to execute [Commands] if [Value] is
non-zero. @If is used to execute multiple commands or to use an @Else
condition.
Syntax
@If [Value] [Commands] [@Else [Commands]] @EndIf
Where:
• [Value] — Typically a NOTES.INI setting
ImailCheckForNewMail command
Used in a Server.Load script to purge deleted IMAP messages and check
for new messages.
ImailCloseMailbox command
Used in a Server.Load script to close the currently selected IMAP
mailbox.
ImailFetchEntry command
Used in a Server.Load script to get (UID Fetch) body for specified entry.
Syntax
ImailFetchEntry [navigator]
Where:
• [navigator] — CURRENT, NEXT, NEXT_UNSEEN, or FIRST. If
not specified, default is CURRENT.
Syntax
ImailFetchOld [navigator]
Where:
• [navigator] — CURRENT, NEXT, NEXT_UNSEEN, or FIRST. If
not specified, default is CURRENT.
ImailGetLastEntries command
Used in a Server.Load script to get (Fetch) last page of entries (UID, flags,
envelope) for use with ImailFetchEntry.
ImailGetNewMail command
Used in a Server.Load script to check for new IMAP messages.
ImailHelp command
Used in a Server.Load script to displays all available IMAP (IMail*)
commands with Help text.
ImailListMailboxes command
Used in a Server.Load script to list IMAP mailboxes.
Syntax
ImailListMailboxes [refmbox] [mailbox] [sub]
Where:
• [refmbox] — Root mailbox to list from. If not specified, default is
“”.
• [mailbox] — Root mailbox to list from. If not specified, default is
“”.
• [sub] — If TRUE, lists subscribed mailboxes; if FALSE, lists
non-subscribed mailboxes.
Syntax
ImailLogin [host] [user] [password]
Where:
• [host] — The Internet host name of the IMAP server — for
example, company.com
• [user] — The IMAP user name to log in as
• [password] — The password of the user
ImailLogout command
Used in a Server.Load script to log out of a server running IMAP.
ImailOpenMailbox command
Used in a Server.Load script to open (select) an IMAP mailbox (the Inbox
folder of the mail file).
Syntax
ImailOpenMailbox [mailbox]
Where:
• [mailbox] — The name of the mailbox to open
ImailPostMessage command
Used in a Server.Load script to add a message to the specified mailbox.
Syntax
ImailPostMessage [bodysize] [linesize] [mailbox]
Where:
• [bodysize] — Total size of the message
• [linesize] — Length of each line in the message, typically 80
Example
This example dreates a 2000-byte message in the Inbox. Each line in the
message contains 80 characters.
ImailPostMessage 2000 80 Inbox
ImailSetSeen command
Used in a Server.Load script to set current message as seen.
Index command
Used in a Server.Load script to update the currently open collection.
Syntax
Index
Example
Updating a view collection with the Index command. In this example, the
thread number is substituted for the pound symbol [#].
* Create one or more databases on mail server using (journal.ntf)
* NOTES.INI file contains setting templateversion=4
* Creation of multiple databases, based on the number of threads
* All test databases will be placed in the journal directory.
changeto [MailServer]!!journals\journal[#].nsf
journal[templateversion].ntf -KeepOpen
pause 5000
LDAPLookup command
Used in a Server.Load script to perform LDAP lookup for specified user
name.
Syntax
LDAPLookup <username>
Where:
• <username> — Performs cn=username search on host LDAPHost.
Note The NOTES.INI file must contain the setting
LDAPHost=system.domainname — for example, LDAPHost =
Server.acme.com
Lookup command
Used in a Server.Load script to search the Domino Directory
(NAMES.NSF) for names you specify.
Syntax
Lookup (a, b, c)
Where:
• a — Mail server name
• b — Namespace, specified as $users, $servers, $groups,$domain,
$people, $People, $ServerAccess, $CrossCertByRoot,
$CrossCertByName,$Users,$Servers, $Certifiers,
$CrossCertByRoot,$Certifiers, $Connections, $Profiles
• c — Names list; each entry separated by ASCII \0
Example
Lookup performed
Lookup fssaixw/ess $Users John Doe/WAS/Acme
Syntax
NABRetrievePOP3Mail <msg_num> <hostname> <options>
Where:
• <mst_num> — Message to retrieve. Use the value -1 to retrieve all.
• <hostname> — Host name of the server running SMTP MTA.
• <options> — POP3 retrieval options: USE_SSL uses SSL protocol,
LEAVE_ON_SERVER leaves messages on the server.
NABUpdate command
Used in a Server.Load script to update a number of random documents
of a particular type in the Domino Directory (NAMES.NSF) database.
Syntax
NABUpdate(a,b)
Where:
• a — Type of document to update (Person, Group, or Connection)
• b — Number of documents to update. If b is not specified, one
document is updated.
Navigate command
Used in a Server.Load script to read number of documents as listed in
index.
Syntax
Navigate [<a>[<option>[ASYNC]]]
Where:
• <a> — Number of documents to be read (optional; default is 1)
• <option> — One or more of the following navigation options. You
can string multiple options together as OR options, separated by
the split vertical bar (¦) character.
NewMail command
Used in a Server.Load script to poll for new mail.
Syntax
NewMail(a,b,c)
Where:
• a — Name of mail file (default is your mail file)
• b — Number of times to poll (default is 1)
• c — Millisecond delay between polls (default is 1000 ms)
NewReplicateDB command
Used in a Server.Load script to create empty database <target> as replica
of <source>.
Syntax
NewReplicateDB <source> <target>
NoteAdd command
Used in a Server.Load script to add a document with the specified
[Subject], [Body], [Attachment], [MsgCount], [NamedField], and
[FolderID].
Syntax
NoteAdd [-sSubject] [-bBody] [-aFileAttachment] [-cMsgCount]
[-nNamedField] [-fFolderID]
Where:
• Subject — Summary item “Subject”
• Body — Non-summary item “Body”
• Attachment — File name of attachment
• MsgCount — Number of messages to add
• NamedField — Named field
• FolderID — Add document to folder with this ID
Open command
Used in a Server.Load script to open a view collection.
Syntax
Open (a) <option>
Where:
• a — View document ID (optional; default is the default view) or
DESIGN to open the design collection. To open a view other than
the default view, enter the decimal value of last 3 digits in the
View Note ID converted from hex to decimal. To view this
property, open the list of views and select a view, then bring up
the Properties for the item.)
Pause command
Used in a Server.Load script to wait for a specified number of
milliseconds before performing the next command in the script.
Syntax
Pause (a)
Where:
• a — Number of milliseconds to wait, or any of the forms: (Xsec,
X-Ysec, Xmin, X-Ymin, Xhours, X-Yhours)
Populate command
Used in a Server.Load script to ensure that there are
(NumMailNotesPerUser) documents in the current database. This
command locks the database to prevent other users from simultaneously
performing another Populate command, gets the number of documents
currently in the database, and adds documents as necessary.
Syntax
Populate (NumMailNotesPerUser) [folder]
Where:
• NumMailNotesPerUser — Total number of documents you want
the database to have
• folder — Folder or view to which documents will be added
Example
This example creates and initializes a mail file(s); documents are added
to folder $Inbox.
changeto [MailServer]!!mail\mail[#].nsf mail46.ntf
Quit command
Used in a Server.Load script to terminate the open program.
Syntax
Quit
Read command
Used in a Server.Load script to open and close a specified number of
documents.
Syntax
Read (a)
Where:
• a — Number of notes to be opened and closed
Replicate command
Used in a Server.Load script to replicate with server.
Syntax
Replicate <server> <direction> <files> <options>
Where:
• <server> — Server with which to replicate
• <direction> — One of the following: PUSH, PULL, or BOTH
(optional; default is BOTH)
RetrievePOP3Mail command
Used in a Server.Load script to retrieve POP3 mail messages for a user.
Syntax
RetrievePOP3Mail <user> <password> <msg_num> <hostname>
<options>
Where:
• <user> — User’s POP3 account name
• <password> — User’s POP3 password
• <msg_num> — Message to retrieve; -1 to retrieve all
• <hostname> — Host name of the server running SMTP MTA
• <options> — POP3 retrieval options (USE_SSL for SSL protocol,
LEAVE_ON_SERVER to leave messages on the server)
Rewind command
Used in a Server.Load script to restart the script file, if one is given, up to
a maximum of n iterations, if n is specified. If the script contains a
BeginLoop statement, the next command executed is the one
immediately following the BeginLoop. Otherwise, the next command
executed is the first command in the script. If n is not specified, the
Rewind command is executed indefinitely.
Where:
• <n> — Number of times to restart the script
Rewind2 command
Used in a Server.Load script to restart the loop, up to a maximum of n
iterations, if n is specified. If the script contains a BeginLoop2 statement,
the next command executed is the one immediately following the
BeginLoop2 statement. If n is not specified, the Rewind2 command
executes indefinitely.
Syntax
Rewind2 <n>
Where:
• <n> — Number of times to restart the script
RSVPInvitation command
Used in a Server.Load script to send a response (acceptance) to an
invitation (if one exists). RSVP is subject to nthIteration.
SendMessage command
Used in a Server.Load script to create and send a mail message. The
random body text in the message is created by the same method as in
CREATEFILE. Message recipients are selected with a uniform
distribution from the people in the Domino Directory (NAMES.NSF) on
the source driver system. All replicas of the Domino Directory on the
source driver systems and SUT have the same content.
Syntax
SendMessage <message_size> <num_recipients> <nth_iteration>
<attachment>
SendSMTPMessage command
Used in a Server.Load script to create and send an SMTP mail message.
Syntax
SendSMTPMessage <message_size> <line_size>
<num_recipients/recipient> <hostname> <domain> <client_host>
<nth_iteration>
Where:
• <message_size> — Size of body text in bytes
• <line_size> — Size in bytes of each line in a multi-line message
• <num_recipients> — Number of random users in the Domino
Directory to receive the message
• <recipient> — A recipient’s e-mail address
• <hostname> — Host name of server running SMTP Listener
• <domain> — Domain of user for recipient addresses
• <client_host> — Client host name
• <nth_iteration> — Send a message every n script iterations
SessionsClose command
Used in a Server.Load script to close all open sessions. This statement
only closes sessions opened with SessionsOpen.
Syntax
SessionsClose
Syntax
SessionsOpen <server> <num_sessions>
Where:
• <server> — Server where the sessions will be created
• <num_sessions> — Number of sessions to create
SetContextStatus command
Used in a Server.Load script to set the context iteration status.
SetCalProfilecommand
Used in a Server.Load script to set the Owner and BusyName fields for
the current database.
Stamp command
Used in a Server.Load script to select ’a’ random documents from the list
of Note IDs returned from GetAll. Stamp modifies a summary data field
of length ’b’ in each document with the same random value.
Syntax
Stamp (a, b)
Where:
• a — Number of documents to be stamped
• b — New size of the summary item “Subject” (optional; default
is “”)
Syntax
Unread (a)
Where:
Update command
Used in a Server.Load script to update random documents in a database,
based on the value of ’a’.
Syntax
Update (a, b, c)
Where:
• a — Number of documents to be updated. If ’a’ is not specified,
one document is updated.
• b — New size of the summary item “Subject” (optional; default is
“”). If ’b’ is not specified, the length of the summary data is a
uniform random number between 1 and 100 bytes.
• c — Length of non-summary item “Body” (optional; defaults to
“”). If ’c’ is not specified, the length of the non-summary data is a
uniform random number between 100 and 300 bytes.
Syntax
WebGet -[sumonly | alldata] [{-url <urlname> [-walk <depth>
<span>] [-proxy <urlname>] } | { [-file <filename>] | <#
entries to fetch> [-concurrent | -sequential ] } ]
-[holdtime <ct> <st>]
Example 1
The command [-url www.lotus.com -walk 2 1] is interpreted from a Web
browser’s point of view as, “starting at web page www.lotus.com,” select
two links on the page to click (if the page has at least two links). Click the
first selected link, return back to the initial page, then click the second
link, and return back to the initial page.
Example 2
The command [-url www.lotus.com -walk 1 2] is interpreted from a Web
browser’s point of view as, “starting at web page www.lotus.com,” select
one link on the page to click. Click the link, then apply the same rule
recursively to each new page. Assuming that the first link clicked is
www.lotus.com/notes.htm, the rule then requires WebGet to find one
link on that page and traverse it. The span parameter indicates a
stopping point for the recursive process.
Additionally, -walk 0 0 indicates that WebGet should only request the
page indicated by <urlname> and no more. Equivalent to leaving out the
-walk switch.
Or, something like -walk 10000 10000 (or another large number) indicates
that you want WebGet to traverse every conceivable link on that page,
much like a Web robot.
Server.Load scripts
You can use any of these scripts with Server.Load:
• Sample scripts
• Idle Workload
• R5 IMAP Workload
• R5 Simple Mail Routing
• R5 Shared Database
• SMTP and POP3 Workload
• Web Idle Workload
• Web Mail Workload
drop
J-1
To documents to the Inbox folder
This script adds documents to the Inbox folder using the format -f
foldername.
changeto [mailserver]!!mail\mail[#].nsf mail6.ntf
-keepopen
add [NumMailNotesPerUser] -f $Inbox
drop
**Set Owner**
Setcalprofile
**Ensure there are enough documents in mail database (one time only)**
beginloop
sendssmtpmessage [NormalMessageSize] [MessageLineSize]
mail[#]@[RecipientDomain]
[SMTPHost] [RecipientDomain] [ClientHost]
rewind [NumMailNotesPerUser]
pause 60000
**Open views**
open $FolderInfo
close
open $FolderRefInfo
close
open $Inbox
close
drop
** Pause 10 to 20 seconds**
Pause 10000-20000
ImailFetchOld NEXT
**Pause 10 to 20 seconds**
Pause 10000-20000
**Pause 10 to 20 seconds**
Pause 10000-20000
ImailFetchOld NEXT
**Pause 10 to 20 seconds**
Pause 10000-20000
ImailFetchOld NEXT_UNSEEN
ImailSetSeen
**Pause 10 to 20 seconds**
Pause 10000-20000
**Pause 10 to 20 seconds**
Pause 10000-20000
**Open 5 documents in the mail file and read each for 10 to 20 seconds**
navigate 5
pause 50000 - 100000
**Schedule an appointment**
cal -appt "[MailServer]!![nb_dbdir]mail[#].nsf" 1000 30
7 14 [NthIteration]
pause 30000 - 50000
**Schedule an invitation**
cal -i "[MailServer]!![nb_dbdir]mail[#].nsf" 1000 60 2 3
[NumMessageRecipients] [NthIteration]
pause 30000 - 50000
**Delete 2 documents**
delete 2
**Make sure there are enough documents in mail database (one time
only)**
populate [NumMailNotesPerUser]
close
**Page down the view 2 times, spending 3-10 seconds to read each
window**
entries 21 20
pause 3000 - 10000
entries 41 20
pause 3000 - 10000
**Open next 3 unread documents and read each for 10-30 seconds**
navigate 1 next_unread
pause 10000 - 30000
navigate 1 next
pause 10000 - 30000
navigate 1 next
pause 10000 - 30000
add [DiscDbAddDocRate] 100
**Open views**
open $Inbox
close
**Populate the mail database by having the thread send Web mail to
itself**
webget -url [httphost]/[nb_dbdir]mail[#].nsf -h 10 10
1000-2000 -mis
[NormalMessageSize] mail[#]/[Domain] 1
rewind [NumMailNotesPerUser]
setcalprofile
**Make sure the user preferences are set to have the mail owner =
mail[#]**
@If NOT [WebPreferencesOff]
webget -url [httphost]/[nb_dbdir]mail[#].nsf -mp
@EndIf
**Wait 1 - 3 minutes**
pause 60000-180000
**Wait 4 - 6 minutes**
pause 240000-360000
Index-1
POP3 and, 57-10 Administration Execution Control extended, 15-33
replication and, 57-10 List, 41-6, 41-14 for databases, 15-6
SMTP and, 57-10 creating, 41-11 options, 15-4
the log file and, 57-1 default security and, 41-7 Administrator approval
types of information logged, 57-2 Administration preferences administration requests, 15-21
viewing logged setting, 16-5, 16-7 to 16-9, 16-11, Administrator ID-recovery
data, 13-24, 57-13, 57-15 16-24 information
Web servers and, 57-4 Administration Process changing, 39-21
Activity Trends ACL requirements, 15-13 Administrators
data collection, 54-21 and Domino Change allowing access to Web
interpreting profile charts, 54-41 Manager, 54-48 Administrator, 16-20
overview, 54-17 creating replicas with, 7-9 full access, 38-8
profiles, 54-22 to 54-25 customizing, 15-29 restricted system, 38-8
resource balancing, 54-26 to described, 15-1 restricting access, 38-8
54-28, 54-30 to 54-43 error messages, 15-36 server access, 59-1, 38-8
resource balancing, Extension Manager and, 15-30 system, 38-8
overview, 54-34 number of threads, 15-29 Administrators field
resource balancing, password checking with, 39-9 Domino Directory, 19-12
setting up, 54-27 setting up, 15-5 AdminP Mail Notification
setting up, 54-18 setting up directory assistance Agent, 5-57
viewing, 54-47 with, 23-30 ADSync
viewing charts, 54-25 setting up for databases, 40-24 options, 17-29
AD DUS (Active Directory Domino suspending, 15-28 Advanced controls
Upgrade Service), 17-25 Tell commands, A-46 setting, 28-46
Add command troubleshooting, 63-8 Advanced user registration, 5-13
described, I-3 updating the ACL with, 40-23 Agent log
Address Book verifying setup of, 15-7 troubleshooting with, 63-13
deleting groups from, F-11 Administration Process requests Agent Manager
deleting servers from, F-25 described, F-1 capacity, 60-8
deleting users from, F-15 Administration Process performance, 60-6
Address format statistics, 15-35 Tell commands, A-47
Domino domain, 26-21 Administration requests troubleshooting, 63-12 to 63-13
Internet, 27-54 across domains, 15-8 viewing status of, 60-9
outbound mail, 27-54 approving, 15-21 Agents
Address lookup cross-domain, F-70 activity logging, 57-3
for inbound SMTP error messages, 15-36 Averaging, 36-19
messages, 27-47 managing, 15-25 controlling on servers, 28-9
Addresses scheduling, 15-31 creating, 40-17
Domino domain, 26-21 suspending, 15-28 for deleting and archiving
Internet, 27-50, 27-52, 27-57 time-based, F-90 documents, 61-27
mail routing, 26-21, 26-25, 27-42 Administration Requests Purge, 36-15
SMTP, 27-52 database, 15-2 Refresh, 36-18
using group names in, 28-32 described, 15-19 restricting, 40-18
using phrases in, 28-134 icons, 15-23 scheduling, 60-8
Addressing, type-ahead replicating, 19-17 Server.Load, 62-4
disabling, 28-6 size, 15-26 setting time-out for mail, 28-9
troubleshooting, 63-27 troubleshooting with, 63-2 SNMP, 53-1
Adjacent domain document user access, 15-28 troubleshooting, 63-12
creating, 27-23 views in, 15-19 Web Navigator database, 36-11
Admin setting Administration roles Agents, uses for
described, C-2 Domino Directory ACL, 19-10 in Domino Off-Line
Administration document Administration servers Services, 11-19
Web Navigator database, 36-10 Domino Directory, 15-2 to 15-3, offline applications and, 11-19
21-5
Index-2
AIX AMgr_UntriggeredMailInterval Attachments
configuring partitioned setting compressing, 61-6
servers, 2-50 described, C-8 Domain Index and, 10-12
configuring SNMP Agent AMgr_WeekendDays setting format for sending from
for, 53-12 described, C-8 Macintosh clients, 28-133
Alarms Analysis report Attributes
for Server Health Monitor, 54-10 for decommissioning a adding to LDAP schema, E-20
Alias dereferencing server, 59-3 adding to schema, 21-13
Directory Assistance documents Anonymous access described, 21-1, 21-4
and, 23-48 in a hosted environment, 14-4 Authentication
Aliases Internet/intranet users, 42-25 described, 38-1
in ACL, 40-7 LDAP service and, 20-16 to 20-17, examples, 42-21
in DNS, 2-18 20-20 IMAP port, 31-5
Allow_Access setting setting up, 38-13, 38-16 Internet/intranet
described, C-3 SSL, 46-15 clients, 42-3, 42-27
Allow_Access_portname setting virtual servers, 3-42 of hosted organizations, 14-4
described, C-3 Web users and, 40-8 overview, 38-1
Allow_Passthru_Access setting Anti-relay controls password checking with, 39-4
described, C-4 effect on message transfer, 28-85 POP3 port, 30-2 to 30-3
Allow_Passthru_Callers setting setting, 28-81 session-based, 42-6
described, C-4 Anti-spam controls SMTP AUTH
Allow_Passthru_Clients setting settings for, C-101 command, 28-62, 28-69
described, C-5 API SMTP port, 28-59
Allow_Passthru_Targets setting creating event notification, 52-16 SSL, 46-15
described, C-5 AppleTalkNameServer setting SSL client, 46-25, 47-18
Alternate Language Information described, C-8 SSL server, 47-3
document Application design element troubleshooting, 63-104
creating, 20-31 security, 37-15 user names, 40-7
viewing, 20-31 Application security, 37-14 Web Administrator, 63-109
Alternate languages Application templates Web clients and, 42-19, 42-23
described, 5-38 table of, D-1 IMAP service
LDAP service, 20-29 Applications and, 28-60, 31-2, 31-6,
Alternate names for hosted environments, 12-15 Author access
adding to a user ID, 5-40 Approve person’s name change actions, 40-14
certifier IDs and, 5-39 request, F-5 privileges, 40-16
changing, 5-62, 5-57 Archive criteria Authors
deleting, 5-57 for policies, 9-28 displaying for Server Web
in ACL, 40-7 Archive policy settings Navigator, 36-12
AMgr_DisableMailLookup setting creating, 9-25 Authors field
described, C-5 Archives, database updating, 40-29
AMgr_DocUpdateAgentMinInterval accessing, 61-26 AutoDialer task
setting Archiving Network dialup connections
described, C-6 agents for, 61-27 to 61-28 and, 4-40
AMgr_DocUpdateEventDelay databases, 58-37 Notes Direct Dialup and, 4-44
setting deleted documents, 61-25 setting up, 4-42
described, C-6 documents, 61-20 AutoLogoffMinutes setting
AMgr_NewMailAgentMinInterval policies for, 9-22 described, C-9
setting policy settings example, 9-24 Automated client installation, 5-45
described, C-7 transaction log files, 55-5 Autoscale
AMgr_NewMailEventDelay setting viewing document Archiving scaling statistics, 52-37
described, C-7 Log, 61-27 Auxiliary object classes
AMgr_SchedulingInterval setting Assign Policy tool adding to schema, E-17
described, C-7 using, 9-40 described, 21-2
Index-3
Availability threshold using before shutting down the command line switches for, A-9
setting, C-91 server, A-14 commands for, A-9
Averaging agent Browsers CD format. See Notes rich text format
enabling, 36-19 accessing Web server with, 34-5 CDP_Command setting
using for administration, 16-17 described, C-11
Browsing CD-ROM updates
B Web, 36-1 replication and, 7-17
Backing up Build number Central Directories view
databases, 55-2 in Server document, F-47 described, 19-7, 19-9
servers, 63-7 BUSYTIME.NSF Central directory architecture
Basic password authentication purge interval, C-86 described, 19-2
setting up, 42-3 Byte-range serving Extended Directory Catalogs
SSL, 46-15 Web server and, 34-56 and, 19-4
Basic user registration, 5-11 managing, 19-5
Batch file installation planning, 18-2, 19-4
clients, 5-46 C primary Domino Directories
BatchRegFile setting CA key ring and, 19-9
described, C-9 displaying, 45-7 Certificate
BeginCrit command exporting, 45-7 removing from Domino or LDAP
described, I-4 CA policy information directory, F-49
BeginLoop command storing in Domino Directory, F-62 Certificate Authority
described, I-4 CA process CA key ring, 45-2
BeginLoop2 command adding certifiers, 44-7 creating, 45-2
described, I-5 creating certifiers, 44-8 displaying the CA key ring
Benchmarks described, 44-1 file, 45-7
server performance, 60-2 Tell commands, A-48 exporting the CA key ring
Billing viewing certifiers list, 44-24 file, 45-7
in a hosted environment, 12-14 Cache internal, 45-1
BillingAddinOutput setting setting for Server Web merging certificates, 46-10
described, C-9 Navigator, 36-18 recertifying, F-47
BillingAddinRuntime setting Cal command removing as trusted root, 46-21
described, C-10 described, I-5 server-based, 44-1
BillingAddinWakeup setting Calendar and scheduling setting up, 45-1
described, C-10 collecting detailed user setting up SSL on
BillingClass setting information, 8-20 server, 45-5, 44-17
described, C-10 collecting user calendar third-party, 47-10, 47-21
BillingSuppressTime setting information, 8-20 troubleshooting, 63-101
described, C-11 described, 8-1 viewing server certificates, 46-20
Binary tree topology example, 8-2 Certificate Authority administrator
replication and, 4-9 Holiday documents, 8-17 tasks, 44-4
Bindery Service profile command, I-26 Certificate Authority profile
Domino and, 2-30 Server.Load script command, I-5 configuring, 45-4
server names and, 2-31 Call waiting Certificate requests
Binding disabling, 63-49 processing, 44-1
port-to-IP address, 2-46 to 2-47 Capacity planning viewing, 44-24
Bookmarks tools, 60-2 Certificate Requests database
search forms and, 10-18, 10-20 Catalog task creating, 44-14
Break command Domain Catalog Certificate revocation lists
described, I-5 database, 10-2, 10-6 described, 44-2
Broadcast command Catalog, Domain. See Domain CertificateExpChecked setting
described, A-12 Catalog described, C-12
using before restarting the Catalogs, database Certificates
server, A-23 for servers, 51-4 to 51-5 certifier IDs and, 1-7
cconsole, A-8 defined, 39-1
Index-4
deleting, 47-12 Character sets Collector task
described, 39-3 aliases for, 28-131 overview, 52-1
displaying, 39-3 enabling auto-detection of, 28-126 Command line installation, 5-47
in a hosted environment, 13-5 language codes and encoding Commands
Internet, 45-2, 47-10, F-4 for, 28-120 capturing output to file, A-2
managing server, 46-20 specifying for MIME Controller, A-3
merging server, 46-12 messages, 28-118, 28-126 custom, A-6
renewing, 46-21 Web, 34-31, 34-33 entering from the UNIX
revoking, 44-2, 44-23 Checkpoint records command line, A-8
self-certified, 46-22 activity logging and, 57-2 help for, I-12
signing and adding to Domino Client authentication modem command file, 63-48
Directory, 47-7 directory assistance shell, A-3
SSL and S/MIME, 47-5 and, 23-3, 23-14 table of, A-10
SSL server directory catalogs and, 24-9, 24-11 Common Gateway Interface, 34-2
authentication, 47-3 directory search order, 18-15 time-out setting, 34-53
troubleshooting and, 63-83 SSL, 46-1 Common names
trusted root, 46-9, 47-3 Client information Internet, 45-2
Certificates, SSL updating in Person record, F-64 renaming, 5-57
adding for Server Web Client installation, 5-41 server IP name and, 2-16, 2-22
Navigator, 36-8 setting up for users, 5-41 Communication ports
creating a Certificate single user, 5-43 options, 4-47
Authority, 45-2 Clients setting up, 4-34, 4-46
expired, 46-21 setting up for S/MIME, 47-13 COMnumber setting
self-certified, 46-22 setting up for SSL client described, C-14
setting up, 47-3 authentication, 47-18 Compact task
viewing information, 46-20 Clients, mail archiving documents with, 61-20
viewing requests for server, 46-21 POP3, 30-11 IND file, 61-22
Certification routing protocols and, 27-3 options, 61-17
described, 39-2 types of, 26-15 renaming databases, C-74
Certification Log ClockType setting running, 61-16
Administration Process described, C-13 scheduling, 61-23
requirements, 15-3 Close command specifying database path, 61-22
described, 3-28 described, I-8 upgrading database format, 31-28
Certifier documents Clrepl_Obeys_Quotas setting with file reduction, 55-2
modifying, 44-22 described, C-13 Compact_Retry_Rename_Wait
Certifier IDs Cluster failover setting
migrating to CA process, 44-5 configuring for mail described, C-14
modifying, 44-21 routing, 28-40 Compacting
organization, 3-34 directory assistance and, 23-21 databases, 61-13, 61-16,
organizational unit, 3-35 Cluster Replicator 61-21 to 61-23
overview, 1-7 monitoring, C-86 Companies, external
recovering, 44-25 quotas and, C-13 communicating with, 39-27
CertifierIDFile setting Tell commands, A-51 Compound document format. See
described, C-12 Cluster_Replicators setting Notes rich text format
Change Control database described, C-13 Compressing
location, 54-34 Clusters attachments, 61-6
Change HTTP password in Domino Domino Off-Line Services network data, 2-42
Directory request, F-6 on, 3-12 performance and, 61-6
ChangeTo command Free Time database, 8-2 Concurrent retrievers
described, I-6 port setting, C-91 Server Web Navigator, 36-6
Channel encryption option removing servers, F-49 Concurrent transfer threads
directory assistance, 23-43 replication topology and, 4-8 maximum, 60-11
Character encoding workload balancing and, 60-4 Condensed Directory Catalogs
LDAP service, 20-32 client authentication and, 24-10
Index-5
described, 24-2 troubleshooting in TCP/IP, 63-64 Create_Replica_Access setting
full-text indexes, 24-25 Console described, C-17
multiple, 24-33 accessing from UNIX CRL. See Certificate revocation lists
performance settings for, 24-30 platforms, A-8 Cross-certificates, 39-29, 39-38
planning, 24-29 commands, 63-8, A-10, J-4 accessing servers with, 39-27
replicating, 24-32 displaying performance adding, 39-29, 39-33 to 39-34,
servers using, 24-5 events, C-97 39-36, 47-15
setting up, 24-34 to 24-35 monitoring events with, 52-22 creating, 39-29, 39-37 to 39-38
sorting, 24-29 password protecting, A-26, C-92 described, 39-27
Soundex and, 24-30 running server tasks, B-1 displaying, 39-38
Configuration Directories setting attributes, 52-21 examples, 39-27, 39-31
changing to primary, 19-6 XPC, C-121 in a hosted environment, 13-5
configuring remote primary Console command Internet, 39-28, 47-4
directory, 19-7 described, I-8 Person documents and, 39-37
described, 19-2 issuing remotely, J-4 S/MIME messages and, 39-27
directory assistance and, 23-26 Console_Log_Enabled setting Cross-domain administration
Extended Directory Catalogs described, C-15 requests
and, 19-4 Console_Log_Max_Kbytes setting described, F-70
managing, 19-5 described, C-16 Cross-domain Configuration
planning, 18-2, 19-4 Console_Loglevel setting document
showing remote primaries described, C-15 creating, 15-9 to 15-10
for, 19-9 Content categories replicas and, 7-9
Configuration document Domain Catalog, 10-21 Cross-domain processing
Cross-domain, 15-9 to 15-10 Content maps administration requests, 15-8
Configuration Settings document Domain Search and, 10-21 benefits of, 15-10
creating, 27-18 Controller setting up, 15-9
editing NOTES.INI file with, C-1 commands, A-3 CSRV50.NTF
host names, 27-49 described, 16-28 setting up, 46-3
LDAP settings, 20-9, 20-17 starting and stopping, 16-29 CTF setting
for SMTP mail routing, 27-38 Conversion described, C-18
Configuring between message formats, 27-1 Custom Welcome Page
activity logging, 57-12 IMAP mail files, 31-2 creating, 5-87
mail routing, 27-37 MIME messages, 28-122 Customer support
offline applications, 11-11 Convert task contacting, 63-4
Connect scripts. See Login scripts enabling mail files for Customized client installation, 5-47
Connection documents IMAP, 31-2, 31-30
described, 4-1 Corporate hierarchies
Internet servers, 4-22 categorizing users by, 19-14 D
LAN, 4-15 described, 19-13 Data
mail routing Corruption overwriting, 61-5
and, 26-20, 28-36, 28-50 database, 58-25 storing for a hosted
Network Dialup, 4-36, 4-46 Cost reset organization, 13-7
Notes Direct Dialup, 4-35 for connections, 28-39 Data directory
passthru server, 4-29 Country_Language setting certifier IDs and, 1-9
port order and, 2-40 described, C-16 for a hosted organization, 13-5
for replication, 7-20 CPU count value restricting access, 49-4
scheduling mail routing, 28-50 in Server document, F-64 Database access
troubleshooting, 63-39 Create IMAP delegation request, F-7 for SSL clients, 46-19
Connections Create Mail-in database request, F-7 troubleshooting, 63-17,
mail routing, 27-2 Create replica request, F-8 63-19 to 63-20
restricting SMTP inbound, 28-71 Create roaming user Database activity
routing cost and, 28-39, 28-53 administration request, F-9 monitoring, 58-11
SSL, 46-18 Create_File_Access setting reporting, 58-13
tracing, 63-37, 63-77, A-59 described, C-17 statistics, 58-12
Index-6
Database Administrator, 38-8 maintenance tasks, 58-1 replicating, 7-32, 58-6, I-19
Database analysis tasks, 48-1 replicating specific, 7-27
described, 58-37 tools, 58-4 replication history, 58-6
of replication events, 58-6 Database organization replication log, 58-8
running, 58-39 NOTES.INI settings, 49-6 rolling out, 48-1
troubleshooting with, 63-2 Database performance security, 40-19
Database cache improving, 60-9, 61-1, 61-3, 61-12 server crashes and, 63-99
disabling, 61-12, C-74 NOTES.INI settings, 61-29 Server Web Navigator, 36-16
monitoring, 61-10 troubleshooting, 63-16 setting up to receive mail, 48-5
overview, 61-9 Database quotas shortcut keys, H-4
performance and, 63-19 obeying for message signing, 48-7
size, C-74 delivery, 28-10 to 28-11 size, 58-12
Database catalogs setting, 61-24 size, controlling, 28-112, 61-1,
administering, 51-4 Database replicas 61-13, 61-23
assigning categories in, 51-6 creating, I-19 size, monitoring, 61-13
categories in, 10-10 described, 7-1 statistics, 58-11
creating, 51-5 Database view indexes synchronizing, 58-24
excluding databases from, 51-6 purging, 58-23 tools, 58-4
uses for, 51-4 Databases transaction logging, 58-25
Database creator access level privileges, 7-7 troubleshooting, 58-26,
access level, 40-3 access levels, 7-5 63-16, 63-84
Database design access problems, 63-17 updating, I-27
replicating, 63-86 adding documents, I-3, Databases, shared mail
tasks, 48-1 I-20 to I-21 using multiple, 29-2
Database event generator administration servers and, 40-24 Dates
creating, 52-5 analyzing, 58-37 on Web pages, 36-18
Database fields archiving, 58-37, 61-26, Daylight saving time settings
increasing number of, 61-29 Archiving Log, 61-27 described, C-29 to C-30
Database files backing up, 55-2 Dbcache flush
displaying, 58-2 categories in, 10-10 described, A-13
opening, 58-2 compacting, 61-13, 61-16, DbDelete command
Database format 61-21 to 61-23 described, I-8
determining, 61-17 controlling access to, 40-1 DBIID, 55-2
upgrading, 31-28 controlling creation of, 38-14 DDE_Timeout setting
Database instance ID copying to servers, 48-2, 48-4 described, C-18
overview, 55-2 corrupted, 58-25, 63-43 Dead mail
Database libraries creating, J-2 to J-3 described, 28-41, A-39
ACL, 51-1 deleting, 58-36, I-8 holding, 28-40
adding databases, 51-3 deleting documents from, I-9 releasing, 28-44
creating, 51-2 deleting inactive Debug_Outfile setting
defined, 51-1 documents, 61-25 described, C-18
deleting databases, 51-4 excluding from Domain Debug_SSL_Cert setting
local, 51-2 Index, 10-17 described, C-19
location, 51-1 file format of, 61-17 Decommission Server Analysis tool
Database links forcing replication, 7-33 running, 59-3
creating, 49-3 forcing SSL connections, 46-18 Default database security
creating on the Web, 34-27 indexing, 10-7, 50-1 to 50-2 Web Administrator, 16-19
deleting, 49-4 monitoring, 40-27, 58-1 Default Global Domain document
described, 49-2 moving, 54-32, 54-53, 54-62, designating a, 27-55, 27-57
managing, 32-7, 58-5 58-33, 58-35, F-36, F-39 Default group
Database maintenance organizing, 49-1 access level, 40-2
NOTES.INI settings, 58-41 performance problems, 58-11 Default subject
Database management pinning and extended ACL, 25-11
for mail journaling, 28-107 unpinning, 54-32, 54-45
Index-7
Default_Index_Lifetime_Days setting Domino domains, 1-5 restricting to one server, 24-15
described, C-19 Domino environment, 1-14 running, 24-47
Delay notifications guidepost, 1-1 Tell commands, A-53
generating for low-priority naming conventions, 1-12 troubleshooting, 63-25
mail, 28-30 server functions, 1-2 Dircat_Include_Readerslist_Notes
Delegate mail file on administration server names, 1-3 setting
server server services, 1-11 described, C-24
administration request, F-10 Depositor access Directories
Delete command actions, 40-14 Domino server, 3-2
described, I-9 privileges, 40-16 LDAP alternate languages
Delete database Design menu searches, 20-30
administration requests, F-10 hiding, C-71 search order of multiple, 18-15
Delete hosted organization Designer access troubleshooting, 63-21
administration requests, F-14 actions, 40-14 Directories, secondary
Delete Person administration privileges, 40-16 directory services for, 18-12
requests Designer task LDAP service, 18-3
described, F-78 updating databases with, 58-24 Directory assistance
Delete resource Desktop policy settings authenticating, 42-23
administration request, F-21 creating, 9-14 client authentication, 23-3
Delete Server administration Desktop setting compared to directory
requests described, C-20 catalogs, 18-14, 24-4
described, F-25, F-78 Destination servers concepts, 23-12
hierarchical server names, F-81 passthru, 4-28 Configuration Directories
Deletion stubs Dialog boxes and, 23-26
described, 63-90 shortcut keys, H-5 described, 23-1, 23-2
purging, 7-12 Dialup connections directory replicas, 23-36
Deletions described, 4-34 domain names, 23-18
replication and, 7-7 mail routing and, 27-59 examples, 23-51 to 23-53, 23-55
Deletions, soft number of modems for, 4-33 Extended Directory Catalogs
defined, 61-8 troubleshooting, 63-48 and, 23-22, 24-26
effect on quotas, 28-11 DIIOP server task failover, 23-20, 23-22
performance and, 61-8 starting, 34-10 group lookups for database
Delivery DIIOP_Debug_Invoke authorization, 23-6
configuring for mail, 28-8 described, C-22 LDAP directories, 23-5
Delivery controls DIIOPConfigUpdateInterval setting LDAP service and, 20-6, 23-17
setting, 28-9 described, C-21 monitoring, 23-60
Delivery Failure Reports DIIOPCookieCheckAddress setting naming rules, 23-12
troubleshooting, 63-36 described, C-21 Notes mail addressing and, 23-8
Delivery failures DIIOPCookieTimeout setting planning, 18-13
customizing message for, 28-46 described, C-22 preventing LDAP searches of
quotas and, 28-16 DIIOPDNSLookup setting primary Domino
Delivery status notification described, C-22 Directory, 23-27
enabling, 28-96, 28-103 to 28-104 DIIOPIgnorePortLimits setting primary Domino Directory
Delivery threads described, C-23 and, 23-26
setting maximum DIIOPIORHost setting remote primary directories
number, 28-9, 60-11 described, C-23 and, 19-7
Demand sets DIIOPLogLevel setting replicas, 23-20
and database moves, 54-55 described, C-24 search orders, 23-16
Deny_Access setting Dircat server services, 23-3
described, C-19 described, 24-14, 24-8 setting up, 23-29, 23-33, 23-37
Deny_Access_portname setting Dircat task setting up servers to use, 23-30
described, C-20 described, 24-8, 24-45 statistics, 23-60
Deployment pausing, 24-48 troubleshooting, 63-21, 63-40
certifier IDs, 1-7 planning, 24-14 updating name, F-60
Index-8
Directory assistance database selection formulas, 24-20 Disk I/O tuning
creating and replicating, 23-30 servers and, 24-4 performance, 60-15
number of, 23-29 setting up, 24-8, 24-34 to 24-35, Disk space
setting up servers to use, 23-30 24-41 to 24-42 displaying information on, 58-5
Directory Assistance documents sorting, 24-29 monitoring, 28-10
alias dereferencing, 23-48 Soundex and, 24-30 saving, 40-17 to 40-18
Channel encryption option, 23-43 troubleshooting, 63-25, 63-40 troubleshooting, 63-86
creating, 23-33, 23-37 Directory file name Disposition-Notification-To header
described, 23-2 setting, F-60 configuring for return
local directory replicas, 23-36 Directory folders receipts, 28-116
Notes distinguished name creating, 49-2 Distinguished names
attribute in, 23-49 deleting, 49-2 Domino Directory and, 18-8
password in, 23-44 Directory indexer Internet certificates, 45-2
search filters in, 23-46 described, 58-15 LDAP service
Directory Catalog Configuration Directory links and, 20-3, 20-25 to 20-26, 20-31
document creating, 49-3 DNS
additional fields to database corruption and, 2-9 defined, 2-11
include, 24-22 deleting, 49-4 described, 26-25
creating, 24-36, 24-43 described, 49-1 domains, 2-11
directories to include, 24-15 network security and, 2-9 examples of MX records, 26-27
documents to aggregate, 24-17 Directory Profile document mail routing and, 27-49
groups in, 24-19 described, 19-16 multiple domains, 2-16, 2-19, 2-22
performance settings, 24-30 directory catalogs name resolution in NRPC and,
Remove duplicate users, 24-18 and, 24-35, 24-42 2-11, 2-15 to 2-17, 2-19, 2-22
selection formula, 24-20 Directory searches outages in a hosted
sort order for, 24-29 order of, 18-15, 23-16 environment, 14-11
Soundex option, 24-30 Directory servers preventing problems with, 2-56
viewing, 24-48 described, 18-2 verifying connecting hosts
Directory Catalog Status Report Notes clients and, 19-15 in, 28-71
described, 24-49 Directory services verifying sending domain
Directory Cataloger. See Dircat task directory customization, 18-19 in, 28-90
Directory catalogs directory search DNS Blacklist filters, 28-86
client authentication order, 18-15 to 18-17 DNS lookups
and, 24-9, 24-11 international, 18-18 use in controlling inbound SMTP
compared to directory Notes client, 18-10 sessions, 28-71
assistance, 18-14 overview, 18-1 Document tables
controlling what secondary directories, 18-12 forms and, 61-4
aggregates, 24-16 terminology, 18-20 Documents
described, 24-1 Directory setting adding, I-20 to I-21
directories to include in, 24-15 described, C-25 archiving, 61-20
documents aggregated, 24-17 Directory tree archiving from server, 61-27
fields to include, 24-22 verifying for LDAP service, 20-4 archiving with
groups in, 24-19 Directory type agents, 61-27 to 61-28
improving performance storing in Server record, F-63 categorizing for Domain
of, 24-18, 24-20, 24-27, 24-30 Disable_Cluster_Replicator setting Search, 10-21
monitoring, 24-49 described, C-25 concurrent editing of, 58-8
multiple, 24-33 Disable_View_Rebuild_Opt setting Configuration Settings, 27-18
Notes mail encryption, 24-14 described, C-25 deleting, I-9
offline, 11-21 DisabledPorts setting deleting inactive, 61-25
offline applications and, 11-21 described, C-26 finding by Note ID, 63-20
planning, 18-12, 24-9, 24-26, 24-29 DisableLDAPOnAdmin setting Foreign domain, 27-30
removing duplicate users, 24-18 described, C-26 Foreign SMTP domain, 27-32
replicating, 24-32, 24-45 Disclaimers Global domain, 27-55
reports for, 24-49 adding to messages, 32-9 Non-adjacent domain, 27-26
Index-9
DOLS. See Domino Off-Line Domains remote console, A-5 to A-7
Services communication between, 39-27 Replicate command, A-18
Domain Catalog directory assistance, 23-18 Replication tab, 16-15
backing up, 10-18 DNS, 2-11 Route command, A-24
categories in, 10-10, 10-21 finding user names in, 5-85 running Server Setup program
creating, 10-6 mail routing with, 3-18
described, 10-5 and, 26-19, 26-21, 27-20 server list, 16-4
setting up, 10-2 multiple DNS, 2-16, 2-19, 2-22 Server tabs, 16-14
updating, F-65 planning, 1-5 setting local attributes, 52-21
views in, 10-6 restricting mail in, 28-36, 28-55 setting preferences, 16-5, 16-7 to
Domain Catalog server verifying in DNS, 28-90 16-9, 16-11
decommissioning, 59-12 Domains, external setting up, 16-2
Domain documents connecting to, 4-18 shortcut keys, H-3
adjacent domains, 27-23 DOMCFG.NSF, 34-48 Show Directory command, A-30
foreign domains, 27-30 creating, 34-49 Show Diskspace command, A-31
global, 27-55 Domino 5 certificate authority Show Port command, A-33
non-adjacent domains, 27-26 setting up, 45-1 Show Server command, A-36
using multiple Internet domain setting up SSL on the CA Show Stat command, A-37
names, 27-44 server, 45-5 Show Tasks command, A-39
Domain Index signing server certificates, 45-7 shutting down the server
adding databases, 10-7 Domino 5 IMAP Initialization from, A-14
adding file systems, 10-9 Workload script starting, 16-2
backing up, 10-18 sample, J-5 tabs, 16-13
creating, 10-14 Domino 5 IMAP Workload script Tell command, A-46
deleting databases, 10-17 sample, J-6 tools, 16-16
LDAP searches of, 20-36 Domino Administrator troubleshooting, 63-1
location, 10-17 Broadcast command, A-12 user interface, 16-3, 16-13
planning, 10-3 to 10-4 Configuration tab, 16-15 viewing hosted
size, 10-11 to 10-12 configuring mail routing, 27-18 organizations, 14-14
updating, 10-14 creating groups with, 6-2 viewing replication
Domain Indexer task creating replicas, 7-9 topology, 7-34
performance, 10-16 disk space information, 58-5 Web Administrator and, 16-23
setting up, 10-14 displaying directory Domino CA
Domain Search contents, 58-3 configuring application profile
described, 10-1 displaying files, 58-2 for, 45-4
Notes users and, 10-19 Domino Console, Domino creating, 45-2
NOTES.INI settings, 10-23 Controller and, 16-28 in a hosted
performance, 10-16 Drop command, A-14 environment, 12-4, 13-3
policy settings and, 10-19 entering server commands, A-1 server-based certification
security, 10-12 file information, 58-3 authority, 45-1
server requirements, 10-2 Files tab, 16-13, 58-2 Domino CA server
WANs and, 10-3 installing, 16-1 Domino 5, 45-1
Web clients and, 10-20 Load command, A-15 setting up, 45-1 to 45-2
Domain Search forms managing databases with, 58-4 Domino Change Control database
adding categories to, 10-10 managing files with, 58-2 ACLs for, 54-51 to 54-52
customizing, 10-18 managing folders with, 58-5 database moves, 54-56
Domain Search results Messaging tabs, 16-15 location, 54-34
access to, 10-12 monitoring events with, 52-22 Domino Change Manager
Domain Search server monitoring statistics with, 52-31 and database moves, 54-55
decommissioning, 59-12 overview, 16-1 and resource
Domain servers password protecting the balancing, 54-47 to 54-48
denying access, 38-7 console, A-26 maximum current tasks, 54-49
Domain setting People and Groups tab, 16-13 setting up, 54-48
described, C-27 quitting a task from, A-46 Tell ChangeMan command, 54-50
Index-10
Domino Character Console, A-8 server access and, 63-93 application design element, 37-15
Domino Configuration database server registration and, 3-29 overview, 37-1
creating, 34-49 setting access to, 19-9, 20-16, planning, 37-11
Domino Console 20-22 to 20-23 Domino server
starting and stopping, 16-30 setting up primary, 19-2 access, 38-2
Web Administrator and, 16-28 synchronizing with Active anonymous access for Notes
Domino Controller Directory, 17-38 users, 38-13
default TCP port, 2-56 tools for adding entries, 18-7 configuring for NDS, G-6
Domino Data folder tools for managing entries, 18-9 controlling browser client
displaying contents, 58-3 troubleshooting, 63-38 access, 38-22
managing files in, 58-2 updating, I-18 customizing access to, 38-7
Domino Directory upgrading to new default Indic language support, 3-17
ACL, 19-10 template, E-22 installing, 3-1, 3-3
adding Internet/intranet users views in access control lists, 38-4 monitoring databases for, 52-1
to, 42-3 Domino Directory template NDS objects, G-2
address lookup and, 27-47 copying, E-4 planning services and tasks, 1-11
administration server, 15-2 customizing, 18-19, E-22 setting console attributes, 52-21
Administrators field, 19-12 Domino domains Setup program, 3-8,
authenticating Web clients in Internet reply addresses, 27-54 3-17 to 3-18, 3-34
with, 42-23 mail routing and, 26-19 starting and shutting down, 3-46
changing passwords, F-6 planning, 1-5 Domino server event generator
changing type, 19-5 planning directory creating, 52-6
Configuration Settings architecture, 18-2, 19-4 Domino server monitor
document, 27-18 restricting mail, 28-36, 28-55 adding a task, 52-43
creating Internet Domino environment adding servers, 52-44
certificates, 47-10 building, 1-14 described, 52-40
creating subforms in, E-17 Domino LDAP Schema database. See profiles, 52-43, 52-44
cross-certificates, 39-27 Schema database starting, 52-41
customizing, E-1 to E-2, Domino Management Information using, 52-44
E-4 to E-5 Base (MIB) views, 52-41
deleting groups from, F-11 overview, 53-7 Domino SNMP Agent
deleting policy record from, F-20 using with SNMP, 53-21 architecture, 53-5
deleting servers from, F-25, F-78 Domino named network completing configuration
deleting users from, F-15 defined, 27-20 of, 53-18
described, 19-1 mail routing and, 26-19, 27-39 configuring for AIX, 53-12
distinguished names, 18-8 Domino Off-Line Services configuring for Linux, 53-13
domain documents, 27-23, 27-26 accessibility and, 11-23 configuring for Solaris, 53-14
global domain documents, 27-44 administrator tasks, 11-2 configuring for Windows, 53-11
in a hosted environment, 12-2 agents and, 11-19 configuring for zOS, 53-17
lookup command, I-17 creating a security policy, 11-7 manual start and stop, 53-20
mail routing and, 26-9 described, 11-1 overview, 53-1
mapping fields with Active in a hosted system requirements, 53-7
Directory, 17-31 environment, 12-4, 13-20 troubleshooting, 53-24
offline, 11-21 overview, 11-1 Domino statistics
offline use, 32-8 security, 11-10 Windows NT Performance
performance settings, 19-1, 60-9 setting up the server Monitor and, 17-23
replicating, 19-17 for, 3-11, 32-2 Domino system administration
restoring, 14-11 troubleshooting, 11-23 tasks, 48-1
restricting name Domino ORB Domino Web Engine
lookups, 27-47, 28-40 setting up, 34-26, 34-29, 34-31 configuring for Web Site
roles, 19-10 Domino Performance Zone documents, 34-23
scheduled replication and, 7-20 Web site for, 60-1 Domino Web server, 34-1
secondary, 15-7, 23-1, 23-3, 23-8, Domino security configuring, 34-12
23-10, 23-33, C-68 application, 37-14
Index-11
Internet port and protocol End-to-end topology
settings, 34-6, 34-8 to 34-9 E replication and, 4-8
log file, 56-8 to 56-10 ECL End-user installations
logging server requests, 56-8 administration, 41-6, 41-11 with Transform files, 5-50
logging to text files, 56-10 creating a workstation, 41-12 Entries command
running, 34-5 described, 41-1 described, I-10
search results, 34-26 guidelines for creating, 41-6 Error messages
security, 34-8, 34-9 Java applets and, 41-4 Administration
setting to work with other Web JavaScript and, 41-4 Process, 15-36, 63-8
servers, 35-1 security access options, 41-3 Agent Manager and agents, 63-13
setting up, 34-4 updating a workstation, 41-13 Domino Off-Line Services, 11-24
Domino Web server log file workstation security and, 41-3 IPX/SPX network, 63-73
setting up, 56-12 EditExpnumber setting mail, 28-46
troubleshooting with, 63-2 described, C-31 mail routing, 63-38
DominoNoBanner setting EditImpnumber setting meetings and resources, 63-45
described, C-27 described, C-32 modems and remote
DominoNoDirLinks setting Editing connections, 63-50
described, C-28 concurrent, 58-8, 63-91 network dialup
DominoR5IntlURLDecoding setting shortcut keys, H-6 to H-8 connections, 63-74
described, C-28 Editor access OS/2, 63-100
DominoXURLProcess setting actions, 40-14 partitioned servers, 63-78
described, C-28 privileges, 40-16 replication, 63-82
DOMLOG.NSF EDNI document server access, 63-91 to 63-93, 63-95
described, 56-8 creating, 4-18 server crashes, 63-98
viewing, 56-10 updating, F-65 TCP/IP, 63-57, 63-61
Downgrade user from roaming to Effective access Web Administrator, 63-108
non-roaming user, F-28 extended ACLs and, 25-30 Web Navigator, 63-107
Downloading files Effective policies Web server, 63-104
improving performance for Web described, 9-3 ErrorDelay command
clients, 34-56 determining, 9-36 described, I-10
Drop command viewing, 9-37 to 9-38 Escrow agent
described, A-13, I-9 EmptyTrash setting troubleshooting, 63-16
DSAPI described, C-32 ESMTP
values, 11-11 Enable_ACL_Files setting supporting inbound
DSN described, C-33 extensions, 28-96
enabling, 28-96, 28-103 to 28-104 EnableBiDiNotes setting supporting outbound
DST setting described, C-33 extensions, 28-103
described, C-29 Encrypted fields ETRN extension
DST_Begin_Date setting indexing, 50-2 enabling for inbound SMTP
described, C-30 Encryption, 43-1 connections, 27-61, 28-96
DST_End_Date setting certificates, 2-41 Event filters
described, C-30 defined, 43-4 creating, 52-19
DSTlaw setting dual Internet certificates viewing, 52-20
described, C-29 and, 47-17 Event generators
Duplicate names, 24-18 Internet transactions and, 40-31 creating, 52-13
during client authentication, 23-5 mail, 43-4, 43-7 database, 52-5
Duplicate Person documents mail journaling and, 28-111 defined, 52-3
directory catalogs and, 24-18 network data, 46-1 disabling, 52-12
Dynamic cost reset interval outbound mail routing, 24-14, Domino server, 52-6
resetting, 28-39 C-90, C-100 to C-101 mail routing, 33-3, 52-7
Dynamic lookup performance and, 43-4 statistic, 52-9
of host names, 27-49 SSL settings, C-108 task status, 52-10
EndCrit command TCP server, 52-11
described, I-10 viewing, 52-14
Index-12
Event handlers enabling, 25-23 in a hosted
creating, 52-13, 52-17, 52-23 Extended ACLs environment, 12-5
defined, 52-3, 52-14 activity log for, 25-31 External companies
disabling, 52-18 changing, 25-28 communicating with, 39-27
notification described, 25-1, 25-3 External Domain Network
methods, 52-15 to 52-16 directory, 18-7 Information document. See
viewing, 52-20 disabling, 25-31 EDNI document
Event messages effective access and, 25-30 External Internet mail
viewing, 52-20 enabling, 25-23 preventing relaying, 28-75
Event Monitor server task examples of, 25-19 External servers
overview, 52-1, 52-3 Extended Directory Catalogs access levels for, 7-7
Event task and, 24-7 ExtMgr_AddIns setting
monitoring replication, 63-80 in a hosted environment, 13-6 described, C-34
Events LDAP and, 20-20, 25-6
filtering, 52-19 other database security and, 25-2
from SNMP traps, 53-4 planning, 25-22 F
logging, 52-21 privileges for, 25-2 to 25-3, 25-5 Failover
monitoring, 52-2, 52-22 restoring, 14-11 directory assistance, 23-20, 23-22
notification methods, 52-15 schema database and, 25-7 for mail routing, 28-40
severity levels, 52-4 setting up, 25-22, 25-24 Fault recovery, 55-10
types of, 52-16 subjects in, 25-9, 25-17 cleanup script, 55-11
viewing, 52-20 target scope, 25-14, 25-17 enabling, 55-11
Examples targets in, 25-12 to 25-13 operating systems and, 55-10
directory assistance, 23-51 to troubleshooting, 25-30, 63-34 Fields
23-53, 23-55 Extended administration servers customizing in Domino
extended ACL, 25-19 removing, 15-34 Directory, E-2
Extended Directory setting up, 15-33 directory catalogs and, 24-22
Catalogs, 23-53, 23-55 Extended Directory Catalogs LDAP attributes and, 21-4
LDAP service write benefits of, 24-5 Fields, database
operations, 20-26 central directory architecture increasing number of, 61-29
ldapsearch utility, 22-6 and, 19-4 performance and, 61-6
registering a hosted client authentication File format
organization, 13-8 and, 23-3, 24-10 database, 61-17
replication, 7-19 directory assistance and, 23-6, mail, 31-28
xSP server in a hosted 23-8, 23-22, 23-33, 24-26 File names
environment, 12-16 examples, 23-53, 23-55 key ring, 45-2
Execution Control List. See ECL full-text indexes, 24-26 File protection, 34-42
Execution Security Alert dialog groups for database File Protection documents, 34-41
box, 41-2 authorization, 24-27 described, 34-44
trusting signatures, 41-2, 41-13 integrated into primary example, 34-42
Exit command directory, 24-28 File systems
described, A-14 LDAP service, 23-10 searching, 10-9
Expired certificates multiple, 24-33 FileDlgDirectory setting
renewing, 46-21 native documents, 24-7 described, C-34
Explicit policies planning, 24-26 Files
adding, 9-40 replicating, 24-45 compressing when uploading to
assigning, 9-40 setting up, 24-41 to 24-42 Web, 34-29
changing, 9-40 size of, 24-26 displaying, 58-2
described, 9-2 Extended key usage displaying information
removing, 9-40 public keys, 44-13 about, 58-3
Extended accelerator keys. See Extension manager downloading from Web
Shortcut keys Administration Process server, 34-56
Extended access and, 15-30 managing, 58-2
disabling, 25-31 preferences, 16-7
Index-13
protecting from Web customizing in Domino
access, 34-41, 34-44 Directory, E-2 G
replicating specific, 7-27 HTML, 36-5 Gateways
Files/Directories to Replicate performance and, 61-3 routing mail to, 27-30
field, 7-27 Forwarding address GetAll command
Filtering in Person document, 27-42 described, I-12
message, 28-20 Forwarding rules GIF files
Find name in domain request, F-29 enabling and disabling support Web server and, 34-24
FindbyKey command for, 28-9 Global Domain documents
described, I-11 FQDN default, 27-55
FindByName command as server’s common name, 2-19 in a hosted organization, 13-5
described, I-12 specifying in Connection LDAP service and, 20-5
Finger Internet service document, 2-17 Global domains
controlling access to, 36-7 specifying in Server configuring, 27-44
Firewalls document, 2-16, 2-22 defining multiple, 27-55
troubleshooting, 63-105 Frame types Global Web settings document, 34-40
using a relay host, 27-58 IPX, 63-70 creating, 13-21, 34-40
Fixup task TCP/IP, 63-68 described, 13-19, 34-34
BRP files, C-115 Free Time database editing, 13-22
options, 58-28 described, 8-1 Gopher Internet service
running, 58-26, 58-30 troubleshooting, 63-45 controlling access to, 36-7
transaction logging and, 55-2 Free-time lookups, 8-5 Graphics
troubleshooting and, 63-99 in non-adjacent domains, 8-6 Web server format, 34-24
use in preparing mail files for FT_DOMAIN_DIRECTORY_NAME Group documents
IMAP use, 31-29 setting editing, 6-10
Fixup_Tasks setting described, C-35 object classes for, 21-5
described, C-34 FT_DOMAIN_IDXTHDS setting Group members
Flat names described, C-35 registering in Notes, 17-18
converting to FT_Index_Attachments setting Group names
hierarchical, 5-67, F-68, F-84 described, C-36 finding, 6-15, F-29
Folder prefixes FT_Intl_Setting setting in Internet message
IMAP, 31-15, 31-17 described, C-36 headers, 28-131
Folders FT_Max_Search_Results setting Groups
creating, 40-17, 49-2 described, C-36 adding and deleting
deleting, 49-2 FT_No_Compwintitle setting members, 6-6
managing, 58-5 described, C-37 adding to Notes, 17-20
Fonts FT_Summ_Default_Language setting Administrator, 13-7
mapping, C-117 described, C-38 assigning a policy to, 6-9
Windows system, C-121 FTG_No_Summary setting creating and modifying, 6-2
Foreign domains described, C-37 creating with Domino
configuring, 27-30 Full-text indexes Administrator, 6-2
scheduling and, 8-6 creating, 50-2 creating with Web
Foreign SMTP domain documents deleting, 50-7 Administrator, 6-4
creating, 27-32 described, 50-1 database authorization, 18-16,
Internet mail configuration directory catalogs and, 24-7, 24-25 23-6, 24-27
and, 27-58 disabling, C-115 deleting, 6-14, 17-42
Format preference for incoming mail Domain Search and, 10-2 Deny List Only, 6-8
setting for IMAP LDAP service and, 20-15 described, 6-1
users, 31-3, 31-23, 31-35 security and, 50-2 directory catalogs and, 24-19 to
setting for POP3 users, 30-7 size, 50-3 24-20, 24-35, 24-42
Forms updating, 50-3, 50-5 to 50-6 editing, 6-10
and document tables, 61-4 finding members, 6-18
and object classes, 21-3 mail, 28-32
managing, 6-8, 6-16
Index-14
registering, 17-39 specifying in Server passthru, 34-2
renaming, 6-10, 17-41, F-50 document, 2-16, 2-22 HTML login form
renaming immediately Hosted environments customizing, 42-10
throughout domain, 6-13 Domino features in, 12-4 HTML preferences
troubleshooting, 63-20 example, 12-16 in Server Web Navigator, 36-12
Windows NT, 17-16 server options, 12-2 HTTP
Hosted organizations activity logging, 57-4
access to Web sites, 14-12 HTTP proxy
H anonymous access to connecting Server Web Navigator
Headers databases, 14-4 through, 36-3
resent, 28-131 deleting, 14-3, F-14 HTTP server task
Headline monitoring disabling services, 14-4 running, 34-5
controlling, 38-16 distribution of data, 12-9 HTTP servers
performance and, 61-6 Internet Site documents Domino working with the IBM
Health reports for, 13-18, 13-20 HTTP Server, 35-2
for servers, 54-11 to 54-12, loopback addresses, 13-17 setup mode setting, C-99
54-14 to 54-15 mail addressing to, 14-16 HTTP service
for servers, purging, 54-12 maintaining, 14-1 binding to an IP address, 2-49
Health_Report_Purge_After_N_Days managing users, 14-14 controlling access to, 36-7
setting managing users and in a hosted environment, 12-13
described, C-38 groups, 14-16 HTTP sessions
Help moving to other servers, 14-5 tracking, 34-13
customer support, 63-4 on multiple servers, 14-2 HTTPEnableConnectorHeaders
Help command policies for, 9-7, 13-4 setting
described, A-15, I-12 registering, 13-5, 13-8, 13-11 described, C-39
Hierarchical IDs registration, F-48 HTTPLogUnauthorized setting
cross-certification by phone, 39-33 removing from an additional described, C-39
cross-certification through Notes server, 14-10 HTTPS
mail, 39-36 security and, 12-3 controlling access to, 36-7
cross-certification through postal server crash recovery in, 14-11 SSL and, 46-18
service, 39-34 server environments for, 12-1 Hub-and-spoke topology
Hierarchical names setting up Domino Certificate example of, 4-10
converting flat names Authority for, 13-3 limitations of, 4-8
to, 59-10, F-84 setup checklist, 13-3 replication and, 4-6
creating scheme for, 1-3 using the Resource Reservations Hunt group connection document
deleting servers with, F-81 database, 14-12 creating, 4-31
Domino Directory and, 18-8 using the Web Hunt groups
server registration and, 3-29 Administrator, 14-15 described, 4-23, 4-31
Hierarchical organizations viewing, 14-14
certification and, 39-27 viewing Web Site and Internet
communication between, 39-27 Site documents, 13-20 I
Holding undeliverable mail Web Site documents for, 13-18, IBM HTTP Server
in MAIL.BOX, 28-40 13-20 to 13-21 setting Domino to work with,
Holiday documents HostedOrganizationAdmin 35-2
creating, 8-17 group, 13-7 IBM Office Vision
modifying, 8-20 Hosting scheduling and, 8-6
Home pages Java applets, 34-10 IBM Tivoli Analyzer
for virtual servers, 3-42 Hosts files Activity Trends, 54-17
Web server, 63-106 system settings for, 2-13 installing, 54-6
Host names HP OpenView overview, 54-1
DNS and, 26-25 and SNMP traps, 53-21 ICL. See Issued Certificate Lists
mail routing and, 26-12, 27-49 HTML ICMNotesPort setting
restricting inbound connections displaying source for Server Web described, C-40
by, 28-71 Navigator, 36-13
Index-15
Icons ImailOpenMailbox command IMAP_Convert_Nodisable_Folder_
Administration Requests described, I-15 Refs setting
database, 15-23 ImailPostMessage command described, C-41
ID recovery described, I-15 IMAP_Session_Timeout setting
administration request, F-30 ImailSetSeen command described, C-43
ID table described, I-16 IMAPDisableFTIImmedUpdate
Note IDs, I-12 IMAP setting
Idle Workload script activity logging, 57-4 described, C-42
described, 62-14 IMAP attributes IMAPDisableMsgCache setting
running, 62-14 adding to IMAP-enabled mail described, C-42
sample, J-4 files, 31-3 IMAPGreeting setting
IDs IMAP delegation described, C-42
defined, 39-1 administration request, F-7 IMAPNotesPort setting
displaying certificates, 39-3 IMAP Initialization Workload script described, C-43
IMAP users and, 31-23 sample, J-5 IMAPRedirectSSLGreeting setting
multiple-password, 39-6 IMAP protocol described, C-43
password protection, 39-4 Domino mail server IMAPShowIdleStatus setting
passwords for, 39-13 and, 26-5, 31-1 described, C-44
recovering, 39-14, in a hosted environment, 12-13 IMAPSSLGreeting setting
39-17 to 39-18, 39-20 IMAP public folders described, C-44
security and, 37-16 designating, 31-15 Inactive documents
server, recertifying, 59-9 IMAP service deleting, 61-25
IDs, certifier, 1-7, 3-34 to 3-35 and shared mail files, 31-12 Inbound connections
Ignore message priority authenticating options, 31-5 restricting for SMTP, 28-71, 28-86
setting for mail routing, 28-39 binding to an IP address, 2-47 Inbound mail routing
IIOP changing default port restricting, 28-70, 28-75, 28-90
in a hosted environment, 12-13 information for, 31-6 Inbound relay controls
setting up, 34-10 configuring internal thread enforcement of, 28-81
Image display use, 31-19 and message transfer, 28-85
performance and, 61-3 customizing, 31-5 Inbox folder
Web server and, 34-24 greetings, 31-21 adding documents to, J-2
ImailCheckForNewMail command limiting sessions, 31-9 Incoming Mail Sound setting
described, I-13 logging in to server, I-15 described, C-44
ImailCloseMailbox command logging out of server, I-15 Index command
described, I-13 mail commands, I-13 to I-16 described, I-16
IMAILExactSize setting NAMESPACE Index entries
described, C-40 command, 31-12 to 31-13 searching, I-11 to I-12
ImailFetchEntry command setting up, 31-4 Index, Domain. See Domain Index
described, I-13 starting, 31-5 Indexes
ImailFetchOld command time-out setting, 60-12 creating, 50-2
described, I-14 IMAP users deleting, 50-7, 58-23
ImailGetLastEntries command allowing SMTP relays from, 28-82 described, 50-1
described, I-14 creating mail files for, 31-26 Domain Search and, 10-2, 48-7
ImailGetNewMail command enabling mail files for, 31-2, 31-10, encrypted fields, 50-2
described, I-14 31-27, 31-30 replicating, 50-1
ImailHelp command setting acceptable login names security and, 50-2
described, I-14 for, 31-24 size, 50-3
ImailListMailboxes command setting up, 31-22 troubleshooting and, 63-99
described, I-14 setting up Person documents updating, 50-3, 50-5 to 50-6, 58-14
ImailLogin command for, 31-23 Indic languages
described, I-15 IMAP_Config_Update_Interval support for, 3-17
ImailLogout command setting INET_Authenticate_with_Secondary
described, I-15 described, C-40 setting
described, C-45
Index-16
Informational logging, 28-7 cross-certification, 39-37 binding to IP addresses, 2-47
iNotes Web Access enforcing encrypted controlling access to, 36-7
active content filtering for, 32-8 transactions, 40-31 default TCP ports, 2-56
adding disclaimers, 32-9 name-and-password proxies for, 2-7
alternate name support in, 32-10 authentication, 42-1, 42-6 Internet Site documents
configuring, 32-4 security, 38-2, 38-4 configuring for hosted
creating a portal for, 32-3 Internet address organization, 3-40, 13-20
customizing, 32-4, 32-7 to 32-9 changing, 5-73 creating, 3-40
overview, 32-1 Internet addresses and DNS outages, 14-11
registering users, 32-2 to 32-3 adding sender’s in outbound in a hosted environment, 13-18
Sametime and, 3-14 mail, 27-50 IMAP configuration
setting up a server for, 3-13 formats for, 28-134 and, 28-60, 31-6
Install directories LDAP service and, 20-5 overview, 3-37
customizing location of, 5-49 outbound mail, 27-54 POP3 configuration and, 30-3
Installation as reply addresses, 27-52 SMTP configuration and, 28-59
automating client, 5-45 Internet addresses, inbound Internet users
batch file, 5-46 looking up in the Domino renaming, 5-66
client, 5-41 Directory, 27-47 InterNotes server
command line, 5-47 Internet certificates described, 36-1
customizing client, 5-47 adding, F-4 saving HTML source, 36-13
End-user with Transform adding to Domino Directory, 47-7 setting up, 36-2
files, 5-50 creating, 47-14 Intranets
interactive mode, 3-5 creating with Domino name-and-password
multi-user client, 5-46 Directory, 47-10 authentication, 42-1
by scriptable setup, 5-52 deleting, 47-12 Invitations
script mode, 3-7 dual, 47-17 responding to, I-24
setting to multi-user by in a hosted environment, 12-4 IP address configurations
default, 5-49 signing, 47-7 in a hosted environment, 12-5
setting up, 5-42 SSL and S/MIME, 47-5 IP addresses
shared network directory, 5-43 Internet clients binding ports to, 2-46 to 2-47
silent, 3-7 name variations accepted for binding to xSP servers, 13-16
single user, 5-43 login, 31-24 DNS and, 26-25
on UNIX systems, 3-4 Internet cross-certificates multiple, 2-19, 2-22
on Windows systems, 3-3 creating, 47-4 partitioned servers
Installation options described, 39-28 and, 2-21, 2-50
using Transform files, 5-49 Internet domains resolving, 12-14
InstallShield Tuner for Lotus primary vs. aliases, 27-55 restricting inbound connections
Notes, 5-47 Internet mail, 27-38 by, 28-71
InstallType setting restricting inbound, 28-90 using in Connection
described, C-45 restricting documents, 2-18
Interlaced rendering outbound, 28-98 to 28-99 using in Server documents, 2-12
Web images and, 34-24 restricting relays, 28-75 IP names
International characters restricting who can receive, 28-92 specifying in Server
LDAP service and, 20-32 routing, 26-23, 27-6, 27-34, document, 2-16, 2-22
International settings 27-37 to 27-38, 36-9 IPv6 standard
specifying for Web, 34-31 troubleshooting, 63-107 described, 2-25
Internet Internet passwords, 42-24 enabling support for, 2-45, C-110
anonymous security and, 42-24 IPX/SPX
access, 42-25 to 42-26 user registration and, 42-3 assigning sockets, 2-62, C-70
connecting Server Web Navigator Web Administrator, 16-19 frame types, 63-70
through, 36-3 Internet protocols integrating Domino
connecting to, 4-21 to 4-22, 4-40 setting up passwords for, 42-3 with, 2-29, G-1
creating a key ring and certificate Internet services name resolution in, 2-30, 63-72
request, 45-2 accessing, 36-7
Index-17
Notes port for, 2-34 to 2-36, retrieving journaled LANs
2-38 to 2-42, 2-61 messages, 28-113 connecting servers on, 4-15
NOTES.INI settings, 2-64 setting up, 28-106 integrating Domino with, 2-2
security, 2-9 JPEG files network compression and, 2-42
setting up servers on, 2-32, 2-61 Web server and, 34-24 setting up servers on, 2-32
Token-Ring and, 63-71 troubleshooting, 63-55
troubleshooting, 63-70 LDAP accounts
ISpy database K compared to directory
creating mail-in database record Keep alive headers assistance, 23-9
for, F-7 sending to Web server, 34-53 planning, 18-5
ISpy task Key ring files LDAP activity logging
mail routing event generator changing the password for, 46-22 information logged, 57-4
and, 52-7 creating a test version, 46-22 limiting information
starting and stopping, 52-13 creating for internal CA, 45-2 logged, 57-13
TCP server event generators displaying, 45-7 LDAP directories
and, 52-11 entering for server, 46-15 alias dereferencing and, 23-48
troubleshooting with, 63-2 exporting, 45-7 authenticating SSL clients, 46-25
Issued Certificate Lists merging a certificate from an authenticating Web clients
described, 44-2 external CA, 46-9 with, 42-23
merging server certificates authenticating Web users
into, 46-12 with, 40-7
J naming, 45-2 connecting using SSL, 47-23
Java agents viewing certificates, 46-20 described, 23-1
restricting, 40-18 Key usage extensions directory assistance, 23-3, 23-6,
Java applets public keys, 44-12 23-9, 23-11, 23-37, 23-43
hosting, 34-10 Keyboard shortcuts. See Shortcut failover, 23-22
on Web server, 34-2 keys LDAP service referrals to, 20-33
Java servlets KeyFileName setting lookup command, I-17
managing, 34-13 described, C-49 Notes distinguished names
JavaEnableJIT setting Keys in, 23-49
described, C-46 private, 43-1 search filters and, 23-46
JavaJITName setting public, 43-1 server passwords for
described, C-46 KitType setting connecting, 23-44
JavaMaxHeapSize setting described, C-50 LDAP features
described, C-46 overview, 18-3
JavaMinHeapSize setting
described, C-47 L LDAP migration tool, 20-2
LDAP operations
JavaNoAsyncGC setting LAN Connection document extended ACLs and, 25-6
described, C-47 creating, 4-15 LDAP schema
JavaNoClassGC setting LANA numbers
checking, 21-18 to 21-19
described, C-47 NetBIOS ports and, 2-58 described, 21-1
JavaScript Language codes Domino, 21-2
on Web server, 34-2 specifying for a character set
Domino LDAP Schema
JavaStackSize setting group, 28-120 database, 63-34
described, C-48 Language groups extending, 18-19, 21-10, 21-16 to
JavaUserClasses setting configuring font options
21-17, E-3, E-7 to E-9,
described, C-48 for, 28-126 E-16 to E-17, E-20
JavaVerbose setting Languages retrieving, 21-20
described, C-48 choosing default for Web, 34-31
root DSE searches, 21-20
JavaVerboseGC setting Domain Search and, 10-1 viewing, 21-9
described, C-49 LDAP service tags, 20-29 LDAP service
Journaling LANnumber setting
anonymous search
mail, 28-105 described, C-50 access, 20-16 to 20-17, 20-20
methods, 28-109 binding to an IP address, 2-47
Index-18
client setup, 20-34 LDAPBatchAdds setting LocalDomainServers group
condensed Directory Catalogs described, C-51 access level, 7-6, 40-3
and, 20-6 LDAPConfigUpdateInterval setting described, 6-1
configuration, 20-9, 20-37 described, C-51 directory catalogs and, 24-20
described, 20-1 to 20-2 LDAPGroupMembership setting Location documents
directory assistance and, 20-6, described, C-52 Internet addresses in, 27-53
23-10 to 23-11, 23-17 to 23-18 LDAPLookup command Location setting
directory search order, 18-16 described, I-17 described, C-54
directory tree verification, 20-4 LDAPNotesPort setting Log file
disabling, 20-8 described, C-53 accessing, 56-5
distinguished names LDAPPre55Outlook setting activity logging
and, 20-3 described, C-54 information, 57-1, 57-13
Domain Index searches, 20-36 ldapsearch utility Agent Manager and agents, 63-12
Extended Directory Catalogs described, 22-1 analyzing, 56-5
and, 20-6 examples, 22-6 compacting, 56-1
full-text indexes and, 20-15 operational attributes and, 22-5 Domino server, 56-1
in a hosted environment, 12-13 parameters, 22-2 Domino Web server, 56-12
Internet address planning, 18-6 extended ACL, 25-31
formation, 20-5 search filter operators, 22-5 logging modem I/O in, 63-48
Internet Draft supported, 20-42 search filters, 22-4 NOTES.INI settings, 56-2
language tags, 20-29 ldapsearch.exe NSD, 63-96, 63-101
monitoring, 20-37 retrieving schema with, 21-20 passthru connections and, 63-79
name and password Leased-line connections replication events, 58-8
authentication failure, 63-31 connecting to the Internet by, 4-21 replication views, 63-80
name-and-password Librarians Results database, 56-5
security, 20-31 assigning, 51-3 Schedule Manager errors in, 63-47
NOTES.INI settings, 20-41 database libraries, 51-2 searching, 56-5
performance settings, 20-28 Libraries. See Database libraries selecting level of
planning, 18-4 License tracking logging, 28-7, 56-3
ports and port security, 20-12 described, 5-85 troubleshooting with, 63-2
preventing use of primary License tracking information using commands to record
Domino Directory, 23-27 updating in Domino information, 56-3
referrals, 20-33 Directory, F-65 viewing the Domino server, 56-3
RFCs supported, 20-42 Linux Log filters
schema daemon, 21-5, configuring partitioned for events, 52-15
C-88 to C-89 servers, 2-50 Log setting
schema database, 21-7 configuring SNMP Agent described, C-55
search, 20-28 for, 53-13 for log file size, 56-1
secondary directories, 18-4 Listener task LOG.NSF, 28-7
setting up, 20-7 Server document, 27-41 introduced, 56-1
starting and stopping, 20-8 SMTP, 27-41 monitoring servers and, 52-3
statistics, 20-38 Live console Log_AgentManager setting
Tell commands, A-53 Web Administrator and, 16-26 described, C-55
time-out setting, 20-28 LNSNMP service Log_Authentication setting
troubleshooting, 63-31 removing, 53-11 described, C-56
Unicode and, 20-3 LNSNMP.INI file Log_Connections setting
UTF-8 encoding, 20-32 configuring, 53-9 described, C-57
write operations, 20-22 to 20-23, Load command Log_Console setting
20-25 to 20-26 described, A-15 described, C-57
LDAP_MailOnlyGroupOption Load server command Log_DirCat setting
setting running server tasks, B-1 described, C-58
LDAPGroupMembership troubleshooting, 63-91 Log_Replication setting
setting, C-53 LocalDomainAdmins group described, C-59
described, 6-2 troubleshooting and, 63-80
Index-19
Log_Sessions setting held, 28-16 Mail file size
described, C-59 limiting the size of calculating, 28-14
Log_Tasks setting messages, 28-28 Mail files
described, C-60 pending, 28-16 converting for IMAP, 31-2, 31-10,
Log_Update setting polling, I-19 31-29 to 31-30
described, C-60 restricting, 28-70, 28-90 creating, J-4, , 31-26
Log_View_Events setting routing from Web page, 36-9 delegating access
described, C-61 security, 29-4 to, F-9 to F-10, 31-13
LogFile_Dir setting shortcut keys, H-7 to H-8 deleting during Delete user, 5-73
described, C-58 signing, 43-9, 43-11, C-90 encrypting, 31-24, 43-8
Logging tracing connections, 63-37 for hosted organizations, 13-5
configuring for Domino Web virus protection, C-71 initializing, J-4
server, 56-12 Mail activity logging move request, F-31
to the console, 52-21 information logged, 57-6 moving, 5-77, 29-21
informational, 28-7 Mail addresses overview, 26-12
internal server errors, 56-10 formats for Internet, 28-134 POP3 user and, 30-10
phone calls, C-76 Mail addressing quotas, 28-10 to 28-11, 28-15 to
replication, 63-80 directory assistance and, 23-8 28-16, 28-28
Web server requests, 56-8 directory catalogs and, 24-4, 24-29 replication and shared mail, 29-19
Logging level domain names and, 63-40 shared, 31-13
selecting, 28-7 format for sending to another troubleshooting, 63-36
Login names Domino domain, 26-21 Mail files, storage format, 26-13
authentication for Internet and groups, 28-32 setting for IMAP users, 31-3,
clients, 31-24 for hosted environments, 14-16 31-23, 31-35
Login scripts Mobile Directory Catalogs setting for POP3 users, 30-7
editing, 4-51 and, 24-3 Mail journaling
making a call with, 4-50 type-ahead, 28-6 defined, 28-105
Lookup command Mail agents retrieving journaled
described, I-17 controlling, 28-9 messages, 28-113
Loopback addresses Mail clients specifying messages to
creating, 13-17 POP3, 30-11 journal, 28-113
Lotus NDS Manager supported, 26-15 Mail Journaling database
administering Windows clients Mail connections managing, 28-109
with, G-3 routing and, 27-2 setting up, 28-106
for IPX/SPX setup, G-1 Mail conversion utility Mail menu
Lotus Organizer enabling mail files for IMAP, 31-2 hiding, C-72
scheduling and, 8-6 Mail databases Mail Notification Agent, 5-57
Lotus Support Services archive criteria, 9-28 Mail priority level, 28-27
contacting, 63-4 archive log, 9-24 disregarding during
Web site, 63-4 archiving, 9-22, 9-25 routing, 28-39
LotusScript agents IMAP service and, 31-2 Mail protocols
restricting, 40-18 moving, 54-53 in a hosted environment, 12-13
Low-priority mail overview, 26-12 supported, 26-2
generating delay notifications sharing IMAP, 31-13 Mail recipients
for, 28-30 Mail delivery looking up in the Domino
LSCHEMA.LDIF configuring, 28-8 Directory, 27-47
described, 21-2, 21-5 shared mail and, 29-8 restricting, 28-92
Mail encryption administration Mail relays
M request, F-31 and outbound mail routing, 27-33
Mail Mail file quotas restricting, 28-75
blocking, 28-20 enforcing, 28-14, 28-28 Mail reports
encrypting, 28-9, 43-4, 43-7, 47-13,
shared mail and, 29-4 generating, 33-12
47-15, C-90 soft deletions and, 28-14 setting up a Reports
error messages, 28-46 database, 33-4
Index-20
troubleshooting with, 63-2 using a firewall, 27-58 MAIL6EX.NTF
Mail routing using a smart host, 27-43 using, 32-11
configuring, 27-37 using multiple Internet domain Mailboxes
configuring delivery, 28-8 names, 27-44 setting number of, 60-12
connection costs and, 28-53 using multiple mailboxes, 28-4 setting up multiple, 28-3 to 28-4
controlling message workstation setup, 63-42 MailCharSet setting
transfer, 28-26 Mail routing event generators described, C-61
customizing Notes routing, 28-50 creating, 52-7 MailCompactDisabled setting
described, 26-1, 26-8 Mail rules described, C-63
DNS and, 26-25 forwarding, 28-9 MailCompactHour setting
domain documents journaling, 28-113 described, C-63
and, 27-23, 27-26 reloading, 28-21 MailConvertMIMEonTransfer setting
Domino Directory and, 26-9 setting server, 28-20 described, C-63
examples, 27-9 Mail servers Mail-in Database document
forwarding addresses, 27-42 described, 26-1, 26-5 creating, 48-5
improving Mail storage statistics, 52-35
performance, 28-2 to 28-3 formats, 26-13 Mail-in statistics
IP addresses and, 26-10, 26-12 Mail templates using, 52-35
in local Internet MAIL6EX.NTF, 32-11 MailServer setting
domain, 27-4, 27-39 Mail trace described, C-64
logging and, 28-7 troubleshooting with, 63-2 MailSystem setting
mail clients and, 27-3 Mail tracking described, C-65
for mail outside the local Internet configuring servers for, 33-8 MailTimeout setting, 28-37
domain, 27-6, 27-38, 28-85 from the Domino described, C-66
MAIL.BOX databases Administrator, 33-10 MailTimeoutMinutes setting
and, 28-3 to 28-4 overview, 33-1 described, C-66
message priority and, 28-27 troubleshooting with, 63-2 Mailto
Notes protocols and, 26-17, 26-19 Mail Tracking Collector task setting up, 36-9
to 27-20, 28-36 controlling, 33-5 Maintain Trends database record
obeying database quotas, 28-11 Mail usage reports request, F-30
over dialup connections, 27-59 described, 33-2 Manage Groups tool
over SMTP, 26-23, 27-32, 27-34, generating, 33-12 using, 6-16
27-37, 28-57 viewing, 33-16 Manager access
relay hosts and, 27-33 Mail, dead actions, 40-14
requirements, 28-2 described, 28-41, A-39 privileges, 40-16
resolving addresses, 27-42 Mail, undeliverable Map_Retry_Delay setting
restricting for Notes, 27-28, releasing from server, A-39 described, C-66
27-31, 28-55 returning, 28-37 Maps
restricting inbound Internet MAIL.BOX databases replication topology, 7-34
mail, 28-71, 28-90 compacting, 63-43 Master Address Book. See Directory
restricting inbound mail, 28-70 corrupt, 63-43 assistance
restricting inbound relays, 28-75 described, 27-1 Maximum concurrent transfer
restricting message size, 28-28 setting up multiple, 28-3 to 28-4 threads
restricting outbound messages, troubleshooting with, 63-2 setting, 28-33
28-98 to 28-99 undeliverable mail, 28-41 Maximum delivery threads, 28-9
restricting recipients, 28-92 Mail/ID registration options Maximum hops
Route command, A-24 Windows NT and Notes, 17-11 setting, 28-33
routing table and, 26-10 Mail_Disable_Implicit_Sender_Key Maximum message size
scheduling Notes routing, 28-50 setting setting, 28-28
SMTP, 27-41 described, C-64 Maximum transfer threads
SMTP protocol and, 26-21 Mail_Log_To_MiscEvents setting setting, 28-33, 60-11
stopping, 27-5 described, C-64 Maximum Transmission Unit.
topology, 27-2 Mail_Skip_NoKey_Dialog setting See MTU setting
troubleshooting, 63-36 described, C-65
Index-21
Meetings synchronizing with Domino database size, 61-13
troubleshooting, 63-45 Directory, 17-25, 17-38 events, 52-22, 52-24
Memory Microsoft IIS events and statistics, 52-2
displaying, A-32 setting Domino to work headline, 38-16
Memory requirements with, 35-3 mail, 26-17
for servers, 60-3 Microsoft Management Console overview, 52-1
Memory_Quota setting Notes registration and, 17-29 performance, 52-36
described, C-67 MIME messages server activity, 54-17
Message caching 8-bit and ESMTP, 28-96, server connections, 52-6
disabling, C-73 28-103 to 28-104 server tasks for, 52-1
Message conversion converting, 28-122 Server.Load metrics, 62-10
mail routing and, 27-1 converting addresses in, 27-50 setting preferences for, 16-8, 52-25
Message delivery converting to Notes format, 27-1 statistics, 52-9, 52-31
configuring, 28-8, 60-11 Domino mail server and, 26-3 threshold values, in Server Health
Message filtering encrypting, C-100, C-101 Monitor, 54-10
using mail rules for, 28-20 setting character set options tools, 52-1 to 54-2
Message headers for, 28-118 Monitoring Configuration database
MIME, 28-131, 28-134 setting options for described, 52-1
Message journaling. See Mail processing, 28-115 document types, 52-2
journaling Minimal logging, 28-7 location, C-83
Message priority level, 28-27 MinNewMailPoll setting viewing statistics in, 52-32
disregarding during described, C-67 wizards for, 52-13
routing, 28-39 Miscellaneous Events view Monitoring Results database
Message size corruption messages, 58-25 described, 52-1
restricting, 28-28 Mixed-release environments performance statistics and, 52-36
Message tracking log file analysis, 56-7 Move mail file
configuring servers for, 33-8 MMC administration requests, F-31
controlling, 33-5 Notes registration and, 17-29 Move roaming user
from the Domino Mobile directory catalogs administration requests, F-42
Administrator, 33-10 described, 24-3 Move_Mail_File_Expiration_Days
overview, 33-1 multiple, 24-33 setting
in Web Administrator, 16-27 setting up, 24-34 to 24-35 described, C-67
Message transfer Modem command files MT Collector task
controlling, 28-26, 28-33 described, 4-34 controlling, 33-5
Message validation modifying, 4-49 described, 33-1
SSL, 46-1 troubleshooting, 63-48 MTA servers
Messages Modems and interoperability with other
disabling, A-22, A-44 displaying input/output, C-121 mail systems, 26-14
encrypting for delivery, 28-9 logging modem I/O, 63-48 MTC task
MIB number to use, 4-33 controlling, 33-5
overview, 53-7 troubleshooting, 63-48 described, 33-1
using with SNMP, 53-21 Modify CA Configuration in Domino MTCDailyTasksHour setting
Microsoft Active Directory Directory request, F-30 described, C-68
deleting users and groups, 17-42 Modify ID recovery information in MTMaxResponses setting
directory assistance search Domino Directory described, C-68
filters, 23-46 request, F-30 MTU setting
mapping containers to Notes Modify room/resource in Domino troubleshooting, 63-68
certifiers and policies, 17-32 Directory request, F-31 Multilingual applications
mapping fields with Domino Modify user information stored in setting up Web for, 34-32
Directory, 17-31 Domino Directory Multiple replicators
registering existing users, 17-35 administration request, F-31 and scheduled replication, 7-30
registering new groups, 17-39 Monitoring Multiple-password IDs
registering new users, 17-33 checklist for, 63-6 described, 39-6
renaming users and groups, 17-41 database cache, 61-10
Index-22
Multi-user client installation, 5-46 server, deleting, 59-8 NetWareSocket setting
MX records server, finding, 59-11 described, C-70
described, 26-25 Names setting NetWareSpxSettings setting
examples, 26-27 described, C-68 described, C-70
NAMES.NSF, 19-1 Network Address Translation.
customizing, E-22 See NAT
N NAMESPACE command Network connections
NABRetrievalPOP3Mail command enabling support dropping, I-9
described, I-18 for, 31-12 to 31-13 testing, 63-77
NABUpdate command Naming contexts. See Naming rules tracing, 63-77, A-59, C-76
described, I-18 Naming conventions Network Dialup
NAMAGENT.NSF ACL, 40-4 encrypting Connection
Server.Load agents, 62-4 Domino system, 1-12 documents, 4-46
Name and Address Book. See hierarchical, 1-3 setting up servers to use, 4-36
Domino Directory Notes named networks, 2-33 troubleshooting, 63-74
Name change ports, 2-38 Network ports
refusing, F-56 Program documents, B-2 adding, 2-36, 2-60
Name lookups servers, 2-14, 2-29, 2-31 to 2-32 binding to IP
restricting, 27-47 Naming rules addresses, 2-46 to 2-47
restricting to primary directory assistance, 23-12 compressing data on, 2-42
directory, 28-40 LDAP service and, 23-17 configuring, 2-35, 2-58
Name resolution in IPX trusted, 23-14 deleting, 2-40
troubleshooting, 63-72 NAT disabling, 2-34
Name resolution in NRPC using, 2-18 encrypting, 2-41
described, 2-4 Navigate command fine-tuning, 2-34
ensuring DNS resolves, 2-16 to described, I-18 renaming, 2-38
2-17, 2-19, 2-22 NDS reordering, 2-39, 2-45
over IPX/SPX, 2-30 Domino server and, G-1 Server Setup program and, 2-2
over NetBIOS, 2-28 Notes workstations and, G-5 TCP/IP, 2-12, 2-22
over TCP/IP, 2-11, 2-15, 2-44 NOTES.INI setting, G-7 Network protocols
troubleshooting, 63-66 passwords, C-75 compatible with Domino, 2-2
Name services server names and, 2-32 defined, 2-1
Microsoft, 2-13 specifying distinguished specifying, 4-16
NetWare, 2-30 to 2-32, names, 2-62 Networks
2-61 to 2-62 user IDs, C-75 integrating Domino
Notes, 2-4 NDS objects with, 2-1, 2-10, 2-26, 2-29
Name-and-password Domino server, G-1 to G-2 name resolution, 2-4, 2-11
authentication, 42-8, 46-15 managing, G-4 NOTES.INI settings, 2-64
customizing, 42-3 Nested groups security, 2-6 to 2-7
directory assistance and, 23-3 database authorization, 23-7 NewMail command
Internet/intranet clients NetBIOS described, I-19
and, 28-60, 31-2, 42-1 integrating Domino with, 2-26 NewMailInterval setting
LDAP service and, 20-12, 20-31 name resolution in, 2-28 described, C-70
level, 42-19 Notes port for, 2-34 to 2-36, NewMailTune setting
session-based, 42-6, 42-8, 42-10 2-38 to 2-42, 2-58, 2-60 Incoming Mail Sound
setting up users, 42-3 setting up servers for, 2-32, 2-58 setting, C-44
virtual servers, 3-42 Netscape NewReplicateDB command
Names trusted root, 46-11 described, I-19
changing, 5-56 to 5-57 Web Administrator and, 16-23 NewUserServer setting
for Policy documents, 9-32 NetWare described, C-71
for servers, 2-15, 2-17, 2-19, name services, 2-30 to 2-32, NIS
2-22, 59-10, 2-61 to 2-62 preventing problems with, 2-56
Internet authentication and, 31-24 NetWare Administrator NNN. See Notes named networks
NDS, 2-62 Domino and, G-2, G-4
Index-23
No access Notes name lookups NRPC service
assigning, 40-14 directory search order, 18-17 binding to an IP address, 2-46
privileges, 40-16 Notes Name Service default TCP port, 2-55
No_Force_Activity_Logging setting described, 2-4 described, 2-2
described, C-72 Notes named networks encrypting, 2-41
NoDesignMenu setting defined, 2-3 name resolution in, 2-4, 2-11, 2-15
described, C-71 mail routing and, 26-18 to 2-17, 2-19, 2-22, 2-28, 2-30
NoExternalApps setting setting up, 2-33 NSD log file
described, C-71 Notes names troubleshooting
NoMailMenu setting LDAP directories and, 23-49 and, 63-96, 63-101
described, C-72 Notes network ports. See Network NSF_Buffer_Pool_Size setting
NoMsgCache setting ports described, C-73
described, C-73 Notes protocols NSF_DbCache_Disable setting
Nonroaming users mail routing and, 26-3, 26-19, described, C-74
change to roaming, 5-70 27-4, 27-20, 27-32, 28-50 NSF_DbCache_Maxentries setting
Normal logging, 28-7 Notes Remote Procedure Call described, C-74
Note ID service. See NRPC service Null modems
finding documents by, 63-20 Notes rich text format troubleshooting, 63-51
table of, I-12 in mail messages, 26-13, 27-1 Num_Compact_Rename_Retries
NoteAdd command Notes RPC. See NRPC service setting
described, I-20 Notes templates described, C-74
Notes table of, D-1 NWNDSPassword setting
registering Windows NT users, Notes workstations described, C-75
17-1, 17-8, 17-12, 17-14 configuring for NDS, G-5 NWNDSUserID setting
synchronizing with NOTES.INI file described, C-75
Windows NT, 17-2 to 17-3 adding settings, A-25
Notes client editing, 16-27, C-1
authentication with directory NOTES.INI settings O
assistance, 23-6 Agent Manager, 60-6 Object class hierarchy
authentication with directory database maintenance, 58-41 described, 21-1
catalogs, 24-11 database organization, 49-6 Object classes
connecting to servers, 4-55 database performance, 60-9, 61-29 adding to schema, 21-14
directory servers, 19-15 Domain Search, 10-23 described, 21-1, 21-3
directory services, 18-10 iNotes Web extending, 21-11
installation in a shared Access, 32-8 to 32-9 for Group documents, 21-5
directory, 5-43 LDAP service, 20-41 for Person documents, 21-4
LDAP service and, 20-34 log files, 56-2 Object collect task
Notes Direct Dialup mail, 63-43 use in generating shared mail
Connection documents, 4-35 NDS, G-7 statistics, 29-13
described, 4-34 networks, 2-64 use in resynchronizing mail
setting up, 4-44 scheduling server tasks, B-2 files, 29-22
Notes domains. See Domino domains schema daemon, 21-21 Object Link command
Notes IDs server performance and, 60-4 use in managing shared mail, 29-15
about, 39-1 to 39-2 UNIX server, 60-14 Object Request Broker. See Domino
Notes items NotesBench ORB
sending in Internet message described, 60-2 Object store
headers, 28-134 Novell Directory Service. See NDS defined, 29-1
Notes mail NRPC managing growth
condensed Directory Catalogs mail routing and, 26-3, 26-17 of, 29-10 to 29-11
and, 24-29 troubleshooting, 63-55 Offline Security Policy document
directory assistance and, 23-8 NRPC Mail Initialization Workload creating, 11-7
directory catalogs and, 24-1, script Offline Subscription Configuration
24-3 to 24-4, 24-14 sample, J-8 profile document
creating, 11-11
Index-24
editing, 11-11 IP addresses and, 2-21, 2-50, 2-53 PC-Pine client
Offline subscriptions multiple Web sites configuring, 31-39
overview, 11-1 and, 2-49, 34-20 PEER Agent
Offline users performance, 60-5 and SNMP Agent, 53-14
security, 11-7 port mapping, 2-53 Peer-to-peer topology
tracking, 11-22 removing, 59-13 example of, 4-11
OID for LDAP SNMP and, 53-9 replication and, 4-8
described, 21-12 troubleshooting, 63-78 People
On-demand cross-certificates, 39-32 Passthru connections registering Internet/intranet, 42-3
Online Meeting Place activity logging through, 57-9 Performance
in the Resource Reservations hangup delay setting, C-76 database cache and, 61-9
database, 8-9 troubleshooting, 2-12, 63-79 directory catalogs, 24-18, 24-20,
Open command Passthru HTML, 34-2 24-27, 24-30
described, I-20 Passthru servers Domino Directory, 19-1
Open relays as application proxies for Domino Performance Zone Web
defined, 28-76 NRPC, 2-8 site, 60-1
preventing, 28-76 configuring, 4-27 encryption and, 43-4
OpenView for Windows Connection documents, 4-29 improving, 60-1, 60-3, 61-12
and SNMP traps, 53-21 controlling access to, 38-17 LDAP service, 20-28
ORB. See Domino ORB creating a topology, 4-25 mail, 26-17 28-3, 28-6
Organization certifier IDs, 1-8 described, 4-23 mail routing, 28-2
creating, 3-34 destination servers and, 4-28 monitoring, 52-36
Organization hierarchy topology example, 4-26 networks, 2-42
moving user names in, 5-61 using with hunt groups, 4-24 optimizing, 61-1, 61-3
Organizational policies Passthru_Hangup_Delay setting Server Health Monitor, 54-12
described, 9-2 described, C-76 sources for improving, 60-15
Organizational unit Passthru_LogLevel setting tools, 60-2
certifier IDs, 1-8 described, C-76 troubleshooting, 63-16
creating, 3-35 Password quality scale tuning disk I/O, 60-15
Organizational units described, 39-7 UNIX server, 60-14
Internet, 45-2 levels, 39-4 view indexes and, 58-23
restricting mail based Password recovery. See IDs, Web server, 34-52
on, 28-55 recovering Windows server, 60-13
Organizations Passwords Person documents
restricting mail based assigning, 39-4, 39-8, 42-3 changing during
on, 28-55 change intervals for, 39-10 synchronization, 17-5
OS/2 changing, F-6 IMAP users and, 31-23
error codes, 63-100 checking during authentication, Internet Address
troubleshooting, 63-100 39-8, 39-12, F-60 field, 27-50, 27-53
OS/390. See zOS console, A-26 mail routing and, 26-10
OtherDomainServers group Directory Assistance object classes for, 21-4
access level, 7-6, 40-3 documents, 23-44 password checking, F-60
described, 6-1 IDs and, 39-4 POP3 users and, 30-7
directory catalogs and, 24-20 Internet, 42-24 SSL clients, 47-20
Over quota enforcement for key ring file, 45-2, 46-22 Personal Address Book
configuring, 28-17 multiple, 39-6, 39-13 missing views and, 63-42
NDS, C-75 PhoneLog setting
P recovering. See IDs, recovering described, C-76
Packing density server console, C-92 PHP
condensed Directory troubleshooting, 63-104 configuring a Web site for, 34-40
Catalogs, 24-31 verifying, 39-8, 39-11 Pin lists
Partitioned servers Pause command creating, 54-32
described, 1-6 described, I-21 Ping, 27-38
in a hosted environment, 12-2 troubleshooting and, 63-77
Index-25
Pipelining commands Policy viewer Populate command
supporting via ESMTP, 28-96, described, 9-37 described, I-21
28-103 to 28-104 using, 9-38 Port mapping
PKCS11_Library setting Policy-based registration on partitioned servers, 2-53
described, C-77 with Notes synchronization, 17-6 Portals
Platform command POP3 Initialization Workload script creating for iNotes Web
described, A-16 running, 62-27 Access, 32-3
using, 52-28 sample, J-14 portname_MaxSessions setting
Platform statistics POP3 protocol described, C-80
disabling, 52-30, C-77 Domino mail server and, 26-5 troubleshooting
displaying, 52-27 in a hosted environment, 12-13 and, 63-59 to 63-60
evaluating, 52-28 POP3 service Ports
overview, 52-26 authentication and, 30-2 adding, 2-36, 2-60
troubleshooting, 63-52 binding to an IP address, 2-47 binding to IP
viewing, 52-30 changing default port addresses, 2-46 to 2-47
Platform_Statistics_Disabled setting information for, 30-3 cluster servers and, C-91
described, C-77 clients, 30-11 compressing data on, 2-42
Policies described, 30-1 configuring, 2-35, 28-66, 30-3, 31-5
assigning, 9-6, 9-40 DNS lookups, C-78 controlling access to, 38-14
child policy, 9-4, 9-34 Internet domain names, C-79 deleting, 2-40
creating, 9-7 mail commands, I-18, I-23 disabling, 2-34
examples, 9-4 marking messages as read, C-79 dropping connections, I-9
exceptions, 9-3 message caching, C-78 to C-80 enabling, C-81
for hosted organizations, 9-7, 12-4 Notes port for TCP/IP, C-80 encrypting, 2-41
with Notes synchronization, 17-6 setting up, 30-2 for LDAP service, 20-12
overview, 9-1 starting, 30-3 maximum sessions, C-80
planning, 9-6 updating configuration, C-78 names, 2-38
troubleshooting, 63-109 POP3 users renaming, 2-38
types of, 9-2 activity logging, 57-10 reordering, 2-39, 2-45
viewing, 9-37 to 9-38 allowing SMTP relays from, 28-82 Server Setup program
Policy documents creating mail files for, 30-10 and, 2-2
child policy, 9-34 enabling to send mail, 30-1 SMTP, C-104
creating, 9-32 setting up, 30-7 specifying, 4-16
deleting, 9-35 POP3 Workload script SSL, 46-15, 2-55
in a hosted environment, 13-4 described, 62-26 starting and stopping, A-22
names in, 9-32 running, 62-28 TCP, 2-55, C-110 to C-111
Policy hierarchy sample, J-14 Ports setting
effective policy, 9-36 POP3_Disable_Cache setting described, C-81
examples, 9-4 described, C-78 Ports, communication
Policy settings POP3_Enable_Cache_Stats setting options, 4-47
deleting, 9-35 described, C-79 setting up, 4-34
described, 9-1 POP3_Message_Stat_Cache_NumPer POST command
desktop, 9-14 User setting restricting, 34-29
editing, 9-35 described, C-80 Pre-delivery agents
groups, 6-9 POP3ConfigUpdateInterval setting controlling, 28-9
inheritance, 9-4 described, C-78 Preferences
registration, 9-7 POP3DNSLookup setting Domino Administrator, 16-5, 16-7
security, 9-19 described, C-78 to 16-9, 16-11
setup, 9-12 POP3Domain setting Web Administrator, 16-24
viewing, 9-38 described, C-79 Primary Domino Directory
in Web Administrator, 16-25 POP3MarkRead setting changing to Configuration
Policy Synopsis tool described, C-79 Directory, 19-5
using, 9-36 POP3NotesPort setting directory assistance
described, C-80 for, 23-26, 23-33
Index-26
excluding from LDAP cross-certification and, 39-33
searches, 23-27 described, 38-1, 39-2 R
Extended Directory Catalog encryption and, 43-1, 43-4 R5 IMAP Initialization Workload
in, 24-28 lost or stolen, 39-22 running, 62-17
preventing use as remote mailing, 39-25 R5 IMAP Workload script
primary, 19-8 replacing in address book, 39-23 described, 62-15
Priority restricting, 44-12 running, 62-18
mail routing and, 28-27 verifying, 39-25 sample, J-6
Private design elements Publishing R5 NRPC Mail Initialization script
notifying user of change to, 5-57 to database libraries, 51-3 running, 62-21
Private keys LDAP schema, 21-20 R5 Shared Database script
encryption and, 43-1 PUBNAMES.NTF described, 62-24
Notes certification, 39-2 copying, E-4 running, 62-25
Privileges customizing, E-1 sample, J-12
access level, 40-16 upgrading, E-22 R5 Simple Mail Routing script
extended ACL, 25-3, 25-5 Pull routing described, 62-20
Probes. See Event generators configuring for dialup running, 62-23
Profiles connections, 27-60 sample, J-9
Activity Trends, 54-22 to 54-25 Pull server command, 7-31 RA. See Registration Authority
Server Health Monitor, 54-13 described, A-17 Ratings
Server monitor, 52-43, 54-13 Pull-only replication Server Health Monitor, 54-5
statistic, 52-39 specifying, 7-23, C-95 Read command
Program document Purge agent described, I-22
to compact ADMIN4.NSF, 15-27 enabling, 36-17 Reader access
naming conventions for, B-1 Server Web Navigator, 36-15 actions, 40-14
for scheduling Updall, 50-5 Purge interval privileges, 40-16
ProgramMode setting deletion stubs and, 7-12 Readers field
described, C-81 setting, 28-33 updating, 40-29
Progressive rendering Purge/Compact Realms
Web images and, 34-24 method for managing size of Mail authentication and, 63-104
Properties boxes Journaling database, 28-112 Receipts
shortcut keys, H-5 Push server command configuring Internet, 28-116
Proxies described, A-19 Recertify Certificate Authority in
defined, 2-7 Push-only replication Domino Directory
Domino passthru servers as, 2-8 specifying, 7-23, C-95 administration request, F-47
HTTP, 2-7 Recommendation documents
Internet connections and, 4-22 Web Navigator
specifying for Server Web Q database, 36-11
Navigator, 36-3 Quick console Recovery. See IDs, recovering
PTR records Web Administrator and, 16-26 Redirect URL command
in DNS, 28-71 Quit command finding links with, 34-27
Public access, 40-18 described, A-20, I-22 Referrals
assigning, 40-18 Quotas LDAP service and, 20-33, 23-11
Public Address Book, 19-1 database, 61-23 to 61-24 Refresh agent
passthru access, 38-17 enforcing, 28-16 enabling, 36-18
server access, 38-4 mail, 28-10 to 28-11, 28-15 using, 36-18
Server documents, 39-25 memory, C-67 Register hosted organization
Public documents, 40-18 replication and, C-13, C-83 administration requests, F-48
access to, 40-18 setting Router controls for, 28-17 Registration
Public folders soft deletions and, 28-14 customizing options, 17-8
IMAP, 31-13, 31-15 Quotas, mail existing Active Directory
Public keys shared mail and, 29-4 users, 17-35
copying, 58-26, 63-96, F-6 group member in Notes, 17-18
creating, 39-23 to 39-24
Index-27
hosted organizations, 13-5, Replica stubs multiple replicators, 7-30
13-8, 13-11 described, 63-88 NewReplicateDB
IMAP users, 31-23 troubleshooting, 63-89 command, I-19
Internet/intranet users, 42-3 Replicas non-document elements, 7-15
Microsoft Management Console access levels, 7-6 one-way, A-17, A-19
and, 17-29 concurrent changes to, 58-8 preventing, 7-31, C-94
new Active Directory controlling changes, 40-5 priority, 7-26, 7-28
groups, 17-39 controlling creation of, 38-14 Replicate command, A-20
new Active Directory copying to servers, 48-2 scheduling, 7-24
members, 17-33 creating, 7-9, F-8, I-19 selective, 7-12, 11-22, 15-27
setting preferences, 16-9 creating for multiple server, I-22
from a text file, 5-22 domains, F-77 setting up, 7-20
Windows NT deleting, 58-36 settings, 7-17 to 7-18
users, 17-1, 17-8, 17-12, 17-14 deleting documents from, 7-12 specific databases and, 7-27
Registration Authority deletions, 63-89, 63-90 specifying a group of
tasks, 44-4 described, 7-1 servers, 7-20
Registration policy settings limiting content, 7-12, 7-16 specifying dates, 7-13
creating, 9-7 size of, 63-87 statistics, 63-80
Registration settings documents Replicas, directory strategies, 4-6, 4-8
with Notes synchronization, 17-6 directory assistance time limits, C-82
Relay hosts, 28-85 and, 23-20, 23-36 troubleshooting, 63-80
configuring, 27-58 Replicate command Web applications, 11-22
defined, 27-8 described, A-20, I-22 Replication conflicts
restricting, 28-75 to 28-76, 28-81 Replicate server command, 7-31 consolidating, 58-10
using multiple, 27-33 Replication described, 58-8
Remote connections access levels, 7-6 Replication events
setting up, 4-36 activity logging, 57-10 troubleshooting with, 63-2
troubleshooting, 63-48 CD-ROM updates, 7-17 Replication formulas
types of, 4-34 customizing, 7-11, 7-22 using, 7-14
Remote console database design and, 63-86 Replication history
Web Administrator and, 16-26 deleted documents, 7-7 directory catalogs, 24-39, 24-45
Remote primary directories described, 7-1, 7-3 specifying dates, 7-13
described, 18-2 to 18-3 direction, 7-23 troubleshooting
preventing as, 19-8 directory catalogs, 24-32 with, 63-2, 63-80, 63-85
how servers locate, 19-7 disabling, 7-16, 7-32, 63-89 Replication priority
Remote server console document size and, 7-14 assigning, 7-16
entering server commands, A-1 from Domino Replication topology
Remote servers Administrator, A-19 binary tree, 4-9
number of modems for, 4-33 Domino Directory, 19-17 clusters, 4-8
topology, 4-3 editing conflicts, 63-91 end-to-end, 4-8
topology example, 4-14 enabling, 7-32 hub-and-spoke, 4-6
Remove certificate from Domino or end-to-end topology, 4-8 peer-to-peer, 4-8
LDAP Directory request, F-49 enforcing consistent ACL, 40-28 ring, 4-8
Rename person error tolerance setting, C-82 troubleshooting and, 63-80
refusing name change, F-56 examples, 7-19 viewing, 7-34
Rename Web user administration forcing, 7-33 ReplicationTimeLimit setting
requests, F-57 full-text indexes, 50-1 described, C-82
Repl_Error_Tolerance setting graphical display of Replicator task
described, C-82 topology, 7-34 running concurrently, C-82
troubleshooting and, 63-80 history, 58-6, 58-7 Replicators setting
Repl_Obeys_Quotas setting limiting time for, 7-29 described, C-82
described, C-83 log file, 58-8 Reply addresses
Replica IDs manual, 7-31 in Internet mail, 27-52
assigning access by, 40-10 monitoring, 58-6
Index-28
Report_DB setting Resource Reservations database move request, F-42
described, C-83 access rights, 8-8, 8-16 registering, 5-13
Reporter task creating, 8-7 updating from non-roaming, F-66
sending statistics, C-83 in a hosted environment, 14-12 Roles, 40-20
Reports synchronizing with Domino creating, 40-21
directory catalog, 24-49 Directory, F-5 Domino Directory, 19-10
mail usage, 33-2 troubleshooting, 63-46 troubleshooting, 63-20
REPORTS.NSF (Reports database) using with a Web browser, 8-16 Web Administrator
creating, 33-4 Resources and, 16-20 to 16-21
ReportUseMail setting modify in directory request, F-31 Room resources
described, C-83 troubleshooting, 63-45 in the Resource Reservations
Requests types of, 8-9 database, 8-9
managing certificate, 46-20 Response hierarchy modify in directory request, F-31
Web server, 34-55 performance and, 61-5 setting up, 8-9
Resent headers Response Log documents, 15-36 Root DSE
using, 28-131 Response time searching, 21-20
Reservations server, 60-3 Roots
deleting, 8-17 Restart port command default trusted, 46-11
editing, 8-17 described, A-22 Route command
Resource balancing Restart server command unscheduled mail and, A-24
in Activity Trends, 54-26 described, A-23 Router task
in Activity Trends, Restart Task described, 26-6
setting up, 54-27 described, A-23 reloading configuration of, 27-22
additional statistics, 54-46 Results database server crashes and, 63-100
analyzing distributions, 54-37 database analysis, 58-38 stopping and starting, 27-4
approval profile for, 54-59 from decommissioning a RouterAllowConcurrentXFERToALL
charting options, 54-28 server, 59-3 setting
comparing, 54-39 log events, 56-5, 56-7 described, C-84
creating plan constraints, 54-62 RetrievePOP3Mail command transfer threads and, 28-36
customizing, 54-36 described, I-23 RouterDisableMailToGroups setting
database and server Retry interval described, C-84
locations, 54-27 setting, 28-33 RouterDSNForNULLReversePath
database Return receipts setting
moves, 54-32, 54-53, 54-55 configuring, 28-116 described, C-85
and decommissioning a Return-Receipt-To header RouterEnableMailByDest setting
server, 54-43 configuring for return described, C-85
and Domino Change receipts, 28-116 Routers
Manager, 54-48 to 54-49 Reverse DNS lookups configuring delivery
editing server properties, 54-43 use in controlling inbound SMTP by, 28-8 to 28-9
evaluating server activity, 54-39 sessions, 28-71 connection costs and, 28-53
filtering servers, 54-45 Rewind command described, 26-8, 26-21, 27-1
goals, 54-30, 54-31 described, I-23 mail file quotas
interpreting profile charts, 54-41 Rewind2 command and, 28-16 to 28-17
overview, 54-34 described, I-24 MAIL.BOX databases and, 28-3
plan constraints explained, 54-61 RFCs obeying database quotas, 28-10
plan documents for, 54-53, 54-57, LDAP service, 20-42 shutting down, 27-5
54-60 to 54-64 Ring topology SMTP, 27-37
plan variables, 54-63 replication and, 4-8 Tell commands, A-54
proposals for, 54-38, 54-47 Roaming files TRACERT command and, 63-67
viewing, 54-47 moving, 5-77 updating configuration, 27-22
Resource document Roaming users, 5-9 Routing costs
creating, 8-9 change from nonroaming, 5-70 setting, 28-39, 28-53
editing and deleting, 8-13 change to nonroaming, 5-69 Routing table
plan notification messages, 54-64 deleting, F-21 described, 26-10
Index-29
recalculating, 27-22 Scheduling Notes routing, 28-50 Search results
Routing task Schema access to, 10-12
described, 27-1 adding attributes, 21-13 to 21-14 filtering, 10-13
Routing. See Mail routing adding syntaxes, 21-15 titles in, 10-19
RSA checking, 21-18 to 21-19 Web server, 34-26
trusted root, 46-11 described, 21-1 Searching
RSVP Domino, 21-2 domains, 10-1
command for, I-24 extending, 21-10, 21-17, E-3, E-7 encrypted fields, 50-2
RSVPInvitation command to E-9, E-14, E-16, E-20 file systems, 10-9
described, I-24 publishing, 21-20 SearchMax
RTR_Logging setting root DSE searches, 21-20 number of documents to
described, C-86 viewing, 21-9 display, 34-26
Rules Schema daemon Secondary directories
mail, 28-113 described, 21-5 directory services for, 18-12
NOTES.INI settings, 21-21 LDAP service, 18-4
Schema database Secondary Domino Directory
S deleting documents, 21-17 Administration Process
S/MIME described, 21-7 support, 15-7
encrypted, 47-13 to 47-15 extended ACLs and, 25-7 described, 23-1
setting up clients for, 47-1, 47-13 extending schema directory assistance
Sametime with, 21-13, to 21-17 and, 23-3, 23-8, 23-33
setting up for iNotes Web views, 21-8 to 21-9 LDAP service, 23-10
Access, 3-14 Schema entry name lookups, C-68
Save conflicts searching, 21-20 Secondary name servers
consolidating, 58-10 Schema_Daemon_Breaktime setting adding in Notes, 2-44
described, 58-8 described, C-88 Secure_Disable_FullAdmin setting
Sched_Dialing_Enabled setting Schema_Daemon_Idletime setting described, C-90
described, C-86 described, C-88 SecureMail setting
Sched_Purge_Interval setting Schema_Daemon_Reloadtime setting described, C-90
described, C-86 described, C-88 Security
Schedule Manager Schema_Daemon_Resynctime setting adding cross-certificates on
statistics, C-87 described, C-89 demand, 39-32
Tell commands, A-55 SCOS. See Shared mail anonymous access, 42-25
troubleshooting, 63-47 SCRIPT.DAT file application, 37-14
validation settings, C-87 UNIX installation, 3-7 application design element, 37-15
Schedule_Check_Entries_When_ Scriptable setup authenticating
Validating setting setting up Notes with, 5-52 clients, 31-24, 46-25
described, C-87 Scripts certificates, 39-2
Schedule_No_CalcStats setting commands, 4-53 certifier IDs and, 1-9
described, C-87 editing acquire and login, 4-51 database, 10-12, 40-19
Schedule_No_Validate setting keywords in, 4-52 database access for SSL
described, C-87 making a call with, 4-50 clients, 46-19
Scheduled replication Server.Load, I-1 databases, 38-14
troubleshooting, 63-80, 63-84 Search filters directory links, 49-1
Scheduled reports Directory Assistance Domino Directory and, 18-7, 19-9,
mail, 33-15 documents, 23-46 20-16, 20-22 to 20-23
Schedules Search forms Domino Off-Line Services, 11-7
replication, 7-24 adding categories to, 10-10 encryption, 2-6, 43-1
viewing for replication, 7-34 bookmarks and, 10-18, 10-20 encryption defined, 43-4
Scheduling customizing, 10-18 full-text indexes and, 50-2
example, 8-2 Web clients and, 10-20 ID recovery, 39-14, 39-17
server programs, B-2 Search order IDs and, 37-16, 39-1
setting up, 8-5 directories, 18-15 to 18-17 for Internet/intranet clients, 31-24
troubleshooting, 63-45 directory assistance, 23-16 in a hosted environment, 12-3
Index-30
iNotes Web Access, 32-1, 32-8 workstation, 41-1 fault recovery, 55-10
Internet passwords and, 42-24 Security policy settings hosted organizations and, 14-11
Internet transactions and, 40-31 creating, 9-19 troubleshooting, 63-96
Internet/intranet clients, 42-27 Selection formulas Server documents
keys, 39-2, 43-1 directory catalogs and, 24-20 access lists, 38-2
mail, 21-5, 28-68, 29-4 Selective replication build number in, F-47
mail encryption, 43-7 setting up, 11-22 CPU count field, F-64
mail journaling and, 28-110 Selective replication formulas creating for NDS, G-7
name-and-password access, 42-19 preventing replication of database creation, 38-14
name-and-password ADMIN4.NSF, 15-27 directory catalogs and, 24-8
authentication for Web Self subject DNS resolves in NRPC and, 2-12
clients, 42-6 extended ACL, 25-11 network settings in, 2-36
network, 2-6 to 2-7, 2-9 Self-certified certificate, 46-22 protocol field, F-66
Notes IDs and, 39-1 to 39-2, 39-25 Send copy to mail rule specifying international
offline users, 11-7, 11-10 disabling, 28-9 settings, 34-31
overview, 37-1 SendMessage command time-out settings for Web, 34-53
passwords, 39-4 described, I-24 troubleshooting, 63-39
planning, 2-6, 37-11 SendSMTPMessage command verifying public keys, 39-25
port access, 38-14 described, I-25 Server failures
public and private keys, 39-2 Server access customizing message for, 28-46
public keys, 39-22, 43-4 anonymous, 38-13 Server files
renewing an expired customizing, 38-7 controlling Web browser access
certificate, 46-21 data directory, 49-4 to, 38-23
server, 38-23 denying, 38-4, 38-7 Server Health Monitor
server key ring file, 46-3 passthru, 38-17 configuring, 54-6
Server Web Navigator, 36-8 troubleshooting, 63-91 excluding servers, 54-15
setting up, 37-1 Server administrators overview, 54-2
setting up a Domino 5 certificate changing name of, 59-1 performance of, 54-12
authority, 45-1 Server certificates profiles, 54-13
setting up a Domino CA changing expiration date, 3-32 ratings, 54-5
server, 45-1 merging into key ring file, 46-12 reports, 54-11 to 54-12
setting up anonymous Server Certificate Administration selecting server components, 54-9
access, 42-26 requesting certificate, 46-5 setting up, 54-7
setting up clients for setting up, 46-3 starting, 54-8
S/MIME, 47-13 Server commands statistics, 54-3, 54-13, 54-16
setting up clients for SSL client Agent Manager and agents, 63-12 threshold values, 54-10
authentication, 47-18 entering from the UNIX using, 54-8
setting up clients for SSL server command line, A-8 viewing in Domino server
authentication, 47-3 redirecting command monitor, 54-14
setting up Person documents for output to, A-2 Server IDs
Internet clients using SSL table of, A-10 defined, 39-1
client authentication, 47-20 troubleshooting with, 63-2 overview, 39-1
setting up SSL server Server comparisons recertifying, 59-9
authentication using when decommissioning a replacing, 63-96
SMTP, 47-22 server, 59-5 security and, 39-25
signatures and, 43-11 Server console server access and, 63-95
SNMP, 53-5 commands, I-8 specifying, C-92
SSL, 46-1 described, A-1 Server key ring files
SSL server certificate, 46-5 using at server, A-2 creating, 46-3
trusted root certificates, 47-3 Server Console Configuration Server monitor
verifying passwords, 39-8 document adding a task, 52-43
verifying public keys, 39-25 settings in, 52-21 adding servers, 52-44
virtual Web servers, 3-42 Server crashes changing default settings, 16-8
Web Administrator, 16-18 database indexes and, 63-99 overview, 52-40
Index-31
profiles, 41-13, 52-44, 54-13 setting cache options, 36-18 Server-based certification authority
Server Health monitor, 54-2 setting up, 36-2 creating an Internet CA, 44-8
starting, 52-41 starting and stopping, 36-3 ServerKeyFileName setting
using, 52-44 Server.Load described, C-92
views, 52-41 agents, 62-4 ServerName setting
Server names capacity planning with, 60-2 described, C-94
deleting, 59-8 changing script variables, 62-10 ServerNoReplRequests setting
finding in domain, 59-11 described, 62-1 described, C-94
IP names and, 2-14, 2-22 metrics, 62-7, 62-10 preventing replication with, 7-31
upgrading to hierarchical, 59-10 modifying built-in scripts, 62-11 ServerPullReplication setting
Server ports setting stop condition, 62-10 described, C-95
access to, 38-14 setting up, 62-12 ServerPushReplication setting
Server programs test parameters, 62-6 described, C-95
SSL and, 46-1 testing commands, 62-11 Servers
Server protocol information troubleshooting, 63-110 access, 38-2, 38-4
updating, F-66 Server.Load scripts access levels for, 7-6, 40-13
Server registration built-in, 62-2, 62-11, 62-14 to access to databases, 7-5
administration requests, F-59 62-15, 62-20, 62-24, 62-26, adding hosted organizations
Server security, 38-23 62-30 to 62-31 to, 14-2
Server setup profiles commands, 62-11, I-1 adding to clusters, F-5
creating, 3-21 critical region, I-4, I-10 administering, 16-4
silent, 3-25 custom, 62-3, 62-11 backing up, 63-7
using, 3-22 list of, 62-2, J-1 capacity, 60-3
Server Statistic Collection loops, I-4 to I-5 changing administrator of, 59-1
document pausing, I-21 configuring for LANs, 2-19, 2-32,
creating, 52-25 restarting, I-23 to I-24 2-43, 2-58, 2-61
Server tasks running, 62-3, 62-11, 62-14, 62-17 configuring for NDS, G-6
adding, 52-43 to 62-18, 62-21, 62-23, 62-25, connecting, 4-1, 4-4
monitoring, 52-1, 52-44 62-27 to 62-28, 62-30, 62-34 database creation, 38-14
running, B-1 samples, J-1 decommissioning, 54-43, 59-3,
scheduling, B-2 stop conditions, 62-10 59-12
settings for, C-97 to C-98 variables, 62-10 delete requests
SSL and, 46-1 Server_Availability_Threshold for, F-25, F-78, F-81
status level, 52-42 setting deleting hosted organizations
table of, B-3 described, C-91 from, 14-3
Server topology Server_Cluster_Default_Port setting Domain Search requirements,
planning, 1-2 described, C-91 10-2
Server Web Navigator Server_Console_Password setting editing properties for resource
about the Averaging agent, 36-19 described, C-92 balancing, 54-43
access to Internet services, 36-7 Server_Max_Concurrent_Trans encrypting mail files, 43-8
changing appearance of setting environment for service
pages, 36-12 described, C-93 providers, 12-1
controlling access to sites, 36-6 Server_MaxSessions setting evaluating for resource
customizing, 36-6 described, C-93 balancing, 54-39
described, 36-1 troubleshooting filtering for resource
displaying authors, 36-12 and, 63-59 to 63-60 balancing, 54-45
displaying HTML source, 36-13 Server_Restart_Delay setting functions, 1-2
managing size of database, 36-16 described, C-96 Health reports, 54-11 to 54-12
moving out of data Server_Restricted setting hierarchical names, C-94
directory, 36-14 described, C-96 installing, for hosted
private page access, 36-5 Server_Session_Timeout setting environments, 13-2
proxies, 36-3 described, C-96 limiting replication time, 7-29
renaming database, 36-14 Server_Show_Performance setting limiting transactions, C-93
retrieval settings, 36-6 described, C-97 managing, 59-1
Index-32
maximum sessions, C-93 server options, 12-2 Shared installation, 5-43
naming, 1-3, 2-14 to 2-17, 2-19, setting up environment for, 13-1 Shared mail
2-29, 2-31 to 2-32 using the Resource Reservations clusters and, 29-20
partitioned, 1-6, 2-21, 2-53, 59-13 database, 14-12 described, 29-1, 29-5
passthru, 2-8, 4-23, 38-17, Web Administrator and, 16-26 disabling, 29-25
password checking on, 39-12 Servlets excluding mail files, 29-17
performance, 60-3 managing on Web server, 34-13 including mail files, 29-17
performance tools for, 54-2 Sessions linking mail files to, 29-15
proxy, 2-7 closing, I-25 managing, 29-11, 29-21
recertifying, F-47 IMAP, 31-9, 31-19 moving mail files and, 29-21
registering, 3-29 opening, I-26 object store, 29-1
remote connections, 4-3, 4-34 SessionsClose command replicated mail files and, 29-19
removing from cluster, F-49 described, I-25 restoring, 29-23
renaming, F-68, F-87 SessionsOpen command security, 29-4
replicating groups of, 7-20 described, I-26 settings, C-100
restarting, A-23, C-96 Set Configuration command statistics, 29-13
secondary name, 2-44 described, A-25 troubleshooting, 63-39
setup address, C-99 troubleshooting, 63-91 using for transfer and
setup name, C-99 Set directory filename request, F-60 delivery, 29-8
SSL connections, 46-18 Set Rules command Shared mail databases
swap file, C-109 described, A-25 deleting, 29-24
time-out setting, C-96 Set SCOS command inactive, 29-2
topology, 4-6, 4-9 described, A-25 purging obsolete messages
tracing connections, 63-77 Set Secure command from, 29-22
troubleshooting mail described, A-26 setting up, 29-5, 29-9 to 29-11
routing, 63-43 Set Statistics command using multiple, 29-2
UNIX performance, 60-14 described, A-27 Shared_Mail setting
verifying public keys, 39-25 Set user name and enable schedule described, C-100
viewing health of, 54-14 agent request, F-61 Shell commands
Windows, performance, 60-13 Set Web admin fields using, A-3
Servers, external request, F-61 Shortcut keys
access levels for, 7-7 Set Web user name and enable for accessibility, H-1
Servers, partitioned scheduled agent, F-61 for cursor, H-8
SNMP and, 53-9 SetCalProfilecommand database, H-4
ServerTasks setting described, I-26 dialog box, H-5
described, B-2, C-97 SetContextStatus command document, H-6, H-7, H-8
ServerTasksAt setting, B-2 described, I-26 Domino Administrator, H-3
ServerTasksAt2 setting, 50-4 Setup policy settings properties box, H-5
ServerTasksAthour setting creating, 9-12 views, 58-21, H-10
described, C-98 Setup profiles Show Allports command
Service providers creating, 3-21 described, A-27 to A-28
Activity Logging silent, 3-25 Show Cluster command
for, 13-23 to 13-24 using, 3-22 described, A-29
and DNS outages, 14-11 Setup program. See Domino server Show Configuration command
Domino features for, 12-4 Setup setting described, A-29
environment example, 12-16 described, C-98 Show Directory command
Global Web Settings documents Setup=AT command described, A-30
for, 13-21 troubleshooting and, 63-48, 63-51 Show Diskspace command
mail and directory protocols SetupDB setting described, A-30
for, 12-13 described, C-99 Show Heartbeat command
managing users, 14-14 SetupServerAddress setting described, A-32
security for hosted described, C-99 Show Memory command
organizations, 12-3 SetupServerName setting described, A-32
server environment for, 12-1 described, C-99
Index-33
Show Opendatabases command Extended Directory sample, J-14
described, A-32 Catalog, 24-26 SMTP Listener task
Show Performance command increasing database, 61-23 enabling or disabling, 27-41
described, A-33 index, 50-3 starting and stopping, 28-57
Show Port command Java heap, C-46 to C-47 SMTP protocol
described, A-33 Java stack, C-48 DNS and, 26-25
Show Schedule command mail file, 28-11 Domino mail server and, 26-3
described, A-34 MIME message, C-40 mail routing and, 26-21, 27-37
Show SCOS command NSF buffer pool, C-73 SMTP routing
described, A-35 replica, 7-12, 63-87 configuring multiple relay
Show Server command Server Web Navigator hosts, 27-58
described, A-36 database, 36-16 customizing, 28-57
Show Stat command transaction log, C-113 relay hosts and, 27-33
described, A-37 SIZE extension SMTP Workload script
using, 52-28, J-4 enabling, 28-96, 28-103 to 28-104 described, 62-26
Show Stat Platform command Size quotas running, 62-28
described, A-38 database, 61-23 to 61-24 sample, J-14
using, 52-27 mail, 29-4, 28-10, 28-15 to 28-16, SMTP_Config_Update_Interval
Show Tasks command 28-28, 28-55 setting
described, A-39 Smart hosts described, C-102
Show Transactions command for mail routing, 27-5, 27-43 SMTPAllHostsExternal setting
described, A-39 SMIME_Strong_Algorithm setting described, C-101
Show Users command described, C-100 SMTPDebug setting
described, A-41 SMIME_Weak_Algorithm setting described, C-102
Show Xdir command described, C-101 SMTPDebugIO setting
described, A-41 SMTP described, C-103
directory assistance and, 23-60 activity logging, 57-10 SMTPExpandDNSBLStats setting
Signatures binding to an IP address, 2-47 described, C-103
described, 43-9 changing default port SMTPGreeting setting
sent mail and, 43-11 information described, C-104
Signing for, 28-58, 28-60, 28-66 SMTPMaxForRecipients setting
databases and templates, 48-7 IMAP clients and, 31-1 described, C-105
defined, 43-9 in local Internet domain, 27-39 SMTPMTA_Space_Repl_Char setting
documents and mail, 43-9 mail commands, I-25 described, C-105
dual Internet certificates requirements for routing, 28-2 SMTPNotesPort setting
and, 47-17 restricting inbound connections, described, C-104
Silent install 28-71, 28-75 SMTPNoVersionInRcvdHdr setting
UNIX, 3-7 setting up SSL server described, C-104
Single sign-on authentication, 47-22 SMTPRelayAllowHostsandDomains
configuring, 42-13 to 42-14, 42-18 setting up SSL server setting
configuring for a Web Site, 42-17 authentication for Notes and described, C-106
Domino and WebSphere, 42-12 Domino using, 28-68 SMTPSaveImportErrors setting
troubleshooting, 63-106 using inside the local Internet described, C-106
Single-copy object store. See Shared domain, 26-23 SMTPStrict821AddressSyntax setting
mail using outside the local Internet described, C-107
Site documents. See Internet Site domain, 26-24, 27-38 SMTPStrict821LineSyntax setting
documents SMTP addresses described, C-107
Site Profile document inbound lookup, 27-47 SMTPTimeoutMultiplier setting
creating, 8-9 SMTP configuration described, C-108
Size updating, 27-65 SMUX protocol
attachments, 7-14 SMTP connection documents and SNMP Agent, 53-14
Console Log file, C-16 creating, 27-34 Snap-in registry values
database, 61-12 to 61-13 SMTP Initialization Workload script configuring, G-3
database cache, 61-9, C-74 running, 62-27
Index-34
SNMP LDAP directories and, 23-43 Stamp command
Domino events, 53-4 LDAP lookups, 47-23 described, I-26
floating-point support, 53-7 LDAP service and, 20-12 Start Consolelog command
INI file configuratrion, 53-9 merging certificates, 46-9 described, A-43
MIB, 53-5 merging server certificates, 46-12 Start Port command
on partitioned servers, 53-9 NOTES.INI settings, 46-19 described, A-44
overview, 53-1 overview, 46-1 STARTTLS extension
security, 53-5 passwords, 42-3, 42-24 enabling for SMTP, 28-68
traps, 53-21 to 53-23 Person documents for client enabling for SMTP
troubleshooting, 53-10 authentication, 47-20 inbound, 28-96
using Domino MIB with, 53-21 resuming sessions, 46-19 Stash files
SNMP Agent server authentication and, 47-3 setting up for SSL, 46-5
alerts, 53-2 server authentication using Statistic alarms
Sockets SMTP, 47-22 reporting, 52-9
IPX/SPX addresses and, 2-62 server certificate request, 46-5 for Server Health Monitor, 54-10
SOCKS proxy server tasks, 46-1 Statistic Collector
connecting Server Web Navigator setting up clients for, 47-1 Tell commands, A-57
through, 36-3 setting up for Web Statistic Collector task
Soft deletions Navigator, 36-8 described, 52-24
defined, 61-8 setting up test site, 46-22 Statistic documents
effect on quotas, 28-14 virtual servers and, 3-42 creating, 52-32
expiration time, 61-8, F-70 SSL certificates Statistic event generator
Solaris client, 47-3, 47-21 creating, 52-9
configuring partitioned creating a Certificate Statistic profiles
servers, 2-51 Authority, 45-2 charting, 52-37
configuring SNMP Agent marking as trusted root, 46-21 creating, 52-31, 52-36
for, 53-14 publishing in Person modifying, 52-39
Soundex records, 47-21 Statistic thresholds
directory catalogs and, 24-30 removing trusted roots, 46-21 viewing, 52-32
Space Saver settings renewing, 46-21 Statistics
in Administration Requests viewing information, 46-20 Activity Trends, 54-22
database, 15-27 SSL ciphers Administration Process, 15-35
Spamming restricting, 46-23 charting, 54-16, 54-25, 52-36
preventing, 28-20, 28-70, 28-75, SSL key rings creating documents for, 52-32
28-90, C-101 creating a key ring and certificate database activity, 58-12
Spoofing request, 45-2 database archives and, 61-26
preventing, 28-71 creating a self-certified key database cache, 61-10
SPX. See IPX/SPX ring, 46-22 default thresholds, 52-32
SSL SSL server authentication directory assistance, 23-60
authenticating clients, 9-37, 28-60, setting up clients for, 47-3 exporting to spreadsheet, 52-34
31-2, 31-6, 46-25, SMTP, 28-96, 34-23, 47-22 LDAP service ports, 20-38
Certificate Authority server trusted root certificate for, 47-3 mail-in, 52-35
and, 45-5 SSL servers modifying, 52-32
client authentication, 47-18 protocol version, 46-15 monitoring, 52-24, 52-31
creating a self-certified key setting up application, 46-3 platform, 52-26, 52-28, 52-30
ring, 46-22 setting up on server, 46-2 for resource balancing, 54-46
database access for clients, 46-19 setting up test site, 46-22 Server Health
default Domino trusted SSL_Resumable_Sessions setting Monitor, 54-3, 54-13
roots, 46-11 described, C-109 Server.Load, 62-7
features, 46-1 SSL_Trace_KeyFileRead setting Set Statistics command, A-27
forcing connections, 46-18 described, C-109 setting preferences
in a hosted SSLCipherSpec setting for, 16-11, 52-25
environment, 12-4 to 12-13 described, C-108 shared mail, 29-13
Internet security and, 40-31 viewing, 52-28, 52-30, 52-32
Index-35
Windows NT Performance System and application templates Tell commands
Monitor, 17-23 table of, D-1 Administrator Process, A-46
Statistics Collector System mail rules Agent Manager, 63-12, A-47
overview, 52-1 setting, 28-20 CA process, A-48
Statistics reports Change Manager, A-50
viewing, 52-31 Cluster Replicator, A-51
Statlog task T described, A-45
database activity Tables Directory Cataloger, A-53
reporting, 58-11, C-72 forms and, 61-4 LDAP service, A-53
statistics, 58-12 Targets Router, 27-5, 27-22, A-54
user activity reporting, 58-13 extended ACL, 25-12 to 25-14, Schedule Manager, A-55
STH files 25-17, 25-30 SMTP, 27-65, A-56
setting up for SSL, 46-5 Task status event generator Statistic Collector, A-57
Stop Consolelog command creating, 52-10 troubleshooting, 63-91
described, A-44 TCP server event generator Web Navigator, A-57
Stop Port command creating, 52-11 Web Server, A-57
described, A-44 TCP/IP Telnet
Stop triggers Domino Internet services and UNIX installation, 3-5
setting, 52-22 and, 2-47 Temp_Index_Max_Doc setting
Storage format, mail file frame types, 63-68 described, C-111
setting for IMAP importance of Notes port Templates
users, 31-3, 31-23, 31-35 order, 2-45 Domino Off-Line Services, 3-11
setting for POP3 users, 30-7 IPv6 standard, 2-25, 2-45 signing, 48-7
Store CA policy information in multiple IP addresses for system and application, D-1
Domino Directory servers, 2-12, 2-19, 2-22 updating databases with, 58-24
request, F-62 name resolution in, 2-15 Temporary directory
Store certificate in Domino or LDAP name resolution in NRPC, 2-11, changing for view
directory request, F-62 2-16 to 2-17, 2-19, 2-22 rebuilding, 58-22
Store Certificate Revocation List in Notes port for, 2-34 to 2-36, 2-38, Terminated users
Domino or LDAP directory 2-39 to 2-42, 2-46 deleting from system, 40-23
request, F-63 NOTES.INI settings, 2-64 Terminations group
Store directory type in server record partitioned servers and, 2-21 adding names to, 40-6
request, F-63 passwords, 42-3, 42-24 creating, 6-8
Store server’s DNS host name in planning server Text
Server record request, F-64 configurations, 2-10 in Server Web Navigator, 36-12
Structural object classes port mapping, 2-53, 63-78 Text files
described, 21-2 port numbers, 2-55 for Domino Web server log, 56-10
Subjects redirect to SSL, 31-7, 46-18 redirecting command output
extended ACL, 25-9, 25-17 Secondary name servers, 2-44 to, A-2
Subscriptions, offline security, 2-9 setting up for registration, 5-23
overview, 11-1 setting up servers Third-party relays
SwapPath setting on, 2-19, 2-32, 2-43 defined, 28-76
described, C-109 testing, 2-56 Threads
Synchronization time-out setting, 2-45 DIIOP and, 34-11
enabling, 17-27 troubleshooting, 63-56, 63-107 IMAP service, 31-19
Notes and Windows 2000 TCP/IPportname_PortMappingNN transfer, 28-33, 28-36
users, 17-25, 17-38 setting Web server, 34-55
Notes and Windows NT described, C-110 Threads, Administration Process
users, 17-1 to 17-3, 17-5 TCP/IPportname_TCPIPAddress changing number of, 15-29
Syntaxes setting Time zones
adding to schema, 21-15 described, C-111 and replication, 7-24
LDAP, 21-2, 21-4 TCP_EnableIPV6 setting Time-out settings
System administrators, 38-8 described, C-110 IMAP service, 31-9
LDAP service, 20-28
Index-36
message, 28-37 setting up, 55-5 mail routing, 63-36
server, C-96 settings, 55-7 meeting and resource
SMTP, C-108 shared mail and, 29-3 scheduing, 63-45
specifying for Web, 34-53 troubleshooting, 63-102 modems, 63-48
TCP/IP, 2-45 using, 55-3 Network dialup
TimeZone setting Transactions connections, 63-74
described, C-112 disabling, A-22, A-44 NOTES.INI, 63-43
Titles Transfer failures NRPC, 63-55
replication and, 63-87 non-delivery reports and, 28-37 NSD log files and, 63-101
window, C-120 Transfer threads partitioned servers, 63-78
TLS (Transport Layer Security) setting maximum number Passthru connections, 63-79
for SSL, 28-68 between servers, 60-11, Personal Address Book, 63-42
Tools specifying messages to platform statistics, 63-52
Active Directory Domino journal, 28-36 remote connections, 63-48
Upgrade Service, 17-25 Transferring messages replication, 63-80
administration, 16-16 to 16-17 controlling, 28-26 server access, 63-91
Agent log, 63-13 using shared mail, 29-8 server crashes, 63-96
for troubleshooting, 63-2 Transform file Server.Load, 63-110
monitoring servers and, 52-1 creating, 5-47 shared mail, 63-44
server performance, 60-2 Transform files SNMP, 53-10
Topology applying, 5-50 tools, 63-2, 63-57
creating a passthru, 4-25 for end-user installations, 5-50 transaction logging, 63-102
replication and, 4-8 installation options with, 5-49 Web Administrator, 63-104
Topology maps task TRANSLOG_MaxSize setting Web client authentication, 63-21
starting, 7-34 described, C-113 Web Navigator, 63-104
update frequency, C-112 TRANSLOG_Path setting Web servers, 63-104
Topology_WorkInterval setting described, C-113 workstation setup, 63-42
described, C-112 TRANSLOG_Performance setting Trusted naming rules
Trace command described, C-113 directory assistance and, 23-14
described, A-59 TRANSLOG_Status setting Trusted root certificates
TRACERT command described, C-114 accepting server CA’s
using for TCP/IP, 63-67 TRANSLOG_Style setting certificate, 46-9
Tracing described, C-114 default Domino SSL, 46-11
mail, 63-2 TRANSLOG_UseAll setting removing, 46-21
network connections, 63-77 described, C-115 SSL authentication and, 47-3
passthru connections, 63-79 Troubleshooting viewing information, 46-20
Tracking messages Administration Type-ahead addressing
configuring the server for, 33-8 Process, 63-8, 63-11 condensed directory catalogs
from the Domino Agent Manager and agents, 63-12 and, 24-29
Administrator, 33-10 Certificate Authority, 63-101 disabling, 28-6
Mail Tracking Collector task, 33-5 database corruption, 58-26 troubleshooting, 63-27
overview, 33-1 database performance, 63-16
Transaction logging Directories, 63-21
database changes, 58-25 Directory assistance, 63-21 U
disabling, 55-8 Directory catalogs, 63-25 Undeliverable mail
disk space and, C-115, 55-8 disk space problems, 63-86 generating non-delivery reports
enabling, C-114 Domino, 63-1 for, 28-37
log location, C-113 Domino SNMP Agent, 53-24 holding in
log size, C-113 extended ACLs, 25-30, 63-34 MAIL.BOX, 28-40 to 28-41
logging style, C-114 Fixup task, 58-26 Unicode
overview, 55-1 IPX/SPX, 63-70 LDAP service and, 20-3
performance, C-113 LDAP service, 63-31 Unit numbers
planning for, 55-4 Location documents, 63-42 NetBIOS ports and, 2-58
recovery, 14-11, 55-9 Lotus Support Services and, 63-4
Index-37
UNIX retrieving information from, I-28 explained, 5-2
accessing the server console, A-8 troubleshooting, 63-108 from a text file, 5-22
directory for entering UseFontMapper setting Internet-only users, 5-37
commands, 3-2 described, C-117 non-Notes users, 5-37
installation on, 3-4 User accounts roaming, 5-13
server performance, 60-14 creating in Windows NT, 17-12 types of, 5-7
Unread command deleting, 17-22 Web, 5-8, 5-27, 5-31
described, I-27 User activity User rules mail forwarding
Unread marks reporting, 58-13 disabling, 28-9
allowing IMAP users to change statistics, 58-11 User types
other users’, 31-17 User authentication assigning to ACL, 40-19
performance and, 61-3, 63-18 registering Internet/intranet Users
setting, I-27 users, 42-3 access levels, 40-1, 40-11
Unwanted commercial e-mail User IDs anonymous, 40-8
preventing, 28-20, 28-70, adding alternate name, 5-40 configuring for TCP/IP, 2-44
28-75, 28-90 defined, 39-1 managing, 5-54
Updall task passwords, 39-4 migrating from external mail
commands, 58-16 recertifying, 5-82 system or directory, 5-8
indexes, 58-15 security and, 39-25 recertifying, F-48
options, 58-16 User information registering, 5-2, 16-25,
running, 58-19 synchronizing in Notes and 17-33, 17-35
scheduling, 50-4 to 50-5 Windows NT, 17-1 renaming, 17-41, F-51, F-84
Update client information in Person User Management, 5-54 restricting in clusters, 60-6
record, F-64 User name failures terminated, 40-6
Update command customizing message for, 28-46 UTF-8
described, I-27 User names LDAP service and, 20-32
Update Config command, 27-65 aliases, 40-7 UTF-8 locale
described, 27-22 categorizing by corporate in a hosted environment, 13-8
Update task hierarchy, 19-13 to 19-14
directory indexer, 58-15 changing, 5-56
indexes, 58-14 deleting, 5-73, 17-42 V
running, 58-21 deleting with Web Validation, 38-1
Update user from non-roaming to Administrator, 5-75 Internet/intranet
roaming user editing, 40-23 clients, 42-27
administration requests, F-66 finding in domains, 5-85, F-29 Verbose logging
Update_No_BRP_Files setting moving in the organization name mail, 28-7
described, C-115 hierarchy, 5-61 Web servers, C-119 to C-120
Update_No_Fulltext setting renaming, 5-57, 5-61 VeriSign
described, C-115 upgrading from flat to trusted root, 46-11
Update_Suppression_Limit setting hierarchical, 5-67 Version numbers
described, C-116 Web, 40-30 identifying, C-98
Update_Suppression_Time setting wildcards in, 40-4 View indexes
described, C-116 User Preferences updating, 58-14
Updaters setting troubleshooting, 63-42 View_Rebuild_Dir setting
described, C-116 User registration described, C-119
UpgradeApps setting Advanced, 5-13 ViewExpnumber setting
described, C-117 Advanced from the Web described, C-118
URLs, 34-3 Administrator, 5-31 ViewImpnumber setting
categorizing for Domain alternate names, 5-41 described, C-118
Search, 10-21 Basic, 5-11 Views
in Server Web Navigator, 36-12 Basic from the Web adding documents, J-1
mailed to SSL server Administrator, 5-28 Administration Requests
administrators, 45-4 customizing, 5-4 database, 15-19
redirecting, 34-27 default settings, 5-9 Close command, I-8
Index-38
creating, 40-17 service providers and, 16-26 Web servers, 34-1, 34-26
customizing in Domino setting preferences, 16-24 activity logging, 57-4
Directory, E-2, E-5 signing out, 16-27 creating links on, 49-1
in Server Web Navigator starting, 16-22 creating secure Web
database, 36-12 troubleshooting, 63-108 applications, 34-3
keyboard shortcuts for, 58-21 using, 16-17, 16-23 features, 34-2
logging, 55-9 Web applications interactive Web applications, 34-3
navigating, I-10 enabling for offline listing files on, 63-105
opening, I-20 use, 11-1 to 11-2 logging, 56-8
performance and, 63-18 replicating, 11-22 performance, 34-52 to 34-56
purging database, 58-23 Web browsers processing requests, 34-55
rebuilding, 58-22, C-119 controlling access from, 38-23 running Web agents on, 34-54
searching in, I-11 restricting access to links, 49-4 security, 34-9
shortcut keys, H-10 Web client authentication setting Domino to work
troubleshooting, 63-42, 63-99 restricting, 42-19 with, 35-1
updating, J-3, I-16 troubleshooting, 63-21 setting up logging, 56-9
Virtual servers Web Idle Workload script Tell commands, A-57
Web site hosting, 34-17 described, 62-30 troubleshooting, 63-104
Virtual Web servers running, 62-30 Web application
partitioned servers and, 2-49 sample, J-15 development, 34-3
security, 3-42 Web mail files Web set soft deletion expire time
Viruses delegating access to, F-10 request, F-70
protection against, C-71 Web Mail Initialization Workload Web Site authentication realm
script creating, 34-45
sample, J-15 described, 34-45
W Web Mail Workload script Web Site Authentication Realm
WANs described, 62-31 document
integrating Domino with, 2-2 running, 62-34 defined, 34-45
network compression sample, J-16 Web Site documents
and, 2-42 Web Navigator configuring for hosted
Web changing appearance of organization, 13-20
access levels, 40-13 pages, 36-12 creating, 34-17
anonymous users, 40-8 customizing, 36-6, 36-11 DOLS and, 3-12
restricting amount of data described, 36-1, 36-10 file protection and, 34-42
sent, 34-29 displaying authors, 36-12 in a hosted environment, 13-18
Web access managing size of, 36-16 language preferences, 34-31
improving, 60-10 moving out of data setting up session authentication
Web Administrator directory, 36-14 for, 34-23
access, 16-18, 16-20 renaming, 36-14 Web Site Rule documents
configuring, 16-17 setting cache options, 36-18 creating, 34-38
creating groups with, 6-4 starting and stopping, 36-3 described, 13-19, 34-34
Domino Console, Domino Tell commands, A-57 in a hosted environment, 13-21
Controller and, 16-28 troubleshooting, 63-107 Web sites, 34-38, 34-42
entering server commands, A-1 Web Navigator SSL authentication
in a hosted setting up, 36-8 and, 34-23, 34-45
environment, 14-15 to 14-16 Web pages controlling access to, 36-6
managing policies, 16-25 mailto, 36-9 hosting, 34-17
managing the ACL with, 40-24 rated, 36-19 Lotus Support Services, 63-4
message tracking, 16-27 retrieving with Web multiple, on a server
re-creating database, 63-109 Navigator, 36-1 partition, 2-49, 34-20
registering users, 16-25, 5-27, 5-31 updating for Server Web Web task
remote console, 16-26, A-7 Navigator, 36-18 Server Web Navigator
resizing and, 63-109 Web server messages, 34-48 and, 36-3
roles, 16-20 to 16-21 customizing, 34-48, 34-50 to 34-51 troubleshooting, 63-108
Index-39
Web tours synchronizing with Notes xSP servers
Web Navigator users, 17-25 Activity Logging
database, 36-11 Unit/LANA numbers for for, 13-23 to 13-24
Web user NetBIOS ports, 2-59 applications on, 12-15
registering, 5-8 Windows NT binding IP addresses to, 13-16
Web user preferences, 34-30 adding groups to configuring, 12-5, 12-9
cookies, 34-30 Notes, 17-16, 17-20 Domino features for, 12-4
regional settings, 34-30 configuring partitioned example, 12-16
Web users servers, 2-52 for hosted environments, 12-1
authenticating, 40-7 ensuring name resolves on, 2-29 installation options, 12-2
controlling access, 40-30 improving server installing, 13-2
renaming, 5-66 performance, 60-13 mail protocols on, 12-13
WEB.NSF name resolution, 2-15, 2-22 opening databases on, 13-8
renaming, 36-14 registering users in securing, 12-3
WEBADMIN.NSF Notes, 17-1, 17-8, 17-12, 17-14 setting up environment for, 13-1
configuring, 16-17 renaming user accounts with
securing, 16-18 Domino, 5-57
WebAuth_Verbose_Trace setting synchronizing with Z
described, C-119 Notes, 17-2, 17-3 zOS
WebDAV, 34-15, 34-22 synchronizing with Notes configuring SNMP Agent
setting up, 34-15, 34-17 users, 5-62, 17-5 for, 53-17
WebGet command Unit/LANA numbers for
described, I-28 NetBIOS ports, 2-59
WebSess_Verbose_Trace setting Windows NT Performance Monitor
described, C-120 viewing statistics with, 17-23
troubleshooting with, 63-106 Windows NT User Manager
WebSphere plug-ins deleting user accounts with, 17-22
installing on IIS servers, 35-4 setting up, 17-1, 17-3
Welcome Page WinInfoboxPos setting
creating, 5-87 described, C-120
Wide-area networks. See WANs WinSysFontnumber setting
Wildcard searches described, C-121
LDAP service, 20-28 Workload balancing
Window_Title setting clusters and, 60-4
described, C-120 servers and, 60-2
Windows Workstations
configuring SNMP Agent ECL, 41-1
for, 53-11 mail routing errors and, 63-42
directory for entering troubleshooting, 63-92
commands, 3-2 www.lotus.com/support
installation on, 3-3 searching, 63-4
running Server Setup program
on, 3-18
system fonts, C-121 X
Windows 2000 X.PC network
configuring partitioned compression and, 2-42
servers, 2-52 XACLs. See Extended ACLs
ensuring name resolves on, 2-29 x-headers
improving server adding to outbound Internet
performance, 60-13 mail, 28-134
name resolution, 2-15, 2-22 XPC_Console setting
registering existing users, 17-35 described, C-121
registering new users, 17-33
Index-40