IBM Lotus Domino Server 8.5.3 64 Bits
Fay Vitiello
This is exactly the way we do moves from server to server and luckily it has not let us down yet. Watch out though if you have any third party tools which are installed and talk to Lotus as they will need installing as well before the transfer and you may have an issue with version installs on the 2008 64bit
It is recommended you run Traveler on its own box, my advice would be once you migrate to the new box to put Traveler by itself on the old box. Traveler is memory intensive and both Domino and Traveler will run better on 64 bit and if at all possible you want to do so.
I did something similar. I had a Domino server running on 32 bit Server 2003 and bought a new server and loaded it with Server 2008 R2 64 bit and 24Gb of memory. Once I migrated Domino to the new server and had it up and running I took the old Server 2003 32 bit server and made it a Traveler server. At the moment though it is pretty much maxed out in resources with about 55 devices on it so in the next couple of months I will be moving Traveler to a 64 bit machine with at least 16Gb of memory.
I tested around and finally installed the 32 bit version of domino, copied the domino directory from the old server to the new and hit the play button. It looks very good. iNotes login is working fine. Now I have to test the sametime and traveller functionallity.
There are reasons IBM recommends running on 2 separate boxes though. If your box goes down you loose 2 services. Some times I have to restart the Domino or Traveler box but not both. There were some other things, maybe they have corrected them in the last couple of versions.
Run the nfixup, ncompact and nupdall as suggested before starting the service. I sometimes use the attached script to run them against system databases which do not allow it while the server is running but can take a while if they are big.
First up, a confession - I'm a bit of a NetBackup lightweight. I've quite a bit of experience swapping the tapes and restoring 'essential' files for users - however my job is now seeing me taking on more responsibility these days. This is good - but this is also challenging....
One advised that Netbackup 5.1 *would not* backup Domino 8.5.3 - however I have seen for certain that it does (in some instances). Others predominately focused on capitalisation, syntax, stray punctuation and trailing spaces, sharing and mappings, Domino passwords and a mismatch between the information in the policies and the information in the notes.ini file on the Domino server.
From what I see, the issue is with Notes penetrating the Domino database. If I run the policy as a 'Windows-NT' policy, the files back-up fine. However when I return it to a 'Notes' policy, it reports a status code 71: none of the files in the files list exist.
If anyone could advise me where (if) the script/file/other which contains the 'configuration option on line 50' exists in Windows Netbackup I'd be grateful (or if you have a more general link to a 'decoding the log file' type reference that'd be great - learning is good).
PLEASE upgrade your NBU environment as a matter of urgency.
Backups and maintenance contract must be seen as insurance policy.
Where do you go if Notes server crash and you cannot restore?
I have attached both the output of the \netbackup\bin\admincmd\bppllist policyname -U output and a screen shot of the lotus notes tab of the client host properties of the lotus server that fails to this message.
In each case I've xxxx'd out the server names (as I consider it appropriate - I'm sure you'll understand) - however I have preserved the number of characters and the capitalisation (lower case in the screen shot BTW).
I don't believe that compatability is an issue Marianne, as we have "identical" (as far as I can tell) backups working in several other domains (same versions, same policies, same selections, same schedule).
To get back to status 71:
Please check NBU Client Service logon account - ensure that this account has sufficient permissions.
Best to start this account with same domain service account that is used to start Lotus Notes services.
I've just double checked the permissions and am confident that the AD account which starts the NetBackup Client Service service has sufficient permissions to access Domino - it has both local system admin and domain admin rights...
On the client make sure that the databases do reside at C:\Lotus\Domino\Data\ and that the lotus ini file is at C:\Lotus\Domino\notes.ini in case they have made any changes or are using a different active database location on that server
In refererence to my "bonus question" above - can either of you tell me where "line 50" exists (if it exists anywhere other then on 'on-the-fly' process? I may be 'barking up the wrong tree' - however if there is a script or some such I'd like to check file permissions, etc.
After almost 2 years this issue came up again. This time I was able to analyze at least client to server traffic recognised as lotus-notes-base by PA. I did a packet capture but i couldn't find any SSL/TLS handshake in the traffic. So it must be some proprietary encryption.
You probably won't get much, to be honest. In my six plus years of supporting these firewalls I can't think of more than only a few people running it in their environment, much less trying to decrypt it. Given that the App-ID exists as was mentioned, it's unlikely that there would be a problem decrypting it.
Is the traffic on port 443? If not, Wireshark won't show you that it's TLS since it only has a simple port-to-service mapping. You'll need to decode it as SSL (right click > "Decode As..." > select "SSL").
Yes, it's not a widely used protocol. But we have an opportunity where we need to extract files (and send to WF) from it. And they don't get mails as SMTP anywhere in their network (long story). They are also looking for ways to get just mails out of their Lotus Notes server as SMTP but they are not certain yet if it's possible. And then we will have a problem as PA can't be MTA
Wireshark can be a bit picky about how it displays, especially if the Client Hello or Server Hello messages are large. Ensure that you've enabled "Allow subdissector to reassemble TCP streams" in the TCP protocol preferences or it may not be able to combine the packets to give you a single useful frame.
Our partner T4S has built a Forge component (with documentation!) to allow any OutSystems developer to use Domino as a data source for an OutSystems application. This could be for using the Domino data in another application or could be for migration purposes.
Recently I've come across a few customers that were looking into ways to integrate new OutSystems applications with existing data from legacy Lotus Notes / Domino applications that were still being used.
This How To focuses on the second option, specifically abstracting the Platform from the ODBC connection details by creating a Linked Server in MS SQL Server (an alternative here would be to perform the ODBC work inside an extension).
I've researched a number of instructions available on the web and I've tested the steps to created a linked server but none of tutorials we I found seemed explain well enough what you need to do. Below you can find the steps I've learned through these experiments.
I've actually tested them from start to finish in clean environment to make sure they worked just fine.
One more thing... For the OutSystems applications to be able to access the data of the linked server in runtime you need to change the permissions of the OSRuntime database user. This user is the one used to access data by the running applications.
Thanks for this useful article. Now I have nsf file on my local machine and lotus notes. I installed API notessql, SQL server and management studio on my local machine. when I configured ODBC administrator for pointing to nsf file, it crashed and the below error appear :
This call has worked fine for years on Integration server 7.1 with the same Lotus Notes Adapter package (6.0).
Other recycle calls, like lotus.domino.Database->recycle() works fine on 8.2.2.0. No errors issued in server log.
There was a similar issue when a service that closes sessions on Lotus Domino servers. It seems like there was a new java service implemented in the environment to search the staff number and do substring it. It is communicating with Domino Notes and then searching staff number. There was a similar issue when a service that closes sessions on Lotus Domino servers using the Domino Java API (NCSO.jar).
This article deals with Lotus Domino reverse engineering, especially the userauthentication process when a mailbox is accessed. How password digest arestored? Which cryptographic algorithms are used? How? We will end up with abruteforce implementation using John The Ripper.
We have used the 8.5 version during our analysis and it's probable thatfollowing analysis is valid for further or previous versions. We will alsoconsider the Domino server has a classical configuration.
Password hashes are stored inside the well known user.id file, generated bythe Lotus Domino server and stored on client file system, usually in%USERPROFILE%\AppData\Local\Lotus\Notes\Data. The interesting part islocated at offset 0xD6 where the ciphered user password digest is stored:
Note that the blob size could vary and we still have to figure out why. It isstored as a unsigned short (16 bits) at offset 0xD6 and starting from offset0xD8 ciphered data can be found.
The file format is not documented but with a bit of reverse engineering, we canput in the spot that nnotes.dll is in charge of parsing this file andexecuting different kind of cryptographic algorithms.
7fc3f7cf58