Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

Notes 9.0.1 FP7 IF1 released

Daniel Nashed  8 December 2016 15:59:38
There is a new IF1 for the Notes Client. Now it begins to be more complicated.
The client IF1 and the server IF1 for the Linux issue (see previous posts) have nothing to do with each other and contain different SPRs.

The most important fix is the issue we had with ID vault when the new port encryption is used.
Given that the SPR is fixed in the client this looks like a client issue and not a server issue.

-- Daniel

Notes 9.0.1 Fix Pack 7 Interim Fix 1

        Duplicate Attachment Icons When Using Ls Embedobject To Attach Files To A NotesRichTextItem        

        Notes User Id File Upload To Vault Failed If Port_enc_adv Parameter Is Enabled

Traveler available with some important changes

Daniel Nashed  15 November 2016 19:14:58
Traveler has been released with some important fixes and also changes. The Release documentation has some interesting details.

Here is the extract from the release documentation with some comments.

What's New

"Device wipe is no longer an option for iOS 10.x devices as support was dropped by Apple. You can still use the Wipe Traveler Data option."

For security reasons Apple disabled wipe over ActiveSync which is understandable. Before that change every server could wipe any device connected via ActiveSync.
With this Apple side change Traveler could not delete the device any more and the status from the device was not interpreted correctly by the server.
Traveler does now check if the device still supports the wipe (running iOS earlier than 10.x) and does only allow the Data Wipe over ActiveSync if the full wipe is not supported on the device.

"Yellow status message if the IBM Traveler server is not listed as a Trusted Server for an end user's mail server. This is required for future security and feature enhancements planned for 2017. The status message will include information about how to correct."

Sounds like IBM is planning a bigger change in 2017 for Traveler. I am curious what this higher security requirements are needed for. Trusted Servers are a quite high requirement which allow the Traveler servers to fully authenticate as any user on the mail server. It's much higher than just granting manager access to an individual mailfile.

I have removed the Trusted Servers entry on my mail-server but I did not yet see the warning.

"Database schema updates to improve data integrity.

Tablerepair tell command to support the above schema updates. A warning message will be displayed at startup if any of the schema updates were not applied with instructions to run the tablerepair command. The server will continue to function properly if no action taken.

NOTE: IBM Traveler does include a database schema update. Action may be required if you manually manage your database schema (this is not common). If you use auto schema updates (default behavior) there is no action required. See Updating the Enterprise Database for more information ("

So this is an important information. This new version requires a schema change. If you are running stand-alone that should not cause any issues.
If you have automatic schema update enabled the schema update should also happen automatically.
And if you are switching from manual schema update to automatic schema update you should be careful. There is one ARPA fixed for DB2 and you should be aware of the default schema name differences for manual and automatic schema configuration.

I guess with this schema change the issue has been discovered and the fix is that the NTS parameter with the schema name will be automatically set.
(See -> for details).

The fix-list contains some other important fixes! Check the fixlist link below for details.

My server is already updated but I had not much time to test.

IBM Traveler Fixes

IBM Traveler Server Release Documentation

DNUG Domino Day 2016 in DUS und DNUG Comes to you in BER

Daniel Nashed  21 October 2016 13:13:55
DNUG "Domino Day" - Fachgruppen-Tag Notes/Domino/Verse

Auch in diesem Jahr haben wir wieder einen DNUG Event im Bereich Notes/Domino in Düssldorf.
Und Anfang November hat Anett Hammerschmidt für unsere Fachgruppe einen halben Tag DNUG Comes To you mit anschließendem DNUG Stammtisch in Berliin.

Bei beiden Events geht es um atkeulle Themen und Entwicklungen im Bereich Notes und Domino.
Und es werden auch Kollegen von IBM vor Ort sein, mit denen man die aktuelle Strategie von IBM im Bereich Notes/Domino diskutieren kann.

Ich hoffe viele von Euch auf einem der beiden Events begrüßen zu können.

Anbei die Links zu beiden Veranstaltungen.

Beide Tage sind für DNUG Mitglieder kostenlos .
Aber auch Nicht-Mitglieder sind herzlich eingeladen (mit einem Kostenbeitrag am Domino Day).

-- Daniel

DNUG "Domino Day" - Fachgruppen-Tag Notes/Domino/Verse

Donnerstag, 24. November in Düsseldorf

BERLIN - DNUG: Team Verse and Notes Domino Comes to You

Mittwoch, 2. November in Berlin

IBM Champion Nomination 2016

Daniel Nashed  18 October 2016 11:07:09
The IBM Champion program is a great way to thank active members of the community and also to help them in some way to continue their work for the community.
The nomination is still open until November 14th. So you still have time to nominate someone. Or renominate one of the current IBM Champions.

See some details and official links below.

-- Daniel

"The IBM Champion program recognizes innovative thought leaders in the technical community — and rewards these contributors by amplifying their voice and increasing their sphere of influence.
An IBM Champion is an IT professional, business leader, developer, or educator who influences and mentors others to help them make best use of IBM software, solutions, and services."

So if there is someone you think how deserves it, here is the nomination form -->

For more details see -->

    IBM Domino 9.0.1 Fix Pack 7 Interim Fix 1 addresses critical issues affecting Domino 9.0.1 FP7 for Linux64 & zLinux64

    Daniel Nashed  14 October 2016 12:08:35
    As reported before on Linux64 there is a issue with the cluster replicator which has been addressed with IF1 (SPR #KBRNAEMPX2).
    Because of a change in FP7 that needed a recompile of the whole core including all components (SPR# KBRN9Q7EZW) but some files where missing in the installations.

    IBM has fixed the issue with 9.0.1 FP7 IF1 which is already available for download. I got it already yesterday for testing thru our PMR and it replaces the missing files.

    If you are running Domino on Linux64 with FP7 you should update your server asap to IF1.

    -- Daniel

    The this linke for additional information and download links

    here is the list of files replaced by IF1

    rwxr-xr-x 1 root root  33K Aug 18 16:42 billing
    -rwxr-xr-x 1 root root  54K Aug 18 16:42 cldbdir
    -rwxr-xr-x 1 root root  58K Aug 18 16:42 clrepl
    -r--r--r-- 1 root root 6.9K Sep 13 22:39 daosmgr.res
    -rwxr-xr-x 1 root root 160K Aug 18 16:42 decs
    -rwxr-xr-x 1 root root 408K Aug 18 16:42
    -rwxr-xr-x 1 root root 390K Aug 18 16:42
    -rwxr-xr-x 1 root root 188K Aug 18 16:42
    -rwxr-xr-x 1 root root 300K Aug 18 16:42
    -rwxr-xr-x 1 root root 333K Aug 18 16:43
    -rwxr-xr-x 1 root root 8.0K Aug 18 16:41
    -rwxr-xr-x 1 root root 230K Aug 18 16:42
    -rwxr-xr-x 1 root root  15K Oct 12 23:57
    -rwxr-xr-x 1 root root 9.2K Aug 18 16:41
    -r--r--r-- 1 root root  11K Sep 13 22:39 smtp.res

    Domino 9.0.1 FP7 issue Notes User Id File Upload To Vault Failed If Port_enc_adv Parameter Is Enabled

    Daniel Nashed  12 October 2016 12:45:24
    Alex Novak mentioned another issue with FP7 which might affect you in my blog comments.

    We only have the public description of the SPR and I assume only the ID Vault server communication is affected.

    SPR # BBSZAEEK8C APAR #LO90429.: Notes User Id File Upload To Vault Failed If Port_enc_adv Parameter Is Enabled

    So for now you should not enable the new AES encryption on your ID Vault server until this issue is fixed.

    Given the 3 issues I reported in the last days in my blog (one is only effecting Linux64) I would wait for the next IF that hopefully addresses all those issues if you did not deploy it yet.

    -- Daniel

    Cluster replicator hang with 9.0.1 FP7 on Linux64

    Daniel Nashed  12 October 2016 12:32:24
    There is another issue (SPR #RSOIAEME5L) that might affect you when running with Linux64 and 9.0.1 FP7.

    Due to the change in FP7 on Linux64 (SPR# KBRN9Q7EZW) all server binaries needed to be updated in FP7.
    It turned out that some binaries have not been replaced by the FP7 installer. In this case the cluster replicator task wasn't updated.
    Because of the change of internal structures this causes issues with older core servertasks in Domino (business partner applications using the public C-API are not affected).

    In this cases the cluster replicator servertasks are hanging.

    If you are planning to update Domino on Linux64 to FP7 you should wait until this issue is fixed!

    -- Daniel

    CD to MIME Conversion Issue in 9.0.1 FP7 generating Javascript for sections

    Daniel Nashed  10 October 2016 09:41:42
    We ran into an issue at a customer on Friday. Today we got the confirmation that it is a bug and development is already looking into this.
    It looks like a low level issue when converting Richtext into MIME in mails on server side.

    In my test I have seen than probably all server based conversions are affected. Clients sending MIME message directly do not show this issue (and that should be the default in hopefully most companies so it hopefully is not an issue for your users).

    When the server converts a message to MIME JavaScript is generated for collapsible sections (for example when you reply to a mail in Notes style and your client prefers richtext when sending internet mail).

    There have been some changes in the conversion code in fixpack 7 which might have caused this unintended change.

    We have seen this when mails are converted by the mail-router and also 3rd party applications that convert messages.

    The SPR we got from support todays show it also impacts POP3 and IMAP.

    The critical part of the issue is that Javascript in mail is rated as active content by many antivirus/spam software. This can lead to rejected mails and even negative score for the sending servers.

    The only work-around is to ensure your clients are sending MIME directly and don't use the option to send richtext to internet recipients.

    Format for messages addressed to internet addresses: Notes Rich Text Format -> MIME Format
    You can ensure clients use that setting by pushing the setting via desktop policy. In our case the initial value was set correctly but the setting was not enforced and users changed it.
    But this can also occur with agents sending messages in richtext -- For example with newsletters etc..

    -- Daniel

    Reply Section Or Twistie In A Cd-mime Conversion Is Converted Incorrectly In Fixpack 7

    With a location doc which specifies to send to the server in
    Format for messages addressed to internet addresses: Notes Rich Text

    Send a typicall reply chain memo to 9.0.1 Domino FP6 for conversion either external or to a POP or IMAP user who has a
    Prefers Mime on their location doc and it will be noticed that after upgrading Domino to FP7 the arrows are missing and the
    format looks not quite right, the arrows are replaced by javascript links in the received note

    Change in Apple iOS 10.x (and later) devices prevents full device wipe via Traveler Web & SmartCloud Notes Administration interfaces

    Daniel Nashed  29 September 2016 09:11:25

    Surprisingly and without any notice that I am aware of Apple has removed the ability to reset iOS devices over ActiveSync.
    A chance in this area was expected in general because it could be risky to allow an ActiveSync account to wipe a complete device.

    It's still a surprise that they completely removed the wipe functionality.
    IMHO the better change would have been to just remove all data that this ActiveSync profile has synced -- similar to the application wipe IBM implemented with Traveler for iOS with AciveSync.
    But according to the technote (I have not tested it on my own yet) the Apple devices with iOS 10 and higher confirm the request and ignore it.

    If you have a MDM solution this doesn't really have an impact because the right way would be to use remote wipe your MDM provides.

    But for other devices the only option to wipe a lost device is to use the Lost Device functionality implemented with your iCloud account (which needs to be enabled and can only be used in combination with that Apple-ID).

    Right now with Traveler you have to be careful and check the device OS version before you invoke the wipe because Traveler does not have a check for that changed behavior implemented.

    See the following technote for details

    -- Daniel

      Notes and Domino Future

      Daniel Nashed  23 September 2016 11:49:52

      There have been a lot of rumors and IBM is not very good in communicating road-maps since a couple of years.
      I hope we will see a clear statement about future functionality soon.

      There is already a public statement in the IBM blog that gives some answers and I have been at a couple of events where IBM explained part of the strategy.

      Now that the current strategy is more clear and IBM decided to continue with Notes and Domino with incremental releases this support statement was needed.
      This support statement has been discussed on some customers and partners draw some maybe not completely correct conclusions from the statement.

      Here are some details and thoughts from my side.

      I hope this draws some light into the current discussion. And I am looking forward to your comments.

      -- Daniel

      In the last fixpacks and even in interims fixes IBM started to add functionality beside just shipping fixes. The security area is a good example.
      We now have full TLS 1.2 support and since 9.0.1 FP7 we have state of the art port encryption -- see previous blog posting for details.
      Also IBM shipped a Mac 64bit native client. All this shows that IBM is still investing in Notes and Domino on prem.

      There are still many features and requirements that are pending -- like Java 8 support which is really something that should IBM have shipped earlier.
      Also NIFNSF the ability to store view/folder index outside the NSF file for I/O optimization, reduced backup and larger database size is an important pending feature.

      I saw some draft roadmap slides that IBM is hopefully releasing in public soon with some additional details.

      Those features will be delivered via "Feature Packs" instead of "Fixpacks". Some details are not yet sorted out but we can expect 3 feature every year and templates changes are shipped separately in some way (there is no detailed information yet).
      This is a smoother way to develop and deploy new functionality. But this also means that customers have to deploy those fixes incrementally.
      Usually this is easier to bring into production instead of a major version -- at least on server side.

      Having said that IBM clearly states that the Domino server is an important asset in the IBM portfolio and you can see that from the fact that IBM Verse on prem leverages Domino 9.0.1 as the foundation.
      The Notes Client gets less and less attention. But it will be still supported and maintained in the Notes 9.0.1 code stream and we will also see some improvements here -- 64bit Mac client was a good example (no I don't think we need a W64 client nor that I think we would get it).

      IBM sets the focus on Web clients like IBM Verse and the current strategy is "mobile first" for all their current and future offerings.

      IMHO putting more money and energy into modern web and mobile applications is the right direction. A modern and more intuitive Web UI like IBM Verse makes a lot of sense not only for the younger work-force (Design Thinking plays an important role here).

      In contrast to other companies IBM still also has an "on prem strategy" in addition to their Cloud first/Cognitive strategy.

      The current extended support statement states that 8.5.3 will be still supported for another 2 years from now -- which gives customers another two years to migrate to 9.0.1.

      9.0.1 is at least supported until September 2021. "At least" is an important detail here because that does not mean that this will be the maximum time 9.0.1 will be supported with Feature Packs.

      (And we don't know yet if IBM does not decide to change the deployment model again and at some point ship a different Notes/Domino version like 9.0.2 or 10.0)

      What is clear from other IBM statements now that IBM uses Feature Packs to deliver new functionality you have to be on maintenance to be entitled to download and use those "FPs" in future.
      This is also not new. IBM did just not enforce for Notes/Domino and other collaboration software that you have to be on maintenance for fixpack entitlements.
      But this is a change for Notes/Domino customers from the current way fixpacks are handled!

      • [IBM Lotus Domino]
      • [Domino on Linux]
      • [Nash!Com]
      • [Daniel Nashed]