Personal Blog of Thomas Hampel - Creative Mythbusting in Development and Collaboration

Query results for : How-To

Domino SingleSignOn - Level 1 - LDAP Authentication- 13 February 2017 - (0) Comments

Thomas Hampel
 13 February 2017

Based on a recent discussion with a customer it seems there still is not enough information on how to simplify authentication for Notes/Domino users.
This is the first post our of a series of blog posts describing how to move from password based to seamless authentication.

Level 1 – LDAP Authentication

Main goal of this level is to provide users with the ability to authenticate with Domino internet protocols such as HTTP using LDAP (e.g.Active Directory) credentials. The Notes Client authentication remains unchanged.
When using a web browser to access a Domino server, users will be prompted for username and password.
This authentication dialog looks like one of the following examples:
Image:Domino SingleSignOn - Level 1 - LDAP AuthenticationImage:Domino SingleSignOn - Level 1 - LDAP Authentication
Credentials entered here will be forwarded to Active Directory for authentication.
Within this process username and password will be sent over the network, so it is highly important to secure the transmission using SSL/TLS.

Pros and Cons

+ Lost/forgotten passwords on a monday morning are no longer your problem. The AD guys have to take care :)
+ No need to manage HTTP passwords and no need to sync HTTP and Notes passwords
- All authentication requests will be forwarded to LDAP/AD, entering wrong passwords multiple times -depending on your policy- will lock out your AD account.

Prerequisites:

In order for Active Directory authentication to work, the Notes user name must be stored within Active Directory (or the AD name must be stored in Domino). This is required to map Active Directory user name to a Notes user name.
  • Within Active Directory, each user object must have a (custom) attribute storing the Notes User name in DN format. This format is described as the full canonical user name of the Notes user (e.g. “CN=Firstname Lastname,OU=Department,O=Company”) where any slash (“/”) is replaced by a comma (“,”)
  • The name of this (custom) attribute of the user object in Active Directory can be any name of your choice, I will be using “mailNickname”, but you can use any other attribute you like.
    This attribute is recommended to be included in the AD Index for performance reasons. For details how to do this, please refer to this article which relates to an older version of AD but is still valid.
  • Synchronization from Domino Directory to Active Directory is done on a regular basis, e.g. by using TDI (which is free for Domino customers) with some AssemblyLines for Domino
  • A non-expiring Active Directory User account is required that will be used by Domino for Single SignOn purposes.
How to...
reconfigure Domino HTTP authentication to use Active Directory for authentication of browser sessions?
If not already done:
  • Import the trusted root certificate of the LDAP server into the key ring file of the Domino server.
    Please note that Domino will be the client for the LDAP session in this case, so the *.kyr file that is being used is the one in the server document!
  • Create a Directory Assistence (DA) database
  • Add the DA to your Domino server document
    Image:Domino SingleSignOn - Level 1 - LDAP Authentication

okay, whats next:
  1. Within the Directory Assistance database, add a new document and configure it like shown below:
    Image:Domino SingleSignOn - Level 1 - LDAP Authentication
    Of course you are supposed to supply your correct Kerberos realm name. If in doubt, ask your AD admin.
  2. Set "Trusted for Credentials" to Yes
    Image:Domino SingleSignOn - Level 1 - LDAP Authentication
  3. Configure how to connect to the LDAP (­) server.
    Image:Domino SingleSignOn - Level 1 - LDAP Authentication
  4. Save & close

Now restart the Domino server and check if LDAP is being shown in the list of directories.
Issue the command "Show xdir" at the server console for details.

Troubleshooting:

Apache LDAP Studio is your friend. Make sure your LDAP credentials are correctly working and that your Base DN is providing the expected results before setting up Directory Assistence towards AD.
Some more hints:
  • You can specify multiple LDAP servers, they will be used one after the other based on the search order you have supplied
  • Search order in the Directory Assistance document must be unique. You can not use the same "Search order" twice.
  • Domino will be the client for the LDAP session in this case, so the *.kyr file that is being used is the one in the server document!
    If you are using Internet sites, then Edit the server document, disable internet sites (without saving) and specify the *.kyr file there. When done, switch back to the basics tab and re-enable Internet Sites.
    The file specified will still be used for all outbound connections, the kyr file specified in the internet sites is used for inbound connections only!
    Image:Domino SingleSignOn - Level 1 - LDAP Authentication
  • Thes Notes.ini variables will increase the log level for further debugging
    debug_directory_assistance=1
    debug_namelookup=1

Result:

When prompted for username/Password you can now use your Active Directory username and AD Password.
Transitioning from Domino HTTP passwords to AD passwords is seamless because users can still use the Domino HTTP password even if LDAP authentication has been configured.
Once the transition is completed you should clear the HTTP password field from the person document.

Out of Office - Send Full Copy to deputy- 9 August 2015 - (0) Comments

Thomas Hampel
 9 August 2015

Summer time, vacation time... You have enabled Out of Office notification, so why would you want to duplicate inbound mails?
Lets say you really are offline and you want your deputy / stand-in to take care of new mails, what options do you have?
In best case we want a deputy to receive a copy of each mail while keeping the original mail in your inbox.

Delegating Access
A first option is delegating access to your mail - this will grant read access to all your data and your deputy wont get notified on new mails.
Another option is to just forward all mails to your deputy by defining a forwarding address in the person document:
Image:Out of Office - Send Full Copy to deputy
This is not a good idea for people who want to see what happened while they were out because mails will just be forwarded. You wont get any mail in your inbox this way.
It might not even be an option as some organizations do not allow users to edit the person document.

Mail Rules
Another option is to use mail rules in your Notes client to send a copy of each inbound mail to somebody else. This can be done by creating a new rule which applies to all documents...
Image:Out of Office - Send Full Copy to deputy
and defining a recipient of your choice --- in this example its "firstname.lastname@domain.com"
Image:Out of Office - Send Full Copy to deputy
Works like a charm, but what if your Administrator has disabled user rules mail forwarding in the configuration document of your server?
Image:Out of Office - Send Full Copy to deputy
...or even took more drastic measures like modifying your mail template to not even show the option "Send Fully Copy to..:" ?

Agents
You could look into writing an agent that runs on the server, but no Domino Admin should allow users to run scheduled agents on the mail server.
So trying to create an agent in your mail file will most likely end up with "You are not authorized to use agents in this database"
Image:Out of Office - Send Full Copy to deputy

Duplicate Mails (with help of your Domino Administrator)
Since you have rewarded your administrator recently for keeping your computers running you'll get friendly support for the following configuratoin:

What you need to do:
1.) Create a Mail-In Database document which points to the mail file of the user who is out of office.
Make sure the Mail-in name is unique and does not resolve name lookup conflicts
Image:Out of Office - Send Full Copy to deputy

2.) Create a Group of type "Mail only",
members of this group will be Mail-in database which has been created above as well as any person who shall receive a copy of the mail(s).
You can define one or multiple recipients using internet mail addresses or Notes user names.
Image:Out of Office - Send Full Copy to deputy

3.) Edit the person document and put the Group name created above to be the forwarding address
Image:Out of Office - Send Full Copy to deputy

4.) Testing
Wait for replication to finish within your Domain and send a test mail to the user.
This mail will be delivered to the original users mail file and also to the deputy(s) defined in the group.

Remarks:
Depending on how you have configured the Recent Contacts feature your Notes client might show the name of the mail-in database in future name lookups.
If this is an issue either purge your recent contacts or disable it completely

References:

PANIC Unexpected internal error returned to logger 0x20692010- 27 March 2015 - (0) Comments

Thomas Hampel
 27 March 2015

Tip of the day:
When running Domino server commands on the operating system of a server, make sure to run the command from a console with Admin access rights, otherwise you'll get this:

PANIC: Unexpected internal error returned to logger: 0x20692010

Image:PANIC Unexpected internal error returned to logger 0x20692010

Reference:

SPR # PALL8WA3Y8

Solution

Open a command prompt by right clicking and selecting "Run as Administrator", then run the command(s) again.

Root cause:

Problem in front of keyboard.

Monitoring IBM Domino Server on Linux via SNMPv3- 5 January 2015 - (0) Comments

Thomas Hampel
 5 January 2015

Monitoring Domino servers via SNMP should be a simple task, if it would be documented properly.
There are quite a few blog posts out there on the internet such as
this nice article by Detev Schuemann which unfortunately is in German.. So I'd like to provide an english translation with a few updates which in my opinion are valuable.

Background

Simple Network Management Protocol (SNMP) is a protocol for monitoring network devices such as routers, switches, servers, printers and much much more.
Vendors of a device are providing a definition of values which can be read or modified in form of a
MIB (Management Information Base). Those values are called OIDs (object identifiers) and are ordered in a hierarchical structure.

MIB definitions for Domino can be found online
http://www.oidview.com/mibs/334/NOTES-MIB.html
A MIB file for IBM Domino can be found in the Domino program directory and is called "domino.mib"

On a Linux server the file can be found here /opt/ibm/domino/notes/latest/linux/domino.mib


Step-by-step Instructions

For each Domino server which you want to monitor, you need to enable SNMP support, the following is a step by step description of what you need to do for a Domino server on Linux.
Instructions for Windows are available here
Examples below are based on
CentOS which is using yum as package manager. For other Linux distributions commands are slightly different, also path references shown in the example below might not be the same for you.

Step 1 - SNMP Master Agent

Although Domino its own snmp master agent, I recommend not to use it because the version supplied with Domino is the rather dated version 5.0.7
.
Currently version 5.7.3 is the latest version available. Check the
net-snmp change log to see what has changed between versions.
Obviously you should prefer using the operating system snmp master agent which comes preinstalled for a number of Linux distributions.
If not already installed, you can install the package net-snmp with the following command.

# yum install net-snmp

The library net-snmp-utils provides some additional tools like snmpwalk, which we will need later on for testing functionality
# yum install net-snmp-utils

To check the version you are running...

$ snmpwalk --version

Image:Monitoring IBM Domino Server on Linux via SNMPv3
Note: Current releases of CentOS and Redhat provide net-snmp version 5.7.2 by default.


Option B - NET-SNMPD v5.0.7 provided by Domino

Domino provides net-snmpd in version 5.0.7  - again, I do not recommend using this version.

However, if really want to use it enter these commands to copy the required files to the /etc directory and make sure the service is started after a reboot.

# cp /opt/ibm/domino/notes/latest/linux/net-snmpd* /etc
# ln –f –s /etc/net-snmpd.sh /etc/init.d/net-snmpd

# chkconfig --add net-snmpd

# chkconfig net-snmpd on

Note that in this type of configuration your settings are stoed in the file  /etc/net-snmpd.conf

Step 2 - Update Configuration

Back up the original config file to a location of your choice

cp /etc/snmp/snmpd.conf /root

Edit the file /etc/snmp/snmpd.conf . Modifying this file is only required if you are using the master agent provided by your OS.

# nano /etc/snmp/snmpd.conf

1.) Search for sysLocation and update it according to your needs as shown here:
sysLocation    YourDataCenterLocation
sysContact     email@yourdomain.com


2.) define a username/password combination for SNMP v3 authentication
Of course the user name and password used in this example are to be changed to fit your needs

createUser SNMPv3UserName MD5 SNMPUserSecretPassword AES


3.) At the end of the same file, add this line:
smuxpeer 1.3.6.1.4.1.334.72 NotesPasswd

Dont forget to save the file


Step 3 - SNMP Startup Script

Although you could add /usr/sbin/snmpd as a service directly, its probably more useful to use a startup script.

Domino already provides such a script - you just need to modify the configuration so that it can be used.


# cp /data/ibm/domino/notes/latest/linux/net-snmpd.sh /etc/init.d/net-snmpd

# nano /etc/init.d/net-snmpd


Update the configuration (starting in line 31) as follows:

INSTDIR=/usr/sbin
PROGNAME=snmpd

PROGPATH=$INSTDIR/$PROGNAME

CONFNAME=snmpd.conf

CONFPATH=/etc/snmp/$CONFNAME

LOGPATH=/var/log/snmpd.log

PROGARGS="-C -c $CONFPATH -l $LOGPATH"

Make sure the startup script runs at next boot

# chkconfig --add net-snmpd
# chkconfig net-snmpd on


Step 4 - Update Firewall Rules

SNMP requires UDP port 161 to be accessible, so you need to open this port on the local firewall.
Do not forget to open this port on any other firewall on your network which is between the monitoring server and your Domino server
# iptables -I INPUT -p udp --dport 161 -j ACCEPT


Step 3 - Testing basic functions

Test basic SNMP functionality
from the local host and also from a remote server.
# snmpwalk -v3 -u SNMPv3UserName -A SNMPUserSecretPassword -a MD5 -l authnoPriv dominoserver.domain.com .1.3.6.1.4.1.2021.100.2.0

As a result you should get the version number of the SMTP master agent

Image:Monitoring IBM Domino Server on Linux via SNMPv3

Step 5 - Enable Domino SNMP Agent

Make sure LNSNMP will be started after a reboot. (Note: change the path to match your configuration!
)
# ln -f -s /opt/ibm/domino/notes/latest/linux/lnsnmp.sh /etc/rc.d/init.d/lnsnmp
# chkconfig --add lnsnmp

# chkconfig lnsnmp on
# service lnsnmp start

In case you get the error  "LOTUSDIR must be set in the environment or in this script." you need to update script so that it can find the path to your Domino server, e.g. LOTUSDIR=/opt/ibm/domino


if everything has worked out, starting the lnsnmp should provide the following output

New sub-agent on server is registering a sub-tree with branch ID:
1.3.6.1.4.1.334.72.3

Sending SNMP "Server Up" trap for server .

service lnsnmp startNew sub-agent on server is registering a sub-tree with branch ID:

1.3.6.1.4.1.334.72.1


Step 6 - Domino Tasks

Start the following tasks from the Domino server console

load quryset
load intrcpt
load collect

"quryset" is required to support SNMP queries

"intrcpt" is required to support SNMP traps for Domino events

"Collect" is required to support statistic threasold traps

Create a program document or add the tasks to the Notes.ini variable "ServerTasks=" so ensure they are started automatically after a server restart.

Step 7 - Testing Domino SNMP agent response

Now its time to test if we can access Domino objects via SNMP, e.g. by reading a single value.

$ snmpget -v3 -u SNMPv3UserName -A SNMPUserSecretPassword -a MD5 -l authnoPriv dominoserver.domain.com .1.3.6.1.4.1.334.72.1.1.6.2.1.0

Should return the fully qualified Domino Server name as a string

Image:Monitoring IBM Domino Server on Linux via SNMPv3

Ok, you're done... the Domino SNMP Agent is configured and can be used.

However, there still is some work to be done on your SNMP management console e.g.
Nagios ,FAN , Cacti (or whatever you are using) in order to monitor Domino via SNMP (for example, server down).

Next Actions:

If you like this post, please let me know via Twitter
@ThomasHampel or by leaving a comment below. Please note that comments are moderated and wont show up before being approved.
Hint... configuring Nagios for Domino monitoring and configuring Cacti for trend analysis is subject of another blog post which I'm already working on.


Troublshooting
  • Check snmpd.log for errors
    # cat /var/log/snmpd.log
  • Error : refused smux peer: oid SNMPv2-SMI::enterprises.334.72, descr Lotus Notes Agent
    see
    IBM Technote 1313318
  • Error - Unknown User
    Either a typo in the user name or you forgot to add the user to the snmpd.conf file in step 1, search the config file for something like this:
    createUser SNMPv3UserName MD5 SNMPUserSecretPassword AES
  • Error in packet. Reason: authorizationError (access denied to that object)
    The user exists and the password worked, but does not have access rights required. Check snmpd.conf to see if you have granted at least read only rights, search the file for a string like this:
    rouser SNMPv3UserName

Tools:

Take a look at
Paessler SMTP Tester (Freeware / Windows)
Image:Monitoring IBM Domino Server on Linux via SNMPv3

Further reading:

Deploying IBM Notes Dictionaries in XTAF format using Widgets- 17 December 2014 - (1) Comments

Thomas Hampel
 17 December 2014

Believe it or not, English is not the only language on our planet...and the Notes client of course needs to provide spell checking capabilities for the most common languages.
For Notes v8.5.1 and above IBM provides dictionaries in XTAF format shipped in a ZIP file which can be
installed via File\Applications\Install, but I dont want the average end user to do that alone.

Although the Notes Client installer package can be customized to
include additional dictionaries, you probably have deployed the Notes Client already.
So how do you deploy additional dictionaries without building a new client package, preferably in a way that end users can self decide which dictionaires they would like to install?

Main idea is to use Widgets for allowing users to self install dictionaries they need by using a Widget Catalog and thw My Widgets sidebar of the Notes client.
Ok, lets get started...

Preparations
  • Download the required dictionary files Passport Advantage
    Package is titled "IBM Notes XTAF Dictionaries V9.0", part numbers are :
    Mac=CIF0DML
    Linux=CIF6BML
    Windows=CIF0EML

Build an Eclipse UpdateSite for the XTAF dictionaires
  • Extract the packages to a new temporary folder, once completed it should somewhat look like that:
    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets
  • Now you would create one subfolder for each language and extract EACH of the ZIP files into its own folder, and unzip files one by one.
    If you dont like to do this yourself, just put the following batch file into the same folder and run it.
    unzipXTAFsites.cmd
    It will use
    7zip (which you have installed hopefully) to unzip each file to its own subfolder

    Once completed you should have 23 subdirectories by now, each one should contain the following:

    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets
  • Create a new NSF based Eclipse UpdateSite, a new one is recommended for not mixing up with other versions
    Make sure to set up a propper ACL, users should have read access only!
  • Open the newly created database and use the button Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets to load each of the XTAF dictionaries into the Eclipse Update Site
    The result should look like this:

    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets


Creating Widgets
  • If not already available, create a new Widget Catalog as described here
  • In your Notes Client, start creating a Widget by clicking the icon "Getting Started with Widgets...."
    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets
  • In the first dialog choose "Features and Plugins"
    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets
  • Enter the URL for the update site.
    If you want the connection between the client and the server to use the Notes protocol, use "nrpc://" e.g.  "nrpc://your-servername/path/updatesitefilename.nsf/site.xml"
    if you want to use the HTTP protocol, use "http://" or "https://", e.g. "
    http://your-servername.domain.com/path/updatesitefilename.nsf/site.xml""
    Click on "Load" to see the list of available features to install.

    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets
  • Select the language(s) you want to wrap into a widget, click Finish to create a widget.
    I do recommend one widget for each language, of course you can also wrap all at once into a single Widget or just use subset of available dictionaries.
    Note: You do not need to restart the Notes client when you are prompted.
  • Within the Widget Sidebar of your Notes Client, choose the new widget and right-click it to publish the widget to the widget catalog
    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets
    Dont forget to add meaningful details in the new document so that your end users know what the widget provides.
    e.g. All Dictionaries for IBM Notes 9.0
    and in the details section of the widget, provide a meaningful text explaining how to install a widget, e.g.:
    The result should somewhat look like this:

    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets

What end users need to do to (manually) install a new dictionary
 
When not using policies, end users need to...
  • Click "File\Preferences\" and select "Widgets"
  • Enable "Show Widget Toolbar..."
    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets
  • This will show the new My Widget sidebar panel on the right hand side of the Notes client.
    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets
  • Click the first icon Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets "Browse the Widget catalog"
  • Open the widget catalog entry for the language(s) you want to install
  • Drag & drop the file attachment "extension.xml" from the catalog into the "My Widgets" sidebar
    The Notes Client will now automatically install the dictionary files and will prompt to restart the Notes client.

    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets
  • After restarting the Notes Client, additional dictionaries are available in "File\Preferences\Spell Check"
    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets

How to deploy dictionaries using Domino policies
  • Within the Desktop Policy Settings, verify that you have specified the widget catalog server and filename
    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets
  • In the same document, define a catagory which will be automatically deployed to end users, in this example it is "Autodeploy"
    You can of course use the category "Dictionaries" which you have defined when creating the widget itself but this will not allow to fine tune which dictionary to be pushed out.

    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets
  • Back in the Widget Catalog, modify those widgets which you want to deploy and add the (new) category "Autodeploy" to each of them.
    Image:Deploying IBM Notes Dictionaries in XTAF format using Widgets
  • Once done, the widgets/dictionaries will be deployed to your end users the next time they start the Notes client.

Conclusion

I know there are lots of other methods to roll out dictionaries, e.g. by using File\Application\Install , but I find this too complicated for average users.

Make sure to show the sidebar "My Widgets" to your users...
If you're using a desktop policy, check if you have set the parameter "Show the My Widgets panel in the sidebar:" set to "Yes" in the tab "Widgets" of the applicable policy settings document.


Reference:

The Dummies Guide to 2048 Bit SSL Self Signed Certificates in Domino- 7 May 2014 - (3) Comments

Thomas Hampel
 7 May 2014

Setting up SSL in Domino using Self Signed Certificates is easy, one can choose between SSL using Domino as Certificate Authority or setting up SSL in Domino using the CA Process or even using an IBM HTTP Server in front of Domino
Since I'm still getting questions on how to quickly create a self signed certificate for Domino, here is a guide for dummies....

When working with self signed certificates in Domino, the product documentation wont tell you there's one small problem:
In the standard Domino Server Certificate Administration template (csrv50.ntf) there is no option to specify the key length for self signed certificates, so by default any new keys will be created with a key length of just 512byte, which is not enough for modern browsers nor for Internet Explorer 9 (or above), see
http://technet.microsoft.com/en-us/security/advisory/2661254
Image:The Dummies Guide to 2048 Bit SSL Self Signed Certificates in Domino

So lets get this fixed by applying some small modifications to the template so the key size can be adjusted when needed. At the same time we can also change the default validation time to be configurable.
Continue Reading "The Dummies Guide to 2048 Bit SSL Self Signed Certificates in Domino" »

Create a replica without having direct server access- 5 July 2013 - (0) Comments

Thomas Hampel
 5 July 2013

Here the problem:
You want to create a new replica of an existing database on a server which you are responsible for, you are not allowed to access the remote server.
Not having access means your user ID is e.g. in an access deny group, or in a more simple scenario a firewall is blocking direct access.

However, how would you pull a new replica from the remote server down to yours?
The answer is simple - you can set up a replica stub on your server without the need of accessing the remote server.

Step by step instructions

1. Switch to your workspace, make sure you have no database selected.
2. Use File\Replication\New Replica
3. Type the Servername + Filename >from< which you want to pull the replica.

Image:Create a replica without having direct server access
4. Click "Select"
Now your client will try to connect to the remote server, which of course wont work.

Image:Create a replica without having direct server access
5. A dialog box will display, showing an incomplete question

Image:Create a replica without having direct server access
Here you have to select "Yes" without knowing what the question actually means.
Note: Obviously thats a bug, but it seems that it has not been fixed yet.
6. Choose to which server you want to put the replica, also define a file name of your choice.
7. Disable "Create Immediately"

Image:Create a replica without having direct server access
8. Hit okay to create an uninitialized replica stub
9. Last and final step is to replicate this database on console level using the command:

    >pull remoteserver/ou/o localpath/filename.nsf

A note for beginners:
Your server also must be allowed to read from the remote server and the target server needs to know how to reach the source server...so make sure you have propper name resolution or connection documents in place.  

How to supply your admin with a precise copy of a mail for further analysis- 13 December 2012 - (0) Comments

Thomas Hampel
 13 December 2012

Have you ever been in the situation when a user had to supply an admin with an example of the message incl. header information?
Forwarding copies or replied mails are unusable regardless of how they are saved.


In order to supply admins with what they need for further analysis, please follow these instructions...

Lotus Notes 6.x-8.x
  1. From the Lotus Notes mail database window, select the message you want to submit.
  2. Open the message full view (not preview mode).
  3. From the "View" menu, select "Show" then "Page Source".
  4. From the "File" menu, select "Export."
  5. In the "Export" pop-up window, enter a filename and choose a location to save the file.
    From the "Save as type" drop-down list select "ASCII Text." After entering the filename, press "Export."
  6. In the next dialog box, select "Default Character Set" and then click OK.

Lotus Notes 5.x and below
  1. From the Lotus Notes mail database window, select the message you want to submit.
  2. From the "File" menu, select "Export."
  3. In the "Export" pop-up window, enter a filename and choose a location to save the file.
    From the "Save as type" drop-down list select "Structured Text." After entering the filename, press "Export."
  4. Select "Selected documents" in "How Much to Export" of the "Structured Text Export" dialog box, and press OK.
    Now, save the text file in the location you designated in Step 3.

And in case anyone is still using less functional mail clients....

Note: Some versions of Outlook offer two options to save an .msg file - one is "Outlook Message Format", the other is "Outlook Message Format - Unicode". You should NOT select the Unicode format, this could cause problems when you save and submit the file.

Microsoft Office Outlook 2003/2010
  1. Open Microsoft Office Outlook 2003.
  2. Double click to open the email message that you want to save.
  3. From the "File" menu, select "Save As."
  4. The "Save As" pop-up window displays. Select "Outlook Message Format" from the "Save as type" drop-down list.
  5. Select the folder in which you want to save the message. Note, the "File name" is provided by default. You can change this if you want.
  6. Click "Save." The message is saved with an ".msg" file extension.

Microsoft Office Outlook XP
  1. Open Microsoft Office Outlook XP.
  2. Double click to open the email message that you want to save.
  3. From the "File" menu, select "Save As."
    The "Save As" window displays. Select "Message Format (*.msg)" in the "Save as type" drop-down list.
  4. Select the folder in which you want to save the message. Note, that the "File name" is provided by default. You may change this if you want.
  5. Click "Save." The message is saved with an ".msg" file extension.

Microsoft Outlook Express
  1. Open Microsoft Outlook Express.
  2. Double click to open the email message that you want to save.
  3. From the "File" menu, select "Save As."
  4. The "Save Message As" pop-up window displays. Select "Mail (*.eml)" from the "Save as type" drop-down list.
  5. Select the folder that in which you want to save the message. Note, the "File name" is provided by default. You can change this if you want.
  6. Click "Save." The message is saved with an ".eml" file extension.

Apple (Mac) Mail
  1. Select the message you want to save.
  2. From the "File" menu, select "Save as ..."
  3. In the pop-up window, select the format "Raw Message Source"
  4. Save with a filename including a .txt or .eml extension

Other Mail User Agents
Save the email that you want to report as a text file. Make sure that the message is as close to its original form as possible. Your mail client might allow you to save rendered text as well as the original source -- it is the original "raw source" that is needed. Make sure the original email headers are intact and included in RFC-822 format. Typical file name extensions are .eml and .txt

Please attach .txt/.msg/.eml file to a new email which you can send to your administrator.
Go ElsewhereSubscribe to RSSAboutStay ConnectedAnd More
Thomas Hampel, All rights reserved.