Query results for : January 2015
Look what I’ve found- 18 January 2015 - (1) Comments
Thomas Hampel
18 January 2015Packing for IBM ConnectEd 2015 I stumbled into last years IBM Connect 2014 backpack...
The little surprise surprise I've found inside was the ***drumroll*** original Lotusphere Pretzel Cookie !!
No, I'm not planning to eat it althgouh its calories would last a month or two Who knows what will happen if anyone would take a bite.
Given the fact that 2014 was the last year where the word Lotusphere appeared at the show, this cookie is probably turning into a collectors item.
I'm wondering if there are people who would try making big money by selling it on ebay?
Hint: Stop searching ebay, you can't really buy that cookie there.
AdminP Move User - Access Rights seem not to work in Domino 9.0.1FP1 and how to work around- 12 January 2015 - (0) Comments
Thomas Hampel
12 January 2015Moving mail files from server to server is a simple task, AdminP handles this job properly. It does even work across domains... and it worked perfectly in numerous projects in the past.
Until today when I ran into a problem where the same process 'all of a sudden' (**what else**) caused an error in AdminP - but only for a specific group of destination servers.
After creating the AdminP Move User request (using our internal tools), the AdminP request "Check Mail Server's Access" failed with this error:
Errors:
Title: Domain's Directory Path: Domain's Directory; Name: Admin Lastname/OU/Org;
Error: Both the signer and the author of this request must have Editor access or Author access with the UserModifier role to the Domino Director
Analysis
We checked access rights on both sides... several times....but everything was set up correctly. Even restarting the server (to refresh the name lookup cache) did not change the situation.
Finally after a few chats with my colleagues they indicated it could be related to a problem they had seen before, referencing an old bug ( LO81200 ) and also pointing to a new SPR
SPR # JPAI9FEKCP, fixes a Notes Client issue where if a local NAMELookup cache has been created it is inappropriately being used as opposed to doing the NAMELookup on the remote server. This may result in Notes Client errors indicating insufficient access to perform any number of Notes Client operations such as Admin Client move user or simply signing of databases.
Although the SPR reads like it would apply to Notes Clients only, I can confirm it does apply to Domino Servers as well, at least for that specific AdminP request type "Move User"
We did a few tests and quickly found a workaround, so here is what you can do about it:
Temporary Solution:
Don't use groups to grant the specific access rights.
In our case putting the name of the person who signed the AdminP request >directly< into the ACL of the Names.nsf of the destination server fixed the issue.
This is what the AdminP Move User reuqest should look like before the user authenticates
Permanent Solution
Apply Domino 9.0.1 FixPack2 now or wait for Domino 9.0.2 to be released.
Lessons learned:
1. Always install the latest version of Domino
Note: The destination server in question is not maintained by our team.
2. What an awsome team we have :)
References
- SPR # JPAI9FEKCP
- IBM Technote # 1091068 - Steps taken by the Administration Process to move a mail file to a new server
- Download Options for Notes & Domino 9.0.1 Fix Packs
Opening another mail file is causing Type mismatch in method CoerStrToNum: STRING found, DOUBLE expected- 7 January 2015 - (2) Comments
Thomas Hampel
7 January 2015Problem:
Opening the mail file of another person is causing the message "Type mismatch in method CoerStrToNum: STRING found, DOUBLE expected" to be displayed:
While IBM Technote 1303181 only provides a basic idea of what is wrong, it does not give any idea what can be done to fix it.
So I had to look into details and quickly found the problem.
Steps to reproduce
In order to reproduce the problem, this is what you have to do:
- Make sure you have the Notes.ini variable CHECK_QUOTA_ON_MAIL_CREATE set to 1
- Open another person's mail file, this will write the current date at the end of the Notes.ini variable DELEGATED_MAIL_FILEx
- Close your Notes client
- Change the date format of your operating system from DD.MM.YYYY to MM/DD/YYYY (or the other way around)
- Open the same other persons mail file again.
Analysis
Trying to find the root cause with debugging enabled shows a different error "*CE39918+421: Type mismatch"
but at least it indiicates the problem is located in the Database Open script.
What is causing this problem?
Obviously it is a String to Date conversion issue. Storing a Date in a String to convert it back to a date is never a good idea. If you really need to do it you should not rely on the CDat function to work. Write your own function which does ignore the
Regional settings - in specific the date format - of this workstation have been changed.
Resolving the problem
Change the date format of your operating system back to what it should be.
If the date format of your computer is correct and the problem still persists, then manually update your Notes.ini and remove all lines starting with DELEGATED_MAIL_FILE or by updating the date format at the end of this line yourself.
Permanent solution
A perfect solution would require to update the mail template to be updated. in specific the script Library "CheckQuotas" contains a class called "CheckQuota" with the Sub "SetCalMgrINI"
This sub contains several references where a string is being converted to a date. This is where additional verification is required to ensure the string value is a date which can be converted using the current regional settings.
Monitoring IBM Domino Server on Linux via SNMPv3- 5 January 2015 - (0) Comments
Thomas Hampel
5 January 2015Monitoring Domino servers via SNMP should be a simple task, if it would be documented properly.
There are quite a few blog posts out there on the internet such as this nice article by Detev Schuemann which unfortunately is in German.. So I'd like to provide an english translation with a few updates which in my opinion are valuable.
Background
Simple Network Management Protocol (SNMP) is a protocol for monitoring network devices such as routers, switches, servers, printers and much much more.
Vendors of a device are providing a definition of values which can be read or modified in form of a MIB (Management Information Base). Those values are called OIDs (object identifiers) and are ordered in a hierarchical structure.
MIB definitions for Domino can be found online http://www.oidview.com/mibs/334/NOTES-MIB.html
A MIB file for IBM Domino can be found in the Domino program directory and is called "domino.mib"
On a Linux server the file can be found here /opt/ibm/domino/notes/latest/linux/domino.mib
Step-by-step Instructions
For each Domino server which you want to monitor, you need to enable SNMP support, the following is a step by step description of what you need to do for a Domino server on Linux. Instructions for Windows are available here
Examples below are based on CentOS which is using yum as package manager. For other Linux distributions commands are slightly different, also path references shown in the example below might not be the same for you.
Step 1 - SNMP Master Agent
Although Domino its own snmp master agent, I recommend not to use it because the version supplied with Domino is the rather dated version 5.0.7.
Currently version 5.7.3 is the latest version available. Check the net-snmp change log to see what has changed between versions.
Obviously you should prefer using the operating system snmp master agent which comes preinstalled for a number of Linux distributions.
If not already installed, you can install the package net-snmp with the following command.
# yum install net-snmp
The library net-snmp-utils provides some additional tools like snmpwalk, which we will need later on for testing functionality
# yum install net-snmp-utils
To check the version you are running...
$ snmpwalk --version
Note: Current releases of CentOS and Redhat provide net-snmp version 5.7.2 by default.
Option B - NET-SNMPD v5.0.7 provided by Domino
Domino provides net-snmpd in version 5.0.7 - again, I do not recommend using this version.
However, if really want to use it enter these commands to copy the required files to the /etc directory and make sure the service is started after a reboot.
# cp /opt/ibm/domino/notes/latest/linux/net-snmpd* /etc
# ln –f –s /etc/net-snmpd.sh /etc/init.d/net-snmpd
# chkconfig --add net-snmpd
# chkconfig net-snmpd on
# ln –f –s /etc/net-snmpd.sh /etc/init.d/net-snmpd
# chkconfig --add net-snmpd
# chkconfig net-snmpd on
Note that in this type of configuration your settings are stoed in the file /etc/net-snmpd.conf
Step 2 - Update Configuration
Back up the original config file to a location of your choice
cp /etc/snmp/snmpd.conf /root
Edit the file /etc/snmp/snmpd.conf . Modifying this file is only required if you are using the master agent provided by your OS.
# nano /etc/snmp/snmpd.conf
1.) Search for sysLocation and update it according to your needs as shown here:
sysLocation YourDataCenterLocation
sysContact email@yourdomain.com
sysContact email@yourdomain.com
2.) define a username/password combination for SNMP v3 authentication
Of course the user name and password used in this example are to be changed to fit your needs
createUser SNMPv3UserName MD5 SNMPUserSecretPassword AES
3.) At the end of the same file, add this line:
smuxpeer 1.3.6.1.4.1.334.72 NotesPasswd
Dont forget to save the file
Step 3 - SNMP Startup Script
Although you could add /usr/sbin/snmpd as a service directly, its probably more useful to use a startup script.
Domino already provides such a script - you just need to modify the configuration so that it can be used.
# cp /data/ibm/domino/notes/latest/linux/net-snmpd.sh /etc/init.d/net-snmpd
# nano /etc/init.d/net-snmpd
Update the configuration (starting in line 31) as follows:
INSTDIR=/usr/sbin
PROGNAME=snmpd
PROGPATH=$INSTDIR/$PROGNAME
CONFNAME=snmpd.conf
CONFPATH=/etc/snmp/$CONFNAME
LOGPATH=/var/log/snmpd.log
PROGARGS="-C -c $CONFPATH -l $LOGPATH"
PROGNAME=snmpd
PROGPATH=$INSTDIR/$PROGNAME
CONFNAME=snmpd.conf
CONFPATH=/etc/snmp/$CONFNAME
LOGPATH=/var/log/snmpd.log
PROGARGS="-C -c $CONFPATH -l $LOGPATH"
Make sure the startup script runs at next boot
# chkconfig --add net-snmpd
# chkconfig net-snmpd on
# chkconfig net-snmpd on
Step 4 - Update Firewall Rules
SNMP requires UDP port 161 to be accessible, so you need to open this port on the local firewall.
Do not forget to open this port on any other firewall on your network which is between the monitoring server and your Domino server
# iptables -I INPUT -p udp --dport 161 -j ACCEPT
Step 3 - Testing basic functions
Test basic SNMP functionality from the local host and also from a remote server.
# snmpwalk -v3 -u SNMPv3UserName -A SNMPUserSecretPassword -a MD5 -l authnoPriv dominoserver.domain.com .1.3.6.1.4.1.2021.100.2.0
As a result you should get the version number of the SMTP master agent
Step 5 - Enable Domino SNMP Agent
Make sure LNSNMP will be started after a reboot. (Note: change the path to match your configuration!)
# ln -f -s /opt/ibm/domino/notes/latest/linux/lnsnmp.sh /etc/rc.d/init.d/lnsnmp
# chkconfig --add lnsnmp
# chkconfig lnsnmp on
# service lnsnmp start
# chkconfig --add lnsnmp
# chkconfig lnsnmp on
# service lnsnmp start
In case you get the error "LOTUSDIR must be set in the environment or in this script." you need to update script so that it can find the path to your Domino server, e.g. LOTUSDIR=/opt/ibm/domino
if everything has worked out, starting the lnsnmp should provide the following output
New sub-agent on server is registering a sub-tree with branch ID:
1.3.6.1.4.1.334.72.3
Sending SNMP "Server Up" trap for server.
service lnsnmp startNew sub-agent on server is registering a sub-tree with branch ID:
1.3.6.1.4.1.334.72.1
1.3.6.1.4.1.334.72.3
Sending SNMP "Server Up" trap for server
service lnsnmp startNew sub-agent on server
1.3.6.1.4.1.334.72.1
Step 6 - Domino Tasks
Start the following tasks from the Domino server console
load quryset
load intrcpt
load collect
load intrcpt
load collect
"quryset" is required to support SNMP queries
"intrcpt" is required to support SNMP traps for Domino events
"Collect" is required to support statistic threasold traps
Create a program document or add the tasks to the Notes.ini variable "ServerTasks=" so ensure they are started automatically after a server restart.
Step 7 - Testing Domino SNMP agent response
Now its time to test if we can access Domino objects via SNMP, e.g. by reading a single value.
$ snmpget -v3 -u SNMPv3UserName -A SNMPUserSecretPassword -a MD5 -l authnoPriv dominoserver.domain.com .1.3.6.1.4.1.334.72.1.1.6.2.1.0
Should return the fully qualified Domino Server name as a string
Ok, you're done... the Domino SNMP Agent is configured and can be used.
However, there still is some work to be done on your SNMP management console e.g. Nagios ,FAN , Cacti (or whatever you are using) in order to monitor Domino via SNMP (for example, server down).
Next Actions:
If you like this post, please let me know via Twitter @ThomasHampel or by leaving a comment below. Please note that comments are moderated and wont show up before being approved.
Hint... configuring Nagios for Domino monitoring and configuring Cacti for trend analysis is subject of another blog post which I'm already working on.
Troublshooting
- Check snmpd.log for errors
# cat /var/log/snmpd.log - Error : refused smux peer: oid SNMPv2-SMI::enterprises.334.72, descr Lotus Notes Agent
see IBM Technote 1313318 - Error - Unknown User
Either a typo in the user name or you forgot to add the user to the snmpd.conf file in step 1, search the config file for something like this:
createUser SNMPv3UserName MD5 SNMPUserSecretPassword AES - Error in packet. Reason: authorizationError (access denied to that object)
The user exists and the password worked, but does not have access rights required. Check snmpd.conf to see if you have granted at least read only rights, search the file for a string like this:
rouser SNMPv3UserName
Tools:
Take a look at Paessler SMTP Tester (Freeware / Windows)
Further reading:
- How to set up Domino and SNMP in Windows
- IBM Domino MIB - Notes-MIB (v1) Tree