Questions

Sure. These are questions I also get asked at interviews (i'm a notes contractor) 1. If mail isn't routing, what can you do? Step1: I will get a copy of delivery Failure from the sender Step 2: Send a mail trace to that address Step 3; Mail routing topology maps Mail routing topology maps are useful to track mail routing problems between servers. 1. From the Domino Administrator, click the Messaging - Mail tab. 2. Choose one: Mail routing topology by connections Mail routing topology by named networks Undelivered mail From the Domino Administrator, click the Messaging - Mail tab, then select Mail routing status. You can also check for undelivered mail in the mail routing events view in the log file (LOG.NSF). 2. If replication between....isn't working, what can you do?
2. How to troubleshoot replication issues Data base replication errors can be common, but can also be very frustrating to correct. Suggestions for troubleshooting replication problem include: • • • Make sure the DB's are sharing the same replica ID's. Check the Domino Log database for possible errors that are occurring. Check for the DB replication history to find last successfully replicated and to determine when the problem started. Check the connection documents for the servers. Make sure Replication task are enabled & also in the database properties. Cross check replication scheduled is properly defined. Check for the DB ACL's which allows replication between the DB's Make sure sever has sufficient disk space to allow the DB's to add the documents.

• • • • •

3. Tell me about Notes security. User Authentication : This is a process in which Notes client and domino serveruse to validate each other when a client tries to access the domino server Server Security: This controls the access the domino server, server access is controlled by a server access list on the domino server Database Security: This controls the acess to the database on the domino server 4. What's in a Notes id?
27. Notes ID file contain

• • • • • • •

User Name Password Certifier Information Certifier Duration Public Key Private Key Secrete Key

administration server The server that you assign to apply Administration Process updates to a primary replica. 5. What is a replication and Save conflict? Save conflicts A save conflict occurs when two or more users open and edit the same document at the same time on the same server, even if they're editing different fields. When this situation occurs, the first document saved becomes the main document Replication conflicts A replication conflict occurs when two or more users edit the same document and save the changes in different replicas between replications

1. What is stored in a Notes ID • • The Owner's name - A user ID File may also contain one alternative name A Permanent license number- This number indicates that the owner is legal and specifies whether the owner has a North American or International license to run Domino or Notes.

At least one Notes certificate from the certifier ID - which is a Digital signature added to a user ID or Server ID. This generates from the private key of the certifier ID. A Private key- Notes uses private key to sign messages sent by the owner of the provate key and to decrypt messages sent to its owner. Internet certificates (optional) - An Internet certificate is used to secure SSL connections and encrypt and sign S/MIME mail messages. One or more secret encryption keys (optional) - Encryption keys are created and distributed by users to allow other users to encrypt and decrypt fields in a document.

3. Difference between North American and international certifiers

All Notes IDs contain two public/private key pairs. Prior to 5.0.4, key lengths were restricted for the purposes of encrypting data, but not for authentication or signing. Anything over 512-bit RSA key and 56-bit symmetric key was considered strong encryption and was not allowed for export by the U.S. Government. Customers were required to order and choose among kits of different cryptographic strengths. With the relaxation of US government regulations on the export of cryptography, the Domino server and the Domino Administrator, Domino Designer, and Lotus Notes client products have consolidated all previous encryption strengths -- North American, International, and France -- into one strong encryption level resulting in a single "Global" release of the products. The Global release adopts the encryption characteristics previously known as North American. Strong encryption in Global products can be used worldwide, except in countries whose import laws prohibit it, or except in those countries to which the export of goods and services is prohibited by the U.S. government. Customers are no longer required to order Notes software according to cryptographic strength. 4. Global Domain Doc, Foreign domain doc, Foreign SMTP Domino Doc Domains are defined by creating Domain documents. Multiple documents types are available based on the requirements needed to route mail. The Following types of documents are available.

• •

Adjacent domain document- this document is used to route mail between servers that are not in the same Notes named network. Nonadjacent domain document- This document servers three functions:    Supplies next-hop routing information to route mail Prohibits mail from routing to the domain Provides Calendar server synchronization between two domains

• •

Foreign Domain Document-This document is used for connections between external applications. A typical application used is a fax or pager gateway. Foreign SMTP Domain Document-This document is used to route Internet mail when the server does not have explicit DNS access.

Global Domain document- this document is used to route mail to Internet domains. Configuration information regarding message conversion rules are defined in the document.

5. SMTP Incoming and outgoing configurations Setting up a Domino server as an SMTP server consists of enabling two separate tasks: a listener task and a routing task. Enabling the SMTP Listener allows a server to receive mail over SMTP. Enabling SMTP routing lets the Domino Router send mail to other servers using SMTP. You enable SMTP routing to destinations within the local Internet domain separately from SMTP routing to external destinations. It's also possible to enable SMTP routing on a server without enabling the Listener task, and vice-versa. For example, to support POP3 and IMAP clients, which use SMTP to send mail, you must have at least one internal server running the SMTP Listener task. However, the server does not have to use SMTP when transferring messages it receives over SMTP to the next hop on the routing path. After the server has accepted a message over SMTP, it can use Notes routing to transfer the message to other servers. Configurations check the Administration Help files.

6. Replication types in connection doc Replication Type: Four Different types of replication exist. The type you choose affects the direction of replication as well as which of the servers performs the work of the replication. Pull Pull: Replication is bidirectional, whereby the source server initiates replication and pulls documents from the target server. The source server then signals the target server's Replica task to pull documents in the opposite direction. Both servers are involved in the replication. Pull Push (Default): Replication is bidirectional, whereby the source serves’s replica task performs all of the work, pushing and pulling documents to and from the target server. The target server's Replica task is never engaged. Pull Only: Replication is one-way, whereby the source server pulls documents from the target. Push Only: Replication is one-way, whereby the source server pushes documents to the target. 9. Router types in connection doc Router Type: There are four options in the router type: Pull: This type of router can route in one direction, pulls from source server. Push: This type of router can route in one direction, Pushes from the source server. Pull Push: This Type of router can trigger two-way routing; router on the originating server pushes mail to the destination server and then triggers the destination server to route mail back again.

Push Wait: This Type of router can trigger two-way routing; the source server first pushes to the target server and then waits to receive a connection from the target. This is usually used between servers with dialup connections. 7. Partitioned servers advantages and explanation Partitioned servers In partition server Environment, all Partitions share the same domino program directory and each partition has its own Domino data directory & notes.ini Using Domino server partitioning, you can run multiple instances of the Domino server on a single computer. By doing so, you reduce hardware expenses and minimize the number of computers to administer because, instead of purchasing multiple small computers to run Domino servers that might not take advantage of the resources available to them, you can purchase a single, more powerful computer and run multiple instances of the Domino server on that single machine. On a Domino partitioned server, all partitions share the same Domino program directory, and thus share one set of Domino executable files. However, each partition has its own Domino data directory and NOTES.INI file; thus each has its own copy of the Domino Directory and other administrative databases. If one partition shuts down, the others continue to run. If a partition encounters a fatal error, Domino's fault recovery feature restarts only that partition, not the entire computer. Partitioned servers can provide the scalability you need while also providing security. As your system grows, you can migrate users from a partition to a separate server. A partitioned server can also be a member of a cluster if you require high availability of databases. Security for a partitioned server is the same as for a single server. When you set up a partitioned server, you must run the same version of Domino on each partition. However, if the server runs on UNIX®, there is an alternative means to run multiple instances of Domino on the server: on UNIX, you can run different versions of Domino on a single computer, each version with its own program directory. You can even run multiple instances of each version by installing it as a Domino partitioned server. 8. Web server: Realm doc, Web site doc, Web agents, SSO, Gzip etc Web Server: A Domino server is considered to be a web server when it is running the HTTP task. the HTTP task can be started automatically by adding it to the Server Tasks= line in the server's Notes.ini file, or by issuing the Load HTTP Command at the server console.

9. Sign, encryption, public key, private key concepts For all types of encryption except network port encryption, Domino uses public and private keys so that data encrypted by one of the keys can be decrypted only by the other. The public and private keys are mathematically related and uniquely identify the user. Both are stored in the ID file. Within the ID file, the public key is stored in a certificate, but the private key is stored separately from the certificate. The certificate containing the public key is also stored in the Domino Directory, where it is available to other users.

Domino uses two types of public and private keys -- Notes and Internet. You use the Notes public key to encrypt fields, documents, databases, and messages sent to other Notes users, while the Notes private key is used for decryption. Similarly, you use the Internet public key for S/MIME encryption and the Internet private key for S/MIME decryption. For both Notes and Internet key pairs, electronic signatures are created with private keys and verified with public keys. When you register a user, Domino automatically creates a Notes certificate, which contains the user's public keys, and adds it to the ID file and the Domino Directory. The private key is created and stored in the ID file. You can also create Internet public and private keys after user registration. Domino stores Internet certificates, which contain public keys, in the ID file and also in the Domino Directory. The Internet private key is stored in the ID file, separately from the certificate. To create Notes public and private keys, Domino uses the dual-key RSA Cryptosystem and the RC2 and RC4 algorithms for encryption. To create the Internet public key, Domino uses the x.509 certificate format, which is an industry-standard format that many applications, including Domino, understand. Both the Notes client and Domino server support 1024-bit RSA key and 128-bit symmetric key for S/MIME and SSL. The Notes proprietary protocols use a 630-bit key for key exchange, and a 64-bit symmetric key.

10. ACLlevels and privileges Every database includes an access control list (ACL), which Notes uses to determine the level of access users and servers have to a database. Levels assigned to users determine the tasks that users can perform on a database. Levels assigned to servers determine what information within the database the servers can replicate. Only someone with Manager access can modify the ACL. The Designer and Manager of the database can coordinate to create one or more roles to refine access to particular views, forms, sections, or fields of a database. For details on using the Access Control List in databases that you manage or design, see Lotus Domino Designer 6 Help. ACLs apply only to databases stored on servers, not databases stored locally. If you make a change to a local database and replicate the database up to the server, replication honors the level of access you have in the ACL on the server. For example, if you have Reader access to a database on a server and you add new documents to your local replica of the database, your new documents will not get added to the database when you replicate the local replica up to the server again. Reader access does not allow you to create new documents. However, it is possible for database designers to enforce a consistent ACL across all replicas of a database, so even local databases would honor the ACL. Access levels for a database To change an access level for a user, you must have Manager access to the database. Access level Manager Allows users to Delete the database Encrypt the database Modify replication settings Modify the database ACL Assign to Two people who are responsible for the database. If one person is absent, the other can manage the database.

Perform all tasks allowed by lower access levels Designer Create a full-text search index Modify all database design elements (fields, forms, views, public agents, the database icon, Using This Database document, and About This Database document) Perform all tasks allowed by lower access levels Editor Create documents Edit all documents, including those created by others Read all documents unless there is a Readers field in the form (you can't edit a document if you can't read it) Author Create documents Users who need to contribute documents to a database. Any user allowed to create and edit documents in a database. A database designer and/or the person responsible for future design updates.

Note Author access, Edit the documents where there is an by default, does not Authors field in the document and the user When possible, use Author access include the access is specified in the Authors field rather than Editor access to reduce level option "Create Replication or Save Conflicts. documents." When Read all documents unless there is a Readers you assign Author field in the form access to a user or server, you must also specify the "Create documents" access level privilege. Reader Note Reader access lets you read all documents unless there is a Readers field in the form. Then you can read a document only if your name is listed in the Readers field on the form. Depositor Create documents Read documents Users who only need to read documents in a database, but not create or edit documents.

Users who only need to contribute documents, but who do not need to read or edit their own or other users' documents. For example, use Depositor access for a ballot box application.

No Access

None, with the exception of options to "Read public documents" and "Write public documents"

Terminated users, who do not need access to the database, or users who have access on a special basis. Also, users who do not need access but are part of a group that does have access. Should be assigned as the default access to prevent most users from accessing a confidential database.

Additional privileges in the access control list A person with Manager access to a database can select an access level for each person, group, and server and can then enhance or restrict this level as needed by selecting or deselecting the additional privileges within the access level. Depending on the access level, some of the following optional privileges are available for you to select or deselect when giving a user access to your database. Optional privilege Create documents When to select/deselect it Select this option for all users with Author access. Deselect this option to prevent Authors from adding any more documents. They can continue to read and edit documents they've already created. Delete documents Deselect this option if you don't want a user to delete documents, no matter what the access level. Authors can delete only documents they create. If the document contains an Authors field, Authors can delete documents only if their name, a group, or a role that contains their name appears in the Authors field. A user can run agents that perform tasks allowed by the user's assigned access level in the ACL only. Private agents on server databases take up disk space and processing time on the server, so you may want to deselect this option to prevent users from creating private agents. Note Whether or not a user can run agents depends on the access set by the Domino administrator in the Agents Restrictions section of the Server document in the Domino Directory. If you select "Create LotusScript/Java agents" for a name in the ACL, the Server document controls whether or not the user can run the agent on the server. Create personal folders/views Personal folders and views created on a server are more secure than those created locally, and they are available on multiple servers. Administrative agents can operate only on folders and views stored on a server. Deselect this option to prevent users from creating folders and views on a server, which saves disk space on the server. They can still create folders and views locally. Create shared folders/views Deselect this option to maintain tighter control over database design. Otherwise, a user assigned this privilege can create folders and views that are visible to others.

Create private agents

Create LotusScript/Java agents LotusScript and Java agents on server databases can take up significant server processing time, so you may want to restrict which users can run

them. Note Whether or not a user can run agents depends on the access set by the Domino administrator in the Agents Restrictions section of the Server document in the Domino Directory. If you select "Create LotusScript/Java agents" for a name in the ACL, the Server document controls whether or not the user can run the agent on the server. Read public documents Select this option to allow users to read documents or see views and folders designated as "Available to Public Access users," an option in the Security tab of the Forms, Views, and Folders Properties dialog boxes. This option lets you give users with No Access or Depositor access the ability to view specific documents, forms, views, and folders without giving them Reader access. In addition, documents that you want available to public access users must contain a field called $PublicAccess. The $PublicAccess field should be a text field, and its value should be equal to one. For information about how this privilege applies to mail templates and for information on creating forms, views, and agents, see Lotus Domino Designer 6 Help. Write public documents Select this option to allow users to create and modify documents with forms designated as "Available to Public Access users" in the Security tab of the Form Properties dialog box. This option lets you give users create and edit access to specific documents without giving them Author access, or an equivalent role, and gives users access to create documents from any form in a database. Select this privilege to allow users to replicate or copy the database, or documents from the database, locally or to the clipboard.

Replicate or copy documents

11. ECL concept. Check the article “Understanding Lotus Notes Security & Execution Control List (ECL) settings 12. What is a Domino cluster & Clustering requirements? A Domino cluster is a group of two or more servers that provides users with constant access to data, balances the workload between servers, improves server performance, and maintains performance when you increase the size of your enterprise. The servers in a cluster contain replicas of databases that you want to be readily available to users at all times. If a user tries to access a database on a cluster server that is not available, Domino opens a replica of that database on a different cluster server, if a replica is available. Domino continuously synchronizes databases so that whichever replica a user opens, the information is always the same. IBM Lotus Notes® clients can access all Domino cluster servers. HTTP clients (Internet browsers) can access only Domino Web servers in a Domino cluster. Clustering requirements Server requirements

All servers in a cluster must run one of the following: the Lotus Domino 6 Enterprise server, the Lotus Domino 6 Utility server, the Domino Release 5 or Domino Release 4.62 Enterprise server, or the Domino Release 4.6 or Domino Release 4.5 Advanced Services server. Note Earlier releases of Domino do not have access to features that are new in Domino 6.

• • • •

• • •

All servers in a cluster must be connected using a high-speed local area network (LAN) or a high-speed wide area network (WAN). You can also set up a private LAN for cluster traffic. All servers in a cluster must use TCP/IP and be on the same Notes named network All servers in a cluster must be in the same Domino domain and share a common Domino Directory. You must specify an administration server for the Domino Directory in the domain that contains the cluster. If you do not specify an administration server, the Administration Process cannot change cluster membership. The administration server does not have to be a member of a cluster. Each server in the cluster must have a hierarchical server ID. If any servers have flat IDs, you must convert them to hierarchical IDs to use them in a cluster. A server can be a member of only one cluster at a time. Each server must have adequate disk space to function as a cluster member. Because clusters usually require more database replicas, servers in clusters require more disk space than UN clustered servers. Each server must have adequate processing power and memory capacity. In general, clustered servers require more computer power than un clustered servers

13. How to troubleshoot the clustering problems. This section addresses some problem that may occur related to domino clusters. Problems that may occur can be related to authentication, database replication, or failover in the event of a server outage. When troubleshooting clustering problem, follow these steps. 1. Make sure that the Cluster Replicator task is running on all of the servers in the cluster. 2. Ensure that the database exits on all servers in the cluster and that the replica ID's are same. 3. Check the log files to see if errors are occurring related to the replication task. Check to see if there is an excessive amount of replication requests queued that may hint at a server performance issue. 4. Examine the cluster Database Directory and make sure that the databases are enabled for replication. 5. Make sure there is only one copy of the database on each cluster. 6. Verify that the ACL's in the database are set correctly to allow servers to communicate. The User Type for servers must be set to server or server group. 7. Check the server documents on all servers in the cluster and make sure that each server is assigned a valid, unique IP address and that all IP addresses related to the cluster Manager are defined properly. 8. Verify that all servers in the cluster are running.

14. How to troubleshoot the Partitioning problems Typical problem that can appear when running Domino on a partitioned serer include partitions in use and communication infrastructure/Setup issues. Here are some guidelines for troubleshooting partitioning problems. • Only one server can be running per partition. If an error occurs stating that a partition is already in use, verify that a server process is not already running on the server. A server reboot may be requried to correct this issue. Verify that the server is running in the event that users are receiving an error that the server is unreachable. If a port-mapping server is sharing the same network card as the destination server, make sure that the server is running. Verify that information in the notes.ini file related to port-mapping is set up correctly. Verify that all the information related to the communications set up for the server is correct in the Domino Directory.

• •

15. What is Update, Updall, Fixup, Compact Update The Purpose of Update is to update a database's view indexes. Update runs automatically when the server is started and continues to run while the server is up. Update waits about 15 minutes before processing the database so that all changes in the database are finished processing. When the views are updated, it then searches the domain for databases set for immediate or scheduled hourly index update. When Update finds a corrupted view or Full-text index, it rebuilds the full-text index and tries to solve the issue. Update (a, b, c) Where: a -- Number of documents to be updated. If 'a' is not specified, one document is updated. b -- New size of the summary item "Subject" (optional; default is ""). If 'b' is not specified, the length of the summary data is a uniform random number between 1 and 100 bytes. c -- Length of non-summary item "Body" (optional; defaults to ""). If 'c' is not specified, the length of the non-summary data is a uniform random number between 100 and 300 bytes. Updall Updall is used to rebuild corrupted views and full-text index searches, as Update does, and has various options that can be defined when launched by using a software switch. Updall is executed by default at 2:00 a.m. and, unlike Update, can be run manually. Deletion stubs are removed, and views that haven't been used for 45 days are deleted unless they are protected by the database designer. Setting the parameter Default_Index_Lifetime_Days in the Notes.ini file enables an administrator to determine when Updall removed unused views.

Use this syntax when you use the Load updall console command: Load updall databasepath options For example: Load updall SALES.NSF -F You can specify multiple options -- for example: Load updall -F –M Updall - Basic options Option in Task - Start tool Index all databases Index only this database or folder Command-line option databasepath For more information on databasepath, see the topic "Using a console command" later in this chapter. database -T viewtitle Description "Only this database" updates only the specified database. To update a database in the Domino data folder, enter the file name, for example, SALES.NSF. To update databases in a folder within the data folder, specify the database path relative to the data folder, for example, DOC\README.NSF. "Index all databases" (or no database path) updates all databases on the server. Updates a specific view in a database. Use, for example, with -R to solve corruption problems.

Update this view only

Updall - Update options Option in Task - Start tool Update: All built views Update: Full text indexes Update: Full text indexes: Only those with frequency set to: Immediate Update: Full text indexes: Only those with frequency set to: Immediate or Hourly Update: Full text indexes: Only those with frequency set to: Immediate or Hourly or Daily Updall - Rebuild options

Command-line option -V -F -H

Description Updates built views and does not update fulltext indexes. Updates full-text indexes and does not update views. Updates full-text indexes assigned "Immediate" as an update frequency.

-M

Updates full-text indexes assigned "Immediate" or "Hourly" as an update frequency. Updates full-text indexes assigned "Immediate," "Hourly," or "Daily" as an update frequency.

-L

Option in Task - Start tool Rebuild: Full-text indexes only Rebuild: All used views

Command-line option -X

Description Rebuilds full-text indexes and does not rebuild views. Use to rebuild full-text indexes that are corrupted. Rebuilds all used views. Using this option is resource-intensive, so use it as a last resort to solve corruption problems with a specific database. Rebuilds unused views and a full-text index in a database. Requires you to specify a database.

-R

Rebuild: Full-text indexes and additionally: All unused views

database -C

Updall - Search Site options Option in Task - Start tool Update database configurations: Incremental Update database configurations: Full Fixup Fixup is used to repair database that were open when a server failure occurred. Fixup runs automatically when the server starts, but it can also be run from the Domino Console, when necessary. Databases are checked for data errors generated when a write command to the database was issued and a failure occurred causing a corruption in the database. When Fixup is running on a database, user access is denied until the job completes. Fixup should be run if Updall does not fix the database errors. Command-line option -A Description Incrementally updates search-site database configurations for search site databases. Does a full update of search-site database configurations for search site databases.

-B

Fixup options in Fixup tool and Task - Start tool Fixup all databases Fixup only this database or folder

Command-line equivalent databasepath

Description "Fixup only this database or folder" runs Fixup only on a specified database or all databases in a specified folder. To run Fixup on a database in the Domino data folder, enter the file name, for example SALES.NSF. To run Fixup on a database or databases in folders within the data folder, enter the path relative to the data folder. For example, to run Fixup on all databases in the DATA\SALES folder, specify SALES. "Fixup all databases" or no command line database path runs Fixup on all databases on the server. Note To specify databases or folders to run on using the Fixup tool, select the database(s) or folder(s). Reports to the log file every database that Fixup opens and checks for corruption. Without this argument, Fixup logs only actual problems encountered. When you run Fixup on a specific database, Fixup checks only documents modified since Fixup last ran. Without this option, Fixup checks all documents. When you run Fixup on all databases, Fixup checks all documents in the databases. Without this option, Fixup checks only documents modified since it last ran. Note To specify this option using the Fixup tool, deselect "Scan only since last fixup." Checks documents more quickly but less thoroughly. Without this option, Fixup checks documents thoroughly. Prevents Fixup from running on views. This option reduces the time it takes Fixup to run. Use if view corruption isn't a problem. Prevents Fixup from purging corrupted documents so that the next time Fixup runs or the next time a user opens the database, Fixup must check the database again. Use this option to salvage data in documents if the corruption is minor or if there are no replicas of the database.

Report all processed databases to log file

-L

Scan only since last fixup

-I

Scan all documents

-F

Perform quick fixup

-Q

Exclude views (faster)

-V

Don't purge corrupted documents

-N

Optimize user unread lists

-U

Fixup transaction-logged databases

-J

Reverts ID tables in a database to the previous release format. Don't select this option unless Customer Support recommends doing so. Runs on databases that are enabled for transaction logging. Without this option, Fixup generally doesn't run on logged databases. If you are using a certified backup utility, it's important that you schedule a full backup of the database as soon after Fixup finishes as possible. If you run Fixup on open databases, Fixup takes the databases offline to perform the fixup. This is the default if you run Fixup and specify a database name. Without this option, when you do not specify database names, Fixup does not run on open databases. Applies only to running Fixup on a single database. When a database isn't taken offline and is in use, then Fixup is not run. This is the default when Fixup is run on multiple databases. Verifies the integrity of the database and reports errors. Does not modify the database (for example, does not purge corrupted documents). Runs Fixup on databases in subfolders (subdirectories). Does not run Fixup on databases in subfolders (subdirectories).

Fixup open databases

-O

Don't fixup open databases

-Z

Verify only

-C

Fixup subdirectories Don't fixup subdirectories

-Y -y

Compact Compact can be used to recover space in a database after documents are deleted. Deleting documents from a Domino database does not actually decrease the size of the database. A deletion stub is created and the document is removed permanently when compact is run, and the size of the DB is then reduced. Three types of compacting are available. • • • In-place compacting with space recovery In-place compacting with space recovery and reduction in file size Copy-style compacting

In-place compacting with space recovery Unused space is recovered, but the physical size of the DB remains the same. Unlike with Update and Updall, access to the DB is not denied while the compact task is running. When Compact is launched

without switches or with a -b switch, in-place compacting with space recovery is the type of compacting used. The DBIID, or database instance ID used to identify the database, remains the same. In-place compacting is used for databases that have the system configured to run transaction logging. Tip Use this compacting method the most frequently -- it is the fastest method and causes the least system impact.

In-place compacting with space recovery and reduction in file size This style of compacting reduces the file size of databases as well as recovers unused space in databases. This style of compacting is somewhat slower than in-place compacting with space recovery only. This style of compacting assigns new DBIIDs to databases, so if you use it on logged databases and you use a certified backup utility, perform full backups of the databases shortly after compacting is complete. This style of compacting allows users and servers to continue to access and edit databases during compacting. When you run Compact without specifying options, Domino uses this style of compacting on databases that aren't enabled for transaction logging. Domino also uses this style of compacting when you use the -B option. To optimize disk space, it's recommended that you run Compact using the -B option on all databases once a week or once a month. Copy-style compacting A Copy is created, and when the compact is complete, the original database is deleted. Because of this, there needs to be sufficient disk space available to make the copy of the database, or any error will occur and the compact will not work. During this type of compacting, a new database is created and a new DBIID is assigned. Because a new database is actually being created, this option locks out all users and servers from editing the database. Access using this version of compact for read only can be enabled if the -L switch is used at the time it is run. Tip : Compact should be run on all databases at the least weekly, if possible, but it should be run at a minium of once a month using the format compact -B to minimize the amount of disk space. If Fixup does not correct a database problem, running compact with the switch of -c can attempt to correct the problem. Characteristics In place, space In place, space Copy-style recovery recovery with file size reduction Databases that use it when Logged databases Unlogged databases Databases with pending compact runs without with no pending with no pending structural changes options structural changes structural changes Databases you can use it on Relative speed Users can read databases during compacting Users can edit databases during compacting Reduction in file size Extra disk space required Current release Fastest Yes Yes No No Current release Medium Yes Yes Yes No Current release (need -c) Slowest No (unless -L option used) No Yes Yes

Compact options Compact - Basics Option Compact only this database or folder (To specify databases to compact using the Files tab, select the databases in the files pane.) Command-line equivalent database path Specify any additional options after the database path. Description To compact a database in the Domino data folder, enter the file name, for example SALES.NSF. To compact databases in a folder within the data folder, specify the database path relative to the data folder. For example, to compact all databases in the folder DATA\SALES, specify SALES. If you choose "Compact all databases" (or don't specify a database path at the command line) Compact compacts all databases in the data folder and in folders within the data folder. Compact - Options Option Compact database only if unused space is greater than x percent Command-line equivalent -S percent Description Compacts all databases with a specified percent of unused space. For example, if you specify 10, databases with 10% or more recorded unused space are compacted. Note that the unused space calculation is not always a reliable measure of unused space. Discards built view indexes. Use this option to compact databases just before you store them on tape, for example. Does copy-style compacting. Compacts databases without converting to the current release file format of the server that stores the databases or reverts databases in the current release file format to the previous release file format. For example, on Domino 6 servers, this option compacts Domino 5 databases without converting them to the Domino 6 file format and converts Domino 6 databases to the Domino 5 file format. This option uses copy-style compacting.

Discard any built view indexes

-D

Keep or revert database to previous format

-R

Compact - Style

Option In-place (recommended)

Command-line equivalent -b

In-place with file size reduction

-B

Copy-style

-c

Copy-style: Allow access while compacting

-L

Copy-style: Ignore errors and proceed

-i

Description Uses in-place compacting and recovers unused space without reducing the file size, unless there's a pending structural change to a database, in which case copy-style compacting occurs. This is the recommended method of compacting. Uses in-place compacting, recovers unused space and reduces file size, unless there's a pending structural change in which case copy-style compacting occurs. If you use transaction logging, do full database backups after compacting completes. Uses copy-style compacting. Use this option, for example, to solve database corruption problems. Enables users to continue to access databases during compacting. If a user edits a database during compacting, compacting is canceled. This is useful only when copy-style compacting is done. Enables compacting to continue even if it encounters errors such as document corruption. Only used for copy-style compacting.

Compact - Advanced The advanced compact options are not available through the Compact tool in the Files tab of the Domino Administrator.

Option* Document table bitmap optimization: Off Document table bitmap optimization: On Don't support specialized response hierarchy: Off

Command-line equivalent -f

-F

-h

Don't support specialized response hierarchy: On

-H

Enable transaction logging: Off Enable transaction logging: On

-t -T

Description Disables "Document table bitmap optimization" database property. Does copy-style compacting. Enables "Document table bitmap optimization" database property. Does copy-style compacting. Disables "Don't support specialized response hierarchy" database property; in other words, support specialized response hierarchy. Does copy-style compacting. Enables "Don't support specialized response hierarchy" database property; in other words, do not support specialized response hierarchy. Does copy-style compacting. Disables transaction logging. Enables transaction logging. Use Compact - T when a database is open or closed. If you use Compact - T on a database that is closed, logging is enabled but the Compact is not logged until the database is opened; therefore, logging is not available until you reopen the database. Disables "Don't maintain unread marks" database property; in other words, maintain unread marks. Enables "Don't maintain unread marks" database property; in other words, do not maintain unread marks.

Don't maintain unread marks: Off Don't maintain unread marks: On

-u

-U

* Select "Set advanced properties" before you enable or disable any of these properties. Compact - Archive When you use the document archiving tool to archive and delete documents in a database, you can use the following Compact options to archive documents if the database is located on a server and you've chosen the advanced archiving option "Automatically on server." Option* Archive only Command-line equivalent -A Description Archives and deletes documents from a database without compacting the database. Archives and deletes documents from a database and then compacts the database. Deletes documents from a database and then compacts the database.

Archive and then compact

-a

Delete and then archive

-j

16. What is maximum database will accept in the DB cache. Ans: Total it can cache upto 121 database. 17. How to run Compact, Updall, Fixup on different database at a time. Ans: It’s same for all commands follow these steps   Open a Notepad and type all the files which has to be processed in each line. And save that file with extension as .ind

18. NSF Notes Storage Facility 19. NTFNotes Template Facility 20. MIMEMulti purpose Internet Mail Extension 21. We can give multiples passwords only for the Cert.id 22. If we include the Server_Restricted =2 in the notes.ini file then only administrator can Access the server not other users. 23. By default User.ID file Expires 2 years and Server.ID & Cert.ID Expires 100 Years 24. If we find Kit Type=2 in the notes.ini file then, that noets.ini file is for the server. If we fine Kit Type=1, then notes.ini file for the client. 25. Limitation of the Organization Unit only 4 levels. But IBM recommended keeping only two Organization Units. 26. If we Register one Origination Unit, then it will created one ID file for OU & a Certifier Document in Domino Directory. 28. User ID file Contains the Personal Document also 28. When we Register User, then Domino Atomically Cerate the one ID file for the User, User Personal Document &Mail Database is created

28. By Default User Password is store in the User ID file. 29. If User is moving from one server to other Server in Different Domin, then AdminP not involves the Process, Only if the User is moving form one Server to other Server with same Domin then only AdminP Process the Request Local Domino Server Group is created by default when we installed the Additional Server.

30.

31. Server Console Security can implement thought the command Set Secure <password>

32.

If Administrator is forgot the console password, then just remove set secure line in the notes.ini file. By default no body Full Access Administrator. If User is include in the Server Access Group & Not Access server Group, then the particular user not access the server. In server Document “Create Database & Templates” , if this option is empty then Every body can created the Database . This has to take care by administrator. By default Administrator Has the Right to create the Template. On Every Lotus Database having On Disk Structure (ODS) Versions • R6-43 • R5-41 • R4-20 • R3-17 • R2-16 After Upgrading the server from R5 to R6 , give the Compact Command then ODS version will change on every database. If .NSF Database is changed to .NS5, then it will not convert to any other ODS versions .it’s remains ODS version 41 only .that means R5 only. Replication Occurs only Both Replica ID’s are same. Domino R6 Enterprise Server & Utility Server Support Clustering Domino Mail Server R6 version Do not Support Clustering Best Example of the Depositor is Mail. Box By default all users having the Author access to the Domino Directory. In the Readers filed controls that can see the Document & Authors filed promotes who author to editor to specific Document. Public Documents means even the no access users can see and edit the create the Document. Lotus uses the Secrete key encryption for Filed level security.

33. 34.

35.

36. 37.

38.

39.

40. 41. 42. 43. 44. 45.

46. 47.

48. NRPCNotes Remote Processor call.
49. 50. 51. 52. Domino Support Native MIME. But R4, R5 not support MIME. Mailer is lotus client software which deposits the mail to Mail. Box Domino Administrator can create Maximum of 10 Mail. Box Every User other then Administrator Depositor Access to Mail. Box

53. DNNDomino Named Network 54. NNNNotes Named Network
55. 56. By default Mail. Box Compact the every Day 4.00AM If ID file is store in the Domino Directory the ID file should contained the Password. If ID file not having password, then it will not store in the Domino Directory.

57. SSOSingle sing On 58. LDTWS Lotus Domino Toolkit for WebSphere Studio
59. Server Console Commands:

• • • • • • • • • • • • • • • • • • • • • •

Show Serverit show the dead mails & pending mails. Tell Router Update configRouters will be reloaded the routing table. Tell AdminP Process Alladministor process the all pending requests. Load Fixup <Database name>It fix up the that particular database. Load Compact <Database Name> It compact the that particular database Tell Router CompactIt Compact the Mail. Box Tell Router Show QueueIt will shows the mail held in transfer queues to spcfic servers. Show ClusterIt shows local server's cluster name cache, which includes a list of all cluster members and their status, based on information received during the server’s cluster probes. Replicators=number of tasks , this setting you have to specify in the server notes.ini file. Restart Port portname, Using this command you can restart the TCPIP prot & other ports. Start Port portname, using this command you can start the port. like TCPIP Stop Port portname, Using this command you can stop the port. Show OpendatabaseIt will shows the current open databases Show Server It will Shows the server Information. Show Allports It will show the all ports Information on the Server. Show Users It will shows the Users will are in open sections. Show Memory It will show the memory Information on the server. Show Time It will shows the Current time on the server. Broadcast “Message” It will Broadcast the message to every open section user. Dbcache Show It will show the Cache files information on server. Dbcache Flush Clear the Cache on the server. Show Diskspace It will show the Disk Space information on the server.

60. Changing a TCP or SSL port number By default, all NRPC connections use TCP port 1352. Because the Internet Assigned Number Authority (IANA) assigned Lotus Domino this port number, non-Domino applications do not usually compete for this port. Do not change the default NRPC port unless: You can use a NAT or PAT firewall system to redirect a remote system's connection attempt.

You are using Domino port mapping. You create a Connection document that contains the reassigned port number. To change the default NRPC port number, use the NOTES.INI setting TCPIPportname_TCPIPAddress and enter a value available on the system that runs the Domino server. TCP ports with numbers less than 5000 are reserved for application vendors. You may use any number from 1024 through 5000, as long as you don't install a new application that requires that number. Default ports for Internet services You may occasionally need to change the number of the TCP or SSL port assigned to an Internet service. Lotus Domino uses these default ports for Internet services: Service POP3 IMAP LDAP SMTP inbound SMTP outbound HTTP IIOP Server Controller Default TCP port 110<nozeros> 143 <nozeros> 389 <nozeros> 25 <nozeros> 25 <nozeros> 80 <nozeros> 63148 <nozeros> N/A Default SSL port 995 <nozeros> 993 <nozeros> 636 <nozeros> 465 <nozeros> 465 <nozeros> 443 <nozeros> 63149 <nozeros> 2050<nozeros>

61.

When we installed the First Domino server the following are created atomically

Cert.id--This is Organization Certifier & save in the Domino Directory • Server.id • Admin.id • A Mail Database is created for the Administrator • A personal document is created for the Administrator in domino directory. • A server Document is created. • A Domino Directory is created for server. • A configuration Document is created for Domino Directory • Log.nsf • Certlog.nsf • Admin4.nsf These above 3 databases are required to run AdminP 62. Preventing users from viewing ADMIN4.NSF in a hosted environment By default, access to the Administration Requests database (ADMIN4.NSF) is set to "Author" for hosted organization administrators and for -Default-. With this level of access, anyone with a Notes ID at a hosted organization can open ADMIN4.NSF with a Notes client and view user activity in the database. This is a security risk. To prevent users at a hosted organization site from accessing ADMIN4.NSF, do the following:

1. As the service provider administrator, open ADMIN4.NSF and select File Database - Properties. 2. 3. 4. Select the i Tab and click User Detail. In the User Activity interface, select the check box "Activity is confidential." Click OK. Click X to close out of Properties.

63. The Domino server log (LOG.NSF) • Every Domino server has a log file (LOG.NSF) that reports all server activity and provides detailed information about databases and users on the server. The log file is created automatically when you start a server for the first time. Notes ID file contain • • • • • • • User Name Password Certifier Information Certifier Duration Public Key Private Key Secrete Key

64.

65. Procure for Enable Automatic Backup User ID files • • • • 66. Create a New Database called Escrow.nsf by using the Mail6.nsf template. By default the Escrow.nsf can’t receive the mails, it can only send the Mails In order to receive the Mail to Escrow.NSf, cerate Mail-in-Database for the Escrow.nsf After above setting apply the Automatic Backup user ID for Organization.

General User Registration is of 4 types

1. Basic RegistrationUser Name & Password is mandatory

2. Advanced Registration 3. Text File Registrationlast Name & Passwords are mandatory 4. MigrationMigration tool must be installed during the Domino Administrator Software. 67. Policie A policy is a document that identifies a collection of individual policy settings documents. Each of these policy settings documents defines a set of defaults that apply to the users and groups to which the policy is assigned. Policy Setting Documents are 4 Types 1. Registration Policy 2. Security Policy 3. Desktop Policy 4. Setup Policy 5. Mail Archive Policy

Registration  If a policy including registration policy settings is in place before you register Notes users, these settings set default user registration values including user password, Internet address format, roaming user designation, and mail. Setup  If a policy including setup policy settings is in place before you set up a new Notes client, these settings are used during the initial Notes client setup to populate the user's Location document. Setup settings include Internet browser and proxy settings, applet security settings, and desktop and user preferences. Desktop  Use desktop policy settings control and update the user's desktop environment or to reinforce setup policy settings. For example, if a change is made to any of the policy settings, the next time users authenticate with their home server, the desktop policy settings restore the default settings or distribute new settings specified in the desktop policy settings document. Mail archiving  Use archive policy settings to control mail archiving. Archive settings control where archiving is performed and specify archive criteria. Security  Use security settings to set up administration ECLs and define passwordmanagement options, including the synchronization of Internet and Notes passwords. “If user is Already register, then we can apply only Archive Policy & Security Policy & Setup Policy” “Policy are Introduced in the Domino R6 Version” 68. Groups Groups can be used for three purposes • • • Mailing Server Security Database Security

Groups are 5 Types in Lotus Domino 1. Multipurpose

2. Mail Only 3. ACL only 4. Server Group 5. Deny List Group Multi-purpose  Use for a group that has multiple purposes -- for example, mail, ACLs, and so on. This is the default. Access Control List only  Use for server and database access authentication only. Mail only  Use for mailing list groups. Servers only  Use in Connection documents and in the Domino Administration client's domain bookmarks for grouping. Deny List only  Use to control access to servers. Typically used to prevent terminated employees from accessing servers, but this type of group can be used to prevent any user from accessing particular servers. The Administration Process cannot delete any member of the group. 69. Administrator Types in Lotus Domino

They are 6 types of Administrator will Available in the Domino server. 1. Full Access Administrator

2. View Only Administrator 3. System Administrator 4. Database Administrator 5. Administrator 6. Remote Administrator 70. Encryption Domino uses the two types of Encryption Techniques 1. RSA Encryption

2. Dual Key Encryption Encryption protects data from unauthorized access. For all types of encryption except network port encryption, Domino uses public and private keys .so that data encrypted by one of the keys can be decrypted only by the other. The public and private keys are mathematically related and uniquely identify the user. Both are stored in the ID file. Within the ID file, the public key is stored in a certificate, but the private key is stored separately from the certificate. The certificate containing the public key is also stored in the Domino Directory, where it is available to other users.

To create Notes public and private keys, Domino uses the dual-key RSA Cryptosystem and the RC2 and RC4 algorithms for encryption. To create the Internet public key, Domino uses the x.509 certificate format, which is an industry-standard format that many applications, including Domino, understand. Both the Notes client and Domino server support 1024-bit RSA key and 128-bit symmetric key for S/MIME and SSL. The Notes proprietary protocols use a 630-bit key for key exchange, and a 64-bit symmetric key. 71. Cluster Concept All the servers in a Domino cluster continually communicate with each other to keep updated on the status of each server and to keep database replicas synchronized. Each server in the cluster contains cluster components that are installed when lotus domino Enterprise Server or Lotus domino 6 Utility server. These components in the Administrator process perform the Cluster Management & Monitor task to ensure that the cluster running smoothly. “Cluster is group of 2 to 6 servers of same Domain & same DNN”

Clustering requirements: 1. All servers in a cluster use TCP/IP Protocol.

2. All servers in the Cluster uses the same Domain and servers must use the same Domino Directory. 3. A server can be a Member of only one cluster.

4. All servers in a Cluster should be above R4.63 Enterprise Edition server. 5. Placed the Cluster servers in the Private LAN (Optional) 6. Client software is above R4.5 & Client should use the TCP/IP protocol. There are two major reasons to create a replica for a database in a cluster -- to provide constant availability of the data and to distribute the workload between multiple servers. If you create too many Replicas’ in the cluster then it is unnecessarily to the overhead of maintaining a system and affect performance. Example of clustering two servers for mail and applications If you have only two servers in your cluster, you can set them up in one of two ways: You can use one of the servers as the primary server for user access and use the second server as a backup and failover server, or you can equally divide the workload between the two servers and have them fail over to each other. Dividing the workload typically ensures better performance when both servers are running. When one server is not available, performance is the same in both scenarios because one server must process the entire workload of both servers. The following figure shows a cluster with two servers with the workload divided between the servers.

Adding a Cluster Server

You will be prompted by verification prompt. Select Yes. You will prompted to create a New Cluster the 1st time you create a cluster. Click OK

Next, you'll be prompted to provide a name for your cluster. For this example we have selected to name the cluster "MailCluster1".

Select "Yes" to the "....request immediately or via Admin Process" dialog.

You will receive the following prompt when successful.

We need to setup another Domino server on the same cluster in order for failover to function. Select another Domino server and step through the same steps as shown above. The only exception, is when prompted for the name of the cluster DO NOT select *Create New

Cluster, select the down arrow key and select the cluster which was created in the steps above. (MailCluster1)

The Domino server will add a couple of services to both of the domino servers 72. How failover works A cluster's ability to redirect requests from one server to another is called failover. When a user tries to access a database on a server that is unavailable or in heavy use, Domino directs the user to a replica of the database on another server in the cluster. 73. Changing the mail routing failover setting To change the default mail routing failover setting, make the following change in the Configuration Settings document for every server in the cluster and every server in the domain that can route mail. 1. tab. 2. 3. 4. From the Domino Administrator or the Web Administrator, click the Configuration In the Task pane, expand Messaging. Click Configurations. Do one of the following:

From the Domino Administrator, select the Configuration document for the server or server group you want, and click Edit Configuration. From the Web Administrator, open the Configuration document for the server or server group you want, and click Edit Server Configuration. If you do not have a Configuration document for the server or server group you want, create one by clicking Add Configuration. 5. Click the Router/SMTP - Advanced - Controls tab.

6.

In the Cluster failover field, choose one of the following:

Disabled Enabled for last hop only (the default) Enabled for all transfers in this domain 7. Save and close the Configuration document.

Note This setting affects delivery to a client but does not affect sending a message from a client when the mail server is unavailable. If a user sends a message when the mail server is unavailable, the delivery fails over to another server in the cluster, and the router on that server sends the message. 74. Fault recovery in a cluster Fault recovery is the ability of a Domino server to clean up and restart itself after a failure. Fault recovery works well in a Domino cluster. If there is no Domino server to fail over to, fault recovery still ensures that users will have constant access to their data. Even if users fail over to another cluster server, fault recovery increases availability because the failed server becomes available again. In addition, depending on the workload balancing parameters you've set, some users will fail back to the original server when they open new databases. If you are using an operating system cluster in conjunction with a Domino cluster, the decision about whether or not to use fault recovery depends on how you configured the operating system cluster. If you configured the operating system cluster to fail over on a hardware failure only, fault recovery works well. Fault recovery restarts Domino on its current server, and no operating system fail over occurs. If you configured your operating system cluster to fail over on both hardware and software failures, you don't need fault recovery because the operating system cluster will restart Domino on another server in the cluster. In fact, you should disable fault recovery so you won't have Domino restarting itself while the operating system cluster is also restarting it. This can lead to problems. By default, fault recovery is disabled. You enable it in the Server document. 1. 2. 3. From the Domino Administrator or the Web Administrator, click the Configuration tab. In the Task pane, expand Server, and click All Server Documents. In the Results pane, select the Server document you want, click Edit Server, and then click the Basics tab. 4. In the Fault Recovery section, choose "Enabled" in the "Automatically Restart Server After Fault/Crash" field.

75. Creating mail database replicas in a cluster during user registration from the Domino
Administrator 1. Clickk the People & Groups tab.

2. In the Tools pane, expand People, and then click Register. 3. In the "Choose a Certifier" dialog box, choose a certifier and click OK. 4. In the Register Person -- New Entry dialog box, select Advanced, and then click the Mail tab. 5. In the Mail system field, choose Lotus Notes. 6. Click Mail Server, and choose a cluster server as the Mail server.

7. Click Mail File Replicas. 8. Select "Create mail database replica(s)." A list is displayed of servers in the same cluster as the Mail server. 9. Do one of the following: To create a replica of the mail database on all of the cluster servers, skip this step. To change the list of servers to receive a replica, use the Remove Server(s) button and the Add Server(s) button. 10. (Optional) Select "Create mail replica(s) in background." 11. Click OK, and then complete any other fields you want on the Mail tab. 12. (Optional) If you want to set up the user for roaming in a cluster, follow the procedure in the topic "Setting up roaming in a cluster." 13. Complete the rest of the user registration the way you normally would. 76. Server Database Security There are 7 types of Access levels are their in the ACL to access the Database. • Manager • Designer • Editor • Author • Reader • Depositor • No Access Managerwho can create the Database is Manager to that database. Only manager can encrypt the Database. Only Manger can Change the ACL setting. Only Manager can compact the Database. Only Manager can delete the Database DesignerDesigner can Access the all Design Elements like Views, form...etc. Designer can create FT Index to the database (Full text Index). Designer can delete the Document if Manager give the permission. Editor By Default Editor can Create, Read & Modified the Document. Editor can delete the Document if manager give the permission. AuthorAuthor can Read the document if manager gives the permission. Author can delete the Document, if author is owner of that document. Author can always read Documents. ReadersBy default readers can read the document. Readers can’t Create & can’t Update the Documents. DepositorDepositor can create the Document, but they can’t read the Document 77. Mail Administration Domino uses the two routing protocols

• •

NRPCNotes Remote Processor Call. SMTPSimple Mail Transport Protocol Domino uses the two types of mail Framets

• • • • • • • • • •

RTFRich Text Filed MIMEMulti purpose Internet Mail Extension. Domino Uses the Following Mail Access Protocols POP3this is for Outlook client IMAPthis is for Netscape Client NRPCthis is for Lotus notes client HTTPthis is for Internet Explorer Client. Domino uses the following Mail Templates Mail6.ntfthis is for the Intranet users Inotes (R5).ntf this is for the Internet users Inotes(R6).ntf this is for internet users Extended Mail.ntf this is for Outlook users

• • •

If the Server are said to be same DNN then Servers must use Same LAN Protocols Constant LAN connection ( not dialup connection) Server must be same Domain

78. Message Tracking • • By Default the Message Tracking is disabling in the Configuration document. Administrator has to enable the Message Tracking. Mail Tracker Collector Task (MTC) Reads Special Mail tracker Log files (MTC files) produced by the Router and copied then in to Mail Tracker Store Database called MTSTORE.NSF

79. Enabling single sign-on and basic authentication This procedure creates single sign-on cookies for your server that can be used successfully on other participating servers. To enable single sign-on and basic authentication for a Web Site Use this procedure to enable single sign-on for Domino 6 servers configured with Web Site documents. 1. 2. 3. 4. 5. 6. 7. 8. In the Domino Administrator, click Configuration - Web - Internet Sites. Open the Web Site document for which you want to enable single sign-on. Click Domino Web Engine. In Session authentication, select "Multiple Servers (SSO)." In the Web SSO Configuration field, select the Web SSO Configuration for this Web Site from the drop-down list. Click Security. For both TCP and SSL authentication, enable Name & Password. Save and close the Web Site document. At the server console, start the HTTP process by typing: load HTTP

If the HTTP process is already running, type: tell HTTP restart Note If something is wrong with the configuration, the browser will receive an Error 500 message stating that single sign-on is not configured. To enable single sign-on and basic authentication in the Server document Use this procedure to enable single sign-on for Domino Release 5.0x servers, or for Domino 6 servers not configured with Web Site documents. 1. 2. 3. Open the Server document. Click Ports - Internet Ports - Web, and enable Name-and-password authentication for the Web (HTTP/HTTPS) port. Click Internet Protocols - Domino Web Engine, and select Multiple Servers (SSO) in the Session authentication field. Note The "Idle session timeout" and "Maximum active sessions" fields will be disabled. 4. In the Web SSO Configuration field, select the Web SSO Configuration for this server from the drop-down list. 5. Save and close the Server document

80. New features in Lotus Domino 7.0 Lotus Domino 7.0 has been enhanced to include the following administration Tools

• • • • • •

Improved policy management Automated client installation and upgrade Linux/Mozilla Web Administration client Serviceability, including autonomic data collection Administration scriptability Rename reversion approval Domino Domain Monitoring (DDM) provides a single location in the Domino Administrator client that you can use to view the status of multiple servers across one or more domains. To do this, DDM uses configurable probes to gather information across multiple servers. These probes check for issues involving the Directory, SMTP, routing, replication, ACL, security, and agents. DDM then consolidates and reports that information on specially-designated collection servers in a Notes output database called the Domino Domain Monitor (DDM.NSF). Improved policy management Policy-based management was introduced in Lotus Domino 6. Release 7.0 extends this functionality further by offering a new Mail policy document. With it, you can define a set of corporate information that you want to apply to your mail users. In addition, a new client policy lockdown feature lets you specify which policy settings your users can modify. Automated client installation and upgrade Lotus Domino 7.0 includes a number of enhancements to Lotus Notes Smart Upgrade. For example, Smart Upgrade now detaches kits in the background to prevent lost time due to a non-working client. Smart Upgrade also provides failover from a shared (network) upgrade kit to another server's attached kit. In addition:

• • • •

Administrators are notified via a mail-in database of the Smart Upgrade status (success, failed, or delayed) by user/machine. In clustered environments, Smart Upgrade can switch to another member of the cluster if the first server is unavailable. Provisioning is available for the Smart Upgrade Tracking database. Smart Upgrade governor limits the number of downloads from a single server to avoid excessive server load. Linux/Mozilla Web Administration client You can run the Domino 7.0 Web Administration client from a Mozilla Web browser on a Linux system, enabling an end-to-end Linux deployment of Lotus Domino and Domino Web Access with no need for Windows in the environment. Other Domino administration enhancements

Lotus Domino 7.0 also offers the following features to make administration easier: • • The ability to write the status bar history to a log file The ability to suppress the Roaming User Upgrade prompt DB2 support and other integration enhancements A major new feature in Lotus Domino 7.0 (one that is sure to draw a great deal of attention and interest) is its support of DB2 as a data store. In Lotus Domino 7.0, you can use both DB2 databases and Domino databases, accessing and viewing data stored in either format. Users experience no visible difference between the Domino data and the DB2 data. Nor do they need a DB2 ID or DB2 connectivity. And you can replicate a DB2 database just as you would a Notes database. Messaging and anti-spam protection: Lotus Domino 7.0 now features private blacklist/whitelist filters for SMTP connections and DNS whitelist filters for SMTP connections. Most spam filtering involves blacklists in which email from addresses on the list is rejected or filtered. Figure 1. BlackList option

81. Starting and stopping the ISpy task

Create a TCP server event generator to verify the availability of the services on Internet ports on one or more servers. A TCP server event generator uses the ISpy task to send a probe to test whether the server is responding on a port By default, the ISpy task monitors all enabled Internet ports (TCP services) on the server on which it is running. You must start the ISpy task before you can create server and mail routing event generators. The ISpy task does not start automatically. Use any of these methods to start and stop the ISpy task. Because the ISpy task is case-sensitive, you must enter it exactly as shown in this table. To do this Start the ISpy task automatically when the server starts Start the ISpy task manually Stop the ISpy task Perform this task Edit the ServerTasks setting in the NOTES.INI file to include runjava ISpy. Enter the command load runjava ISpy at the console. Enter either the command tell runjava ISpy unload or tell runjava quit at the console.

82. Mail journaling Mail journaling enables administrators to capture a copy of specified messages that the Router processes by the Domino system. Journaling can capture all messages handled by the Router or only messages that meet specific defined criteria. When mail journaling is enabled, Domino examines messages as they pass through MAIL.BOX and saves copies of selected messages to a Domino Mail Journaling database (MAILJRN.NSF) for later retrieval and

review. Mail journaling works in conjunction with mail rules, so that you create a journaling rule to specify the criteria for which messages to journal. For example, you can journal messages sent to or from specific people, groups, or domains. Before depositing messages in the Mail Journaling database, the Router encrypts them to ensure that only authorized persons can examine them. Journaling does not disrupt the normal routing of a message. After the Router copies a message to the Mail Journaling database, it continues to dispatch the message to its intended recipient.

Domino mail journaling differs from message archiving. Journaling works dynamically, making a copy of each message as it passes through MAIL.BOX to its destination and placing the copy in the Mail Journaling database. A copy of the message is retained, even if the recipient, or an agent acting on the recipient's mail file, deletes it immediately upon delivery. Archiving is used to reduce the size of an active mail file database by deleting messages from one location and moving them to an offline database, usually in another location, for long-term storage. Archiving acts on messages that have already been delivered. Journaling is performed automatically by the server; while archiving is a manual operation, performed by end users on their own mail files. End users can search for and retrieve messages from a mail file archive, but only an authorized administrator can examine a Mail Journaling database. There are two steps to configure journaling: Setting up the Mail Journaling database Specifying which messages to journal

By default, mail journaling is not enabled. You enable journaling from the Configuration Settings document. To set up the Mail Journaling database, you specify where to store journaled messages and then set options for managing the security and size of the database. After you enable journaling, Domino automatically creates the Mail Journaling database in the specified location. To set up the Mail Journaling database 1. 2. 3. 4. 5. 6. Make sure you already have a Configuration Settings document for the server(s) to be configured. From the Domino Administrator, click the Configuration tab and expand the Messaging section. Click Configurations. Select the Configuration Settings document for the mail server or servers where you want to journal mail, and click Edit Configuration. Click the Router/SMTP - Advanced - Journaling tab. Complete the following fields, and then click Save & Close:

Specifying messages to journal After you enable journaling, set mail rules on the Configuration Settings document to specify which messages to journal.

If you specify All documents and a message is returned as undeliverable, Domino journals the delivery failure report as well as the original message. When Domino journals a message, it sets a journal flag on the message before transferring it to the next server on the route. This ensures that servers later in the routing path do not journal the message again. When the Router on the destination mail server delivers the message to the user's mail file it removes the journal flag so to that the user remains unaware that the message was been journaled. On servers running the ISpy task, this task sends mail probes in the form of trace messages to test mail connectivity approximately every five minutes. Under normal use, the ISpy task automatically deletes these probes from the ISpy mail-in database and the only trace of them are entries in the Routing events view of the server log file and on the server console. However, if you enable a journaling rule on these servers and specify the condition "All documents," the Mail Journaling database will capture each trace message that the ISpy task sends. To prevent the Mail Journaling database from filling up with these entries, configure a rule exception for messages where the sender includes "ISpy."

Field Journaling

Description Specifies whether the server supports mail journaling. Choose one: Enabled - Domino supports mail journaling on the servers governed by this document. To journal mail, create a server mail rule with the action "Journal this message." Disabled - (default) Mail journaling is not supported on the servers governed by this document. Specifies the names of Notes message fields that Domino does not encrypt when adding messages to the Mail Journaling database. Encrypted fields cannot be displayed in a view. List any fields you want to display in a view. By default, the following fields are not encrypted: Form, From, Principal, and PostedDate. Note When using a mail-in database for journaling, Domino does not automatically encrypt messages added to the database. To encrypt messages in a mail-in database use the Mail-in database document to specify encryption of incoming messages. Specifies the location of the Mail Journaling database. Choose one: Copy to local database - (default) The Router copies each journaled message to a database on the local server. If it does not already exist, Domino creates a local Mail Journaling database on the server. If the Configuration Settings document applies to multiple servers, Domino creates a unique Mail Journaling database on each server. Send to mail-in database - The Router copies each journaled message and sends it to a specified mail-in database. The specified database must already exist and must have a Mail-in database document in the Domino Directory. The mail-in database used for journaling may be on any Domino server, including the local server. Specify the mail file where journaled messages are to be sent in the Mail Destination field. When using a mail-in database for journaling, be sure to encrypt messages when adding them to the database. To encrypt messages sent to a mail-in database, enable encryption on the Administration tab of the Mail-in database document. If you specified "Copy to local database" as the journaling method, specify the file name you want Domino to use when it creates the Mail Journaling database. The default name is MAILJRN.NSF. If you specified "Send to mail-in database" as the journaling method, use this field to enter the name of the mail-in database to which the Router forwards messages to be journaled. Click the down-arrow to select the name of the mail-in database from the Domino Directory. Note You must create the mail-in database beforehand; Domino does not automatically create mail-in databases for journaling.

Field encryption exclusion list

Method

Database name

Mail destinatio n

Encrypt on behalf of user

If you specified "Copy to local database" as the journaling method, enter the fully qualified Notes Name of the user whose certified public key Domino uses to encrypt messages added to the database. To ensure privacy, consider creating a special user ID for reviewing journaled messages, and protect the ID with multiple passwords. To encrypt messages sent to a mail-in database, enable encryption on the Administration tab of the Mail-in database document. For local Mail Journaling databases, the entry in this field specifies how Domino controls the size of the Mail Journaling database. When the database management method in effect calls for Domino to create a new Mail Journaling database, on the day that it creates the new database, it does so at approximately 12:00 AM. Choose one of the following methods: Periodic Rollover - (default) When the current Mail journaling database reaches the age specified in the Periodicity field, Domino renames the existing Mail Journaling database and creates a new Mail Journaling database with the original name. None - Domino does not automatically control the size of the Mail Journaling database. If you do not use one of the available methods for controlling database size automatically, be sure to monitor the database size and use appropriate tools to archive the journal data. Purge/Compact - Domino deletes documents from the database after the number of days specified in the Data Retention field and then compacts the database. Size Rollover - When the current database reaches the size specified in the Maximum size field, Domino renames the database and creates a new Mail Journaling database with the original name. If you specified Periodic Rollover in the preceding field, Domino displays this field for specifying the length, in days, of the rollover interval. The default value is 1 day. If you specified Purge/Compact in the Database ManagementMethod field, Domino displays this field for specifying the time, in days, that a message remains in the Mail Journaling database before being deleted. If you specified Size Rollover in the Database ManagementMethod field, Domino displays this field for specifying a size limit, in megabytes (MB), for the Mail journaling database. After the database reaches the specified size, Domino renames it and creates a new one.

Database Manageme nt Method

Periodicit y Data Retention

Maximum size

83. To recover a user ID from a backup ID The user completes these steps. 1. If you have recovery information set up for your user ID, contact your administrator to obtain the password(s) needed to recover your ID. The recovery password is randomly generated and unique to each recoverable ID file and administrator.

Note If you do not have access to your user ID file, contact your administrator, who can provide you with an encrypted backup of your user ID. Once you have the backup user ID, continue with the following steps. 2. 3. 4. 5. When you first log in to Notes and the Password dialog box appears, do not enter your password. Just click OK. Click "Recover Password" in the "Wrong password" dialog box. Select the user ID file to recover in the "Choose ID File to Recover" dialog box. Enter the password(s) given to you by your administrator(s) in the "Enter Passwords" dialog box, and repeat until you have entered all of the passwords, and you are prompted to enter a new password for your user ID. Enter a new password for your user ID, and confirm the password when prompted. Note that if you do not enter a new password, you will need to recover your user ID again. Replace all backups and copies of your user ID file with the newly recovered user ID file. 84. To obtain the ID file recovery password For security reasons, the administrators must complete these steps from their own workstations, rather than from the same workstation. Using separate workstations prevents an unauthorized user from using a program to capture the keystrokes that the administrators enter on the same workstation. If an unauthorized user obtains an administrator's ID file and password, the unauthorized user can obtain the administrator's recovery password for all ID files. Therefore, you must protect the administrator's ID file and require that multiple administrators work together to recover any given user ID file. 1. 2. 3. 4. 5. 85. 86. Detach the encrypted backup of the user's ID file from the mail or mail-in database to the local hard drive. If the user's ID file is damaged, send a copy of the ID file from the centralized mail or mailin database to the user. From the Domino Administrator, click the Configuration tab, and choose Certification Extract Recovery Password. Enter the password to the administrator's ID file. Specify the ID file you want to recover. This is the same ID you detached in Step 1. 6. Give the user the recovery password that is displayed

6. 7.

Lotus Web server 1.Web Site rules and global Web settings

Web Site Rules
The Web Site Rules document is created from within the corresponding Web Site document. The four types of Web Site Rules documents are:

Directory -- Use the Directory type to direct incoming URLs to a specific directory, and to assign an access level. Redirection -- Use the Redirection type to specify that designated incoming URL patterns be redirected to a specified URL. Substitution -- Use the Substitution type to replace a specified URL pattern with another specified URL pattern. HTTP response header -- Use the HTTP response header type to specify HTTP headers that are added to all responses from requests that match the specified URL pattern. Web Site rules allow you to relocate or reorganize sites without breaking existing links or browser bookmarks. Web Site rules appear as response documents to Web Site documents
Ans: Web Site rules are documents that help you maintain the organization of a Web site. They have two main uses: • Enable the administrator to create a consistent and user-friendly navigation scheme for a Web site, which is independent of the site's actual physical organization. Allow parts of the site to be relocated or reorganized without breaking existing links or browser bookmarks.

Web Site rules are created as response documents to Web Site documents, and apply only to that particular Web Site document. If you want to apply a rule to more than one Web Site document, copy and paste the rule document from one Web Site document to the other. Before Web Site rules can be applied to an incoming URL, the URL is normalized according to a predefined set of filtering and validation rules and procedures. These procedures reduce the URL to a safe form before it is passed to an application for processing. Once the URL is normalized, the HTTP task uses the rules defined for the Web Site to determine if the URL is to be modified in any way. Note Only the URL path is used for pattern matching. The query string is saved for use by the application. Any patterns you specify for a rule's Incoming URL pattern field should not include a host name or query string. There are four types of Web Site rules. If more than one type of Web Site rule has been created for a Web Site document, the rules documents are evaluated in this order: • • • • Substitution rules A substitution rule replaces one or more parts of the incoming URL with new strings. Substitution rules should be used when you want to reorganize your Web site, and you don't want to have to rewrite all the links in the site, or when you want to provide user-friendly aliases for complex URLs. Substitution Redirection Directory HTTP response header

For example, a substitution rule would be useful if you moved a number of files on your Web site from one directory to another. Instead of fixing all the links that refer to the old directory, your substitution rule would map the old directory to the new directory. The incoming and replacement patterns in substitution rules must each specify at least one wildcard. If you do not explicitly include a wildcard somewhere in a pattern, the HTTP task automatically appends "/*" to the pattern when it stores the rule in its internal table. Redirection rules Redirection rules redirect incoming URLs to other URLs. There are two types of redirection rules: external redirection and internal redirection. An external redirection rule causes the server to inform the browser that a file or other resource requested by the browser is located at another URL. If the incoming URL path matches an external redirection rule, the HTTP task generates a new URL based on the redirection pattern and immediately returns that URL to the browser. Using external redirection rules allows existing links and bookmarks to keep working, but insures that new bookmarks point to the new location. An internal redirection rule acts like a substitution rule, as the HTTP task generates a new URL and then re-normalizes it. There are two differences, however. First, the redirection table is searched recursively, so you can create and nest multiple redirection rules. Second, an internal redirection rule does not require the use of a wildcard character. Thus, you can choose to use an internal redirection rule instead of a substitution rule if you want to force an exact match on the URL path. If the incoming URL path matches an internal redirection rule, the HTTP task generates a new path, normalizes the path, and searches the redirection rule table again. Because the HTTP task does a recursive search through the redirection rule table, you can write broad redirection rules that capture URLs no matter what substitution or redirection has been applied. Note Having a recursive search means that there is the potential for getting into an infinite loop if you write redirection rules that match each other. To eliminate this possibility, the HTTP task has a built-in recursion limit of ten. Wildcards are allowed in redirection rules, but are not required. Directory rules A directory rule maps a file-system directory to a URL pattern. When the Web server receives a URL that matches the pattern, the server assumes that the URL is requesting a resource from that directory. When you install a Domino 6 Web server, several file-resource directories are created automatically. These default directories are mapped by directory rules that are defined on the Configuration tab of the Web Site document. When the Web server starts up, it automatically creates internal rules to map these directories to URL patterns. The three default directories are: • • • HTML directory for non-graphic files Icon directory for graphic images such as .GIFs CGI directory for CGI programs

Directory rules can only be used to map the location of files that are to be read directly (such as HTML files and graphic files) and executable programs to be loaded and run by the operating system (such as

CGI programs). Directory rules cannot be used to map the location of other types of resources, such as Domino databases or Java servlets. When you create a Directory Web Site rule, you specify read or execute access to a file-system directory. It is critically important to choose the right access. Only directories that contain CGI programs should be enabled for Execute access. All other directories should have Read access. If you specify the wrong access level, unexpected results will occur. For example, if you mark a CGI directory for Read access, when a browser user sends a URL for a CGI program, the server will return the source code of the program instead of executing it, which could be a serious security breach. Directory rules cannot override file-access permissions enforced by the operating system. Note Access level is inherited by all subdirectories under the specified directory. HTTP response header rules Every HTTP browser request and server response begins with a set of headers that describe the data that is being transmitted. An HTTP response header rule allows an application designer to customize the headers that Domino sends -- such as an Expires header or custom headers to HTTP responses -- with responses to requests that match the specified URL pattern. The most important use of response rules is to improve the performance of browser caching. An application designer can add headers that provide the browser with important information about the volatility of the material being cached. The caching headers include the Last-Modified header, Expires header, and Cache-Control header. The Last-Modified header indicates when the resource or resources used to generate a response were last changed. The Expires header tells the browser when resources are expected to change. A designer can define a rule to add Expires headers to responses based on when the designer expects resources to change. The Cache-Control header provides explicit instructions to browser and proxy server caches, such as "no-cache" for responses that should not be cached, or "private" for responses that are cacheable but are specific to a particular browser configuration. You can also use response rules to customize headers. For example, you can create response rules for custom headers that display specific error messages -- for example, when a user is not authorized to access an application. Unlike other Web site rules, response rules are applied to the outgoing response, just before the HTTP task transmits the response to the browser. For response header rules, the pattern is matched against the final form of a URL, after substitution and redirection rules have been applied to it. For example, if you have a substitution rule that transforms /help/* to /support.nsf/helpview/* and you want to create a response rule to match the response, the pattern for the response rule should be /support.nsf/helpview/*. The pattern can include one or more asterisks as wildcard characters. For example, the pattern /*/catalog/*.htm will match the URLs /petstore/catalog/food.htm, /clothing/catalog/thumbnails.htm, and so on. A wildcard is not required in a response rule. This allows you to create a rule that matches a specific resource, for example, /cgi-bin/account.pl. Also, as with all rules, the incoming pattern cannot contain a query string.

Response header rules are different from other rules in that not only do they have to match a URL pattern, they also have to match the HTTP response status code. You need to specify one or more status codes in the HTTP response codes field. Global Web Settings Global Web Settings enable you to apply Web rules to multiple Web sites. You define a name for the Global Web settings document, and specify the servers to which the Global Web settings apply. You then create Web Rules documents for a Global Web Settings document. The Web rules then apply to all Web sites hosted by the servers specified in the Global Web settings document. Global Web Settings document and associated Web Site rule documents are not automatically created. If you want to use the Global Web Settings document and Web Site rules in your Web environment, you need to manually create them.

2. What are “DSAPI filter file names” While configuring DOLS manually? Ans: DSAPI filter file name differs on the OS on which the Lotus Domino server is hosted. Win32 - ndolextn Linux - libdolextn AIX® - libdolextn Solaris/Sparc - libdolextn S390® - libdolextn iSeries® - libdolextn

Sign up to vote on this title
UsefulNot useful