Personal Blog of Thomas Hampel - Creative Mythbusting in Development and Collaboration

Who am I?

Feeds

Query results for : May 2015

Einladung zum IBM Stammtisch in Dresden - der 2. dieses Jahr- 29 May 2015 - (0) Comments

Thomas Hampel
 29 May 2015

Hallo IBM Community!

wir, d.h. Anett Hammerschmidt und ich, laden euch wieder herzlich zum zweiten IBM Stammtisch in Dresden ein.
Thema des Abends ist IT Security und Ethical Hacking insbes. im Bereich der IBM  Messaging & Collaboration Produkte,
Natürlich steht auch diesmal das Kennenlernen und Pflegen neuer und alter Kontakte im Mittelpunkt. Jeder Teilnehmer ist herzlich willkommen!

Wann?

Datum: 12. Juni 2015
Zeit: 18 Uhr bis 24 Uhr
Einladung im iCAL format

Wo?

Augustiner an der Frauenkirche, im Kellergewölbe
An der Frauenkirche 16/17
01067 Dresden

Webgeschreibung siehe Google Maps, parken ggf. bei QPark Frauenkirche / Neumarkt

Anmeldung:

Bitte tragt euch in diese Liste ein, so können wir die Plätze im Lokal besser planen und ggf. mehr Tische reservieren.

Ablauf:

18:00 Uhr - Welcome Reception im Kellergewölbe
19:00 Uhr - IT Security und Ethical Hacking von und mit Th.Hampel (IBM) und Anett Hammerschmidt
ca. ab 20 Uhr - Social Networking Live Demo mit #Lotusbeer

Kurzentschlossene können auch ohne Anmeldung einfach vorbeikommen, bitte direkt bei Anett ( +49-176-10315855 ) anrufen

Wir freuen uns auf Euch!
Anett Hammerschmidt und Thomas Hampel

Users can create new mails despite being over quota- 29 May 2015 - (0) Comments

Thomas Hampel
 29 May 2015

You have deployed mail quotas in your environment and your Notes Clients are configured to use local replicas or managed replicas.
Still you experience mail files are growing over quota limits without user complaints. How is this possible?

It seems there is a bug in the IBM Domino mail template version 9.0.1 which allows to create and send new mails even when the mail file is over quota.

Reproducing the problem

When working on the server replica:
  • create a new mail and try to save it will correctly display this warning:
    Image:Users can create new mails despite being over quota
When working on the local replica:
  • Create a new mail will display this error message, but clicking OK allows to continue saving & sending the new mail.
    Image:Users can create new mails despite being over quota
    Notes.ini variables have been verified to be set correctly on the client
    Check_Quota_On_Mail_Create=1
    REPL_OBEYS_QUOTAS=1

The problem is known to IBM and is documented as LO83693 "Enforcing Quotas on new mail creation in local based mail files not reliably working in Notes 9.0.1"

How to fix it

As usual there are two options:
a) Wait for IBM to provide a new version of the mail template - maybe this will be done in the next major release.
or
b) fix it yourself by modifying the template with your Domino Designer client as described below:

Within the QueryOpen event of the form(s)  "Memo", "Reply" and "Reply with History" , "To Do", "_Calendar Entry", etc. search for the quota checking code and remove the "Executive" statement incl. its brackets.
Image:Users can create new mails despite being over quota

Interesting to note that special forms do not contain this code so they do not need to be patched
Image:Users can create new mails despite being over quota
Please note that design elements need to be signed properly in order to avoid ECL warnings on the client side.

References
  • LO83693: Enforcing Quotas on new mail creation in local based mail files not reliably working in Notes 9.0.1

Special thanks to Michal Wolczyk for this analysis and Marc for finding this bug.

Sametime community must be set as your default server community- 28 May 2015 - (0) Comments

Thomas Hampel
 28 May 2015

If you are working in a support organization it might be requried to connect to multiple Sametime environments at once, e.g. your own environment and the customers Sametime environment.
By default a Sametime Community is configured so that you can not add it as a secondary community. Users will get the following error message when they try to connect to it:
Image:Sametime community must be set as your default server community
"To log into the [ServerName] server community, it must be set as your default server community. Either reset user to login directly or contact your system administrator"

Your system administrator will have to disable the setting "User must set this community as the default server community (IC)" within your Sametime System Console.
If you have been reading my previous blog post about policies.user.xml parameters, you will know that you can change this setting even when you dont have a Sametime System Console in place.

The attribute in question is this one:
Attribute Group "imserver.policygroup.chat" policy-attribute id current-value
User must set this community as the default server community (IC) im.2019 0



So all your system administrator needs to do is to update this parameter on the Sametime Community server by editing the file [DominoData]\policies.user.xml and change the policy attribute "im.2019" from "1" to "0"
After saving changes and restarting the staddin task on your Sametime Communtiy server, you can add this community as a secondary community in your Sametime client.

Display Photo in Sametime Business Cards- 27 May 2015 - (0) Comments

Thomas Hampel
 27 May 2015

After upgrading a Sametime Community server from 8.5.x to 9.0 the business card in Sametime does no longer show the picture of a person.
Image:Display Photo in Sametime Business Cards
Although pictures have been imported to the Domino Directory they were not showing up. It looks like the upgrade has overwritten the configuration we used before.

Since version 9.0 the business card can be configured in the Sametime System Console under "Sametime Servers" by selecting the Sametime Community Server which you want to configure.
This configuration is being written to the Sametime Community server into the file [DominoData]\UserInfoConfig.xml
Some time ago Mikkel Heisterberg published a wonderful description of the Sametime business card configuration secrets (PDF)

Looking into our server the file [DominoData]\UserInfoConfig.xml looked like this
Image:Display Photo in Sametime Business Cards
As you can see the above configuration does not contain an attribute name for the photo. By adding it UserInfoNotesBB will to return a user image from the Domino Directory.
Image:Display Photo in Sametime Business Cards
Saving the file and restarting the staddin task resolved the problem... pictures are displayed again.

When starting the Community server the UserInformation service initially loads the configuration from UserInfoConfig.xml and then receives configuration updates from the Sametime System Console.
So if your Community server is being managed from a Sametime System Console -which is the only supported configuration- then modifications applied to this file will be overwritten.

Configuration updates from SSC can be disabled by adding the following tag to UserInfoConfig.xml before the tag.
ReadStConfigUpdates value="false"
Source: IBM Infocenter - Configuring business cards using a native Domino Directory

References:

Configure Sametime Community Server Policies without System Console - Policies.User.XML parameters explained- 24 May 2015 - (2) Comments

Thomas Hampel
 24 May 2015

Upgrading Sametime Community Servers from 8.5.x to 9.0.x requires installing a Sametime System Console Server (SSC) where policies can be configured.
Although you can follow this perfect documentation to set up your environment, it might take some time and resources to complete.

Is there a way to run a Community server without SSC ?
Yes, there is --- but keep in mind a configuration without an SSC is officially not supported by IBM. It works fine with default policies, even configuration changes can be applied when you know how to configure policies manually

How it works:

Policies are stored/cached in a file called "policies.user.xml" located in the Domino Program directory. When installing a Sametime Community Server from scratch, this file will be created with default parameters.
You can register a Community server in a SSC later on by running "registerSTServerNode.bat" (or .sh) located in the folder DominoData/Console .
Hint: For Linux, specify the Notes.ini path without a trailing slash, e.g. "/local/notesdata"

When the Sametime 9.0 Community Server is registered at an SSC the Community server reads the policy configuration from the SSC during startup and then every hour (details can be configured).
Later on the community server can start and run even if the SSC is not available.

So even without a Sametime System Console, you can modify policies just by editing the file policies.user.xml in the Domino Program directory.
Please make sure to modify this file with an editor which keeps the formating in place. DO NOT USE "Notepad" in Windows , and restart the staddin task for changes to take effect.

Policies.user.xml

The following tables describe the parameters in the file "policies.user.xml" which can be found in the Domino Program directory

Chat
Attribute Group "imserver.policygroup.chat" policy-attribute id current-value
User must set this community as the default server community (IC) im.2019 0
Allow user to add multiple server communities (IC) im.2011 1
Allow user to add external users using Sametime gateway communities im.2001 0
Allow user to save chat transcripts (IC) im.2002 1
Automatically save chat transcripts (IC)
Valid only if "Allow user to save chat transcripts" is checked.
im.2004 1
Maximum days to save automatically saved chat transcripts (IC):
Set this field to zero to allow users to save chat transcripts for an unlimited time.
im.2006 365
Limit contact list size im.2014 0
Max. Number of Contacts
Valid (and required) if "Limit contact list size" is checked.
im.2015 500
Enable organization tree view for this user (for Sametime Advanced users only) im.enableOrganizationTreeView 0
Allow user to send offline messages (for Sametime Advanced users only) im.enableOfflineMessages 0
Allow all Sametime Connect features to be used with integrated clients (IC)
Use this setting if the Sametime Connect Client is enabled and licensed to work with another product's client.
im.3000 1
Allow mobile client Sametime update site URL (IC): im.2010 1
Sametime update site URL (IC): im.2012 ""





Image
Attribute Group "imserver.policygroup.image" policy-attribute id current-value
Allow custom emoticons (IC) im.2008 1
Allow scren capture and images (IC) im.2009 1
Set maximum image size for custom emoticons, screen captures, and inline images (IC) im.2020 0
Maximum Size
Valid only if "Set maximum image size" is checked
im.2021 500





File Transfer
Attribute Group "imserver.policygroup.filetransfer" policy-attribute id current-value
Allow user to transfer files through server (IC) im.1 1
Maximum individual file transfer size, in Kilobytes, for files sent through the server (IC): im.2 10000
Use exclude file types transfer list, for files sent through the server (IC) im.3 0
Types to exclude from transfer. Type the three-letter extension of each file type, separated by a comma or semicolon (IC)
Valid only if "Use exclude file types transfer list" is checked.
im.4 exe,com,bat
Allow client-to-client file transfer (IC) im.2005 1
Allow transferring multiple files and folders (for Sametime Advanced users only)
Valid only if "Allow client-to-client file transfer" is checked.
im.allowTransferringMultipleFilesAndFolders 0
Allow transferring files to participants in an n-way session (for Sametime Advanced users only)
Valid only if "Allow client-to-client file transfer" is checked.
im.allowTransferringFilesToNwayParticipants 0
Maximum number of users to receive a single file in one file transfer session:
Valid only if "Allow transferring files to participants in an n-way session" is checked.
im.maxNumberUsersToReceiveSingleFileInOneFileTransferSession 10





Plugin Management
Attribute Group "imserver.policygroup.plugin" policy-attribute id current-value
Allow user to install plug-ins (IC) im.2013
Sametime optional plug-in site URLs. Type the URLs separated by a comma or semicolon (IC): im.2022





Mobile
Attribute Group "imserver.policygroup.mobile" policy-attribute id current-value
Allow location reporting
When set, a user has the choice to share their location with other users. City level location information is appended to a user's status message that others see. For example, I am available @ Austin, TX. When not set, a user is not able to share location information.
im.2035 1
Enable offline access
When set, a user can enter the Sametime client without logging in. This allows users to perform some tasks such as view chat history when offline. When not set, offline access is not allowed.
im.2036 1
Offline access password minimum length:
When set, a user can enter the Sametime client without logging in. This allows users to perform some tasks such as view chat history when offline. When not set, offline access is not allowed.
im.2037 8
Offline access password expiry days:
When set, this is the number of days until a password expires. When left blank or set to zero, the password never expires.
im.2026 0
Offline access prompt delay :
When set, this is the number of minutes for which a user can re-enter offline mode without entering a password again. When left blank or set to zero, a user must always enter a password.
im.2027 30
Disable untrusted SSL
When set, this policy prohibits a user from logging in to a server that does not have a certificate trusted by the device. When not set, a user can log in to a Sametime server that has a certificate not trusted by the device.
im.2028 0
Disable URL dialer
When set, OpenScape is not displayed as a click-to-call choice even if OpenScape is installed on the device. When not set, a user is able to choose OpenScape as a method of making calls from Sametime if OpenScape is installed on the device.
im.2029 0
Minimum force logout duration:
When set, this is the amount of minutes a user can stay logged in before being automatically logged out. When left blank or set to zero, a user is logged out after the amount of time they configure on their device.
im.2030 -1
Disable chat history
When set, this policy prohibits users from saving chat history on the device. When not set, a user has the option to save or not.
im.2031 0
Disable password save
When set, this policy prohibits users from saving their password on the device. A user must always enter a password when connecting to the server. When not set, a user can choose to save their password or not.
im.2032 0
Allow contact export
When set, this policy enables users to export Sametime contact information to a native contact application on the device. When not set, a user is not allowed to export Sametime contact information.
im.2033 1
Offline access password required
When set, this policy requires a user to enter a password to enter the Sametime client without logging in. This policy is applicable only when Enable Offline Access is set. When not set, a user does not need to enter a password to access the client in offline mode.
im.2034 1





Audio/Video
Attribute Group "avserver.policygroup" policy-attribute id current-value
Allow access to third-party service provider capabilities from contact lists, instant messages, and meetings av.allowAccessToTPartyFromCListAndIM 0
Allow changes to preferred numbers
When checked, allows users to manage a list of devices for calls.
av.allowChangesToPrefNumbers 1
Voice and video capabilities available through the Sametime Media Server:
0=None
1=Audio only
2=Audio and video
av.avCapAvailableThroughSMS 2
Allow Audio/Video use in the web browser
When checked, users will be allowed to use audio/video capabilities in Sametime Meetings from a web browser.
av.allowWebClient 1
Allow access to internal service provider for audio and video conferences.
When checked, users can make audio video calls using internal service provider for audio and video conferences
av.allowMultipointCalls 1
av.enableSVC 1
Enable encryption for client:
0=Off
1=On
2=Auto
av.enableClientEncryption 2
Video resolution: av.videoResolution CIF 352x288@15fps 384kbps
Custom video resolution:
Setting a custom video resolution will override the selected video resolution and should only be used if instructed to do so by a 3rd party MCU provider
av.customVideoResolution
Client line rate (kbps):
When checked, users will be allowed to set line rate
av.clientLineRate 384
av.ConferenceTemplateList av.ConferenceDefaultTemplate





Sametime Unified Telephony
Attribute Group "sut.policyGroup" policy-attribute id current-value
Allow changes to the permanent call routing rule sut.2024 1
Allow use of "Offline" status in call routing rules sut.2025 1




Attribute Group "sutlite.policyGroup" policy-attribute id current-value
av.allowSIPTrunking





Mobile Audio Video Policy
Attribute Group "av.mobilePolicy" policy-attribute id current-value
AV Policy for Mobile:        
0=None
1=Audio Only
2=Audio and Video
av.allowMobileClient 2
Allow Mobile Client Video on WiFi only av.allowMobileWiFiOnly 0
Call Line Rate for Mobile Client: av.mobileLineRate 384
Allow call history to be stored on Mobile Client av.mobileAllowCallHistory 1





Default audio video template
Attribute Group "av.ConferenceDefaultTemplate" policy-attribute id current-value
Enabled av.isGroupEnabled 0
Default audio video template av.ConferenceTemplateName_Default Default Audio Video Template
Cascaded Conference :
0= None
1=Bandwidth
2=Large conference
av.allowCascadedConference_Default 0
Conference mode: av.conferenceMode_Default Mixed AVC and SVC
Conference mode experience: av.conferenceModeExperience_Default Optimized for mobile devices
Conference Line Rate:
Sets the maximum allowed line rate for this conference template
av.ConferenceLineRate_Default 384
Encryption:
Allows user to choose the encryption type for this conference template
0=Encrypt all
1=Encrypt when possible
2=No encryption
av.allowConferenceEncryption_Default 1
Video quality:
Allows user to set video quality
av.videoQuality_Default Sharpness






References:
Thomas Hampel, All rights reserved.