Nevermind.dk

UPDATE on Domino Designer and LibreOffice issue

In my other blog entry "Domino Designer (and Sametime) breaks..."

I wrote about the issues many had with Domino Designer V10 breaking down with fonts issues, XPages not working, Sametime looking weird etc.



After working on the issues for months I had finally nailed it down to LibreOffice 6 as being the culprit.

Just by uninstalling LibreOffice the problem went away for many which was great!

However the fix did not work for all .....including some of my installations.

Fortunately some followed my direction and comments about LibreOffice and fonts, and narrowed it further down to just being the font "Noto Sans" doing all the damages

When removed Noto Sans Notes worked correctly after a Windows restart. I removed some other Fonts installed by LibreOffice as well, but I don't think that was needed.

Thanks to Lars Berntrop-Bos, Lukas Malina and others for the great work on following up and commenting to blog entry.

Noto Sans was added in LibreOffice from version 6.0 on and also note that OpenSans is removed in the installation process by LibreOffice 6

See https://wiki.documentfoundation.org/Fonts

Now it is up to HCL to dive in and find the real cause and fix the issues for good..
Published by: Jesper B. Kiær at 14-05-2019 22:09:00 Full Post

Watch out...Load Compact -REPLICA may kill your server

I have run ".Load Compact -REPLICA" on two servers where both server where dead afterwards. The names.nsf database was corrupted in the process.and the server could not be restarted.


The fix was to make a file copy of a names.nsf from another server.

What seem to happen
The REPLICA option is a rather new Compact option on Domino. It compacts by creating a new database with suffix .ORIG and when done switches with the original database. This means the database is accessible while compacting, and only while switching/renaming the old with the one it is not accessible.

If the server can not rename a database (like names.nsf, log.nsf..) because it is in use by the server, it will instead compact with the options -REPLICA - RESTART. This means when the server is restarted it will do the compacting on the databases before they are locked by the system again.

Unfortunately this leads to a race condition where the Server and the Compact task tries to get a hold of the same databases. That may be fine for log.nsf but when that happens for names.nsf your in trouble.

Compact task will start compacting names.nsf and server tries to open names.nsf can not find server documents and other documents and crashes. Since the compact task never finished before the crash you may have a "none working" names.nsf.

IBM/HCL knows of the problem, so hopefully we will have fix soon.

Until then...be careful and stay away from the -REPLICA option


From log:

[03352:00002-00007F742382F720] IBM Domino (r) Server (64 Bit), Release 9.0.1FP10HF382 , November 19, 2018
[03352:00002-00007F742382F720] Copyright (c) IBM Corporation 1987, 2013. All Rights Reserved.
[03352:00002-00007F742382F720] Restart Analysis (0 MB): 100%
[03352:00002-00007F742382F720] 04/03/2019 09:13:26 AM Compacting /local/notesdata/log.nsf (), restart completing, -REPLICA -RESTART
[03352:00002-00007F742382F720] 04/03/2019 09:13:26 AM Compacting /local/notesdata/log.nsf (), restart completing, -REPLICA -RESTART
[03352:00002-00007F742382F720] Clearing DBIID CC5E5ECA for DB /local/notesdata/log.ORIG
[03352:00002-00007F742382F720] 04/03/2019 09:13:32 AM Compacted /local/notesdata/log.nsf (), restart completed, -REPLICA -RESTART
[03352:00002-00007F742382F720] 04/03/2019 09:13:32 AM Compacted /local/notesdata/log.nsf (), restart completed, -REPLICA -RESTART
[03352:00002-00007F742382F720] 04/03/2019 09:13:32 AM Compacted /local/notesdata/log.nsf (), 512K bytes recovered (<1%), -REPLICA -RESTART
[03352:00002-00007F742382F720] 04/03/2019 09:13:32 AM Compacted /local/notesdata/log.nsf (), 512K bytes recovered (<1%), -REPLICA -RESTART
[03352:00002-00007F742382F720] 04/03/2019 09:13:34 AM Recovery Manager: Restart Recovery complete. (0/0 databases needed full/partial recovery)
[03352:00002-00007F742382F720] 04/03/2019 09:13:35 AM Recovery Manager: Assigning new DBIID for /local/notesdata/names.nsf (need new backup for media recovery).
[03352:00002-00007F742382F720] 04/03/2019 09:13:35 AM Recovery Manager: Assigning new DBIID for /local/notesdata/names.ndx (need new backup for media recovery).
[03352:00002-00007F742382F720] 04/03/2019 09:13:35 AM Compacting /local/notesdata/names.nsf (), restart completing, -REPLICA -RESTART
[03352:00002-00007F742382F720] Clearing DBIID BB86E638 for DB /local/notesdata/names.ORIG
[03352:00002-00007F742382F720] 04/03/2019 09:13:37 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($AccountsByType)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:37 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Accounts)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:37 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Adminp)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:38 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($CertificateAuthorities)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:38 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Certifiers)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:38 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Clusters)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:38 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Connections)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:38 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($CrossCertByName)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:38 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($CrossCertByRoot)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:38 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Domains)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:38 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($ExternalDomainNetworkAddresse')
[03352:00002-00007F742382F720] 04/03/2019 09:13:38 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($FileIdentifications)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:38 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Groups)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:38 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Holidays)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:39 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($InternetSites)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:39 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($LDAPAlias)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:39 AM Informational, rebuild view needed - invalid collection header (reading /local/notesdata/names.nsf view note Title:'($LDAPCN)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:39 AM Invalid collection data was detected.
[03352:00002-00007F742382F720] 04/03/2019 09:13:39 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($LDAPG)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:39 AM Informational, rebuild view needed - invalid collection header (reading /local/notesdata/names.nsf view note Title:'($LDAPRDNHier)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:39 AM Invalid collection data was detected.
[03352:00002-00007F742382F720] 04/03/2019 09:13:39 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($LDAPS)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:40 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Locations)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:40 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($MailGroups)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:40 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Networks)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:40 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($PeopleGroupsFlat)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:40 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($PoliciesByGroup)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:40 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($PoliciesExt)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:40 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Policies)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:40 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Profiles)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:40 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Programs)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:40 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($RegisterGroups)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:41 AM Informational, rebuild view needed - invalid collection header (reading /local/notesdata/names.nsf view note Title:'($ServerAccess)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:41 AM Invalid collection data was detected.
[03352:00002-00007F742382F720] 04/03/2019 09:13:41 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($ServerConfig)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:41 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($ServerGroups)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:41 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($ServersLookup)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:41 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($Servers)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:42 AM Informational, rebuild view needed - invalid collection header (reading /local/notesdata/names.nsf view note Title:'($Users)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:42 AM Invalid collection data was detected.
[03352:00002-00007F742382F720] 04/03/2019 09:13:42 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($vwServersByMajVer) $vwServers')
[03352:00002-00007F742382F720] 04/03/2019 09:13:42 AM Informational, rebuilding view - no container or index (reading /local/notesdata/names.nsf view note Title:'($WebSSOConfigs)')
[03352:00002-00007F742382F720] 04/03/2019 09:13:43 AM Compacted /local/notesdata/names.nsf (), restart completed, -REPLICA -RESTART
[03352:00002-00007F742382F720] 04/03/2019 09:13:43 AM Compacted /local/notesdata/names.nsf (), 9728K bytes recovered (39%), -REPLICA -RESTART
[03352:00002-00007F742382F720] 04/03/2019 09:13:43 AM Informational - The database /local/notesdata/names.nsf has caused the DAOS catalog to become out of sync. Prune operations may be postponed. Please run 'tell daosmgr resync' at the next convenient opportunity to re-synchronize.
[03352:00002-00007F742382F720] 04/03/2019 09:13:43 AM Configuration Error: Server record not found. The Server Name in ID file [DominoDev/xxxxx], does not match any Server found in the Domino Directory in the ($Locations) view. Check that the Server name field in the Server record is a hierarchical name.
[03352:00002-00007F742382F720] Server exiting: The Domino Directory does not contain a server document for this server
Published by: Jesper B. Kiær at 11-05-2019 19:00:00 Full Post

Domino Designer (and Notes Sametime) breaks in version V10, this is why and how to fix it.

There is a horrible bug in V10 (maybe V9FP10 too).

In Designer open a form, close a form and everything breaks, font changes, XPages no longer works etc.





A short video showing the error. Domino Designer V10 errors.webmDomino Designer V10 errors.webm

As a Sametime user you may see this error :


as Adam Osborne is having:

Many have not been having this error, but others are having the issues.

In search for the cause
Over the past many frustrating months I have been changing different settings, doing upgrades and downgrades, uninstalls, NICE, doing a fresh Notes install, install to different folder... to fix the issue

You name it ...I have tried it.

Then finally ....I tried a brand new Win 10 install.

By routine I installed some OpenSource software first, Greenshot, LibreOffice, 7-Zip and few others from ninite.com.

Installed Notes...issue still there. Mailed with IBM Support again, could such software have any influence? No.. was the answer.

Just in case...I wanted to make sure myself. So made a brand new Windows 10 install again and immediately installed Notes. BINGO!

It worked .... no issues!! :-)

So I started installing the OpenSource software one by one to find the cause. After installing LibreOffice 6.2 the Notes issue was back. I tried uninstallling LibreOffice...and the issue was gone again.

So clearly LibreOffice was the cause for the issue somehow...why? ..that is not very clear.

Notes have a history with LibreOffice/OpenOffice in form of the embedded office suit in version 8.5 called Symhony

Symphony was IBM's take on Office products, but was stopped and removed from the Notes Client again. IBM later donated source code to Apache and became part of OpenOffice.

LibreOffice was later forked of OpenOffice and became very popular with over 200 million users in 2018 .

Whether there are "leftovers" ...code ...in the Notes client from when Symphony was part of the client that interfer...I don't know...but it seems one place to search first for the cause

I also know LibreOffice has done some changes in regards to handling of Fonts in version 6

The Workaround

So if you have this error the first thing to try is to uninstall LibreOffice (and OpenOffice)..... this works for some ...and suddenly all problems are gone.

However if your Notes and Windows install are "not that fresh" ...uninstalling LibreOffice will no longer do the trick.

It only worked for me on the fresh Win 10 install

But uninstalling LibreOffice is only a very short term fix, the real issues needs to be fixed.

HELP ME!

All I ask you to do is put some pressure on IBM/HCL to:

- Firstly acknowledge there is this issue, "the can't reproduce it" (it is simple install LibreOffice 6.2)
- Get IBM/HCL going to find the "actual" cause, and fix it. My case at IBM is TS001932332

Until now I have been doing all the work ..IBM/HCL haven't really done anything ....but maybe stall the case

Some of my related Tweets are :
https://twitter.com/jezzper/status/1100012782265815040
https://twitter.com/jezzper/status/1098173114570235906
Published by: Jesper B. Kiær at 10-05-2019 14:50:00 Full Post

IBM Domino with Nginx may reveal data.

NGinx as a reverse proxy in front of IBM Domino works great.


You can use Jesse Gallagher's guide on Nginx with IBM Domino to get you started

There 3 things to be aware off:

1) All communication HTTPS only

The first think you might want to do is make sure all communication is HTTPS only.

By adding this parameter

return 301 https://$host$request_uri;

All http traffic from the browser will get a redirection to HTTPS instead.

The HTTP 301 parameter will make the redirection "permanent".

2) Disable connectors

Set HTTPEnableConnectorHeaders=0 in notes.ini

You don't need the connector and it will just open a can of worms. Just don't.

Read more here:
https://nevermind.dk/nevermind/blog.nsf/subject/security-hole-leaves-ibm-domino-server-wide-open---part-one
https://nevermind.dk/nevermind/blog.nsf/subject/security-hole-leaves-ibm-domino-server-wide-open---part-two

3) IBM Domino with Nginx may reveal data.

You most likely will use HTTP and not HTTPS to communicate with Domino back-end from Nginx, especially if you are working with more than one internet domain.

When running with the redirecting setup like above all may seem "nice and dandy", but it is probably not.

It is just redirecting so fast that you don't notice something may be wrong.

The problem is that when you log in to Domino it will redirect you using HTTP and NOT HTTPS.

This means one response from Domino server and one request from browser will be HTTP.

The request from the browser will then be redirected to HTTPS and all will look nice in the browser.

All fast so you will not notice the error, but a network sniffer will..and Domino's access cookies can be harvested .

The simple way to find out if your hit by this issue is to look at the network traffic in the browser using developer tools.

As you can see here the browser tries to access using HTTP but get redirected with a 301.


Fortunately the fix is easy.

You want Nginx always to return a response with the same protocol as the request used.

By adding:

proxy_redirect http:// $scheme://;

Nginx will return the response from Domino in HTTPS
Published by: Jesper B. Kiær at 19-06-2018 16:04:00 Full Post

The IBM Notes Client is NOT GDPR compliant

A essential part of GDPR is the personal data. Protecting it, managing the rights to the data.

To know if a data breach has taken place, you need to have an audit trail and you need to know where the data is.




If you are using pure web based Domino solutions only (no DIIOP etc) you can control the data, what databases are replicating between servers only etc.
You can have a log of all HTTP actions.. it may not be a handy log, but a log never the less.

The moment you included the IBM Notes Client things change...

The data
The user can make a copy or a replica of a 50GB database and you can not do much about it ,
The cat is out the box, and you can no longer control what happens to the data.

We all know the annoying (and wonderful) feature that a user can mark thousands of documents and just copy them.
Then the user can paste them many different places, A local database, same original database (very annoying),..
You no longer have the essential control of the data.

But wait you say! there is a setting in the ACL to allow "Replica or copy documents" !
That sounds sweet ...and I am sure IBM meant well, but this one also prevents users from doing a copying of text from a document, which will prevent any user from doing their daily job.

So it is a "all or nothing" solution. and I can guarantee you that this one is ticked off for ALL users on any database, just to get any work done,

The logging
There is not any real logging going on. You can make all sorts of hacks to log things, but it is to easy to go "under the radar" and do things without it being logged.

(Yes there are 3rd party companies who will try and fix his, but that is not good enough, a log/audit should be available for any IBM Notes/Domino database from IBM)

No matter how you twist it.. applications using IBM Notes today are NOT GDPR complaint

The simple fixes - my suggestions
It is all fine and dandy with a V10 coming out later this year with new stuff, but this needs fixing NOW, since GDPR deadline is 25th May 2018.

This is my suggestion to fix this:

In the ACL on the database add these options instead






I would probably also consider splitting replica and copy permission into two separate entries

Maybe also creating an entry for copy text etc. is needed, I don't know if this will ever be used.

Logging, selecting to a text file or a notes database, with same name as database and just having a separate file extension

This should all be very easy to do and could be in a fix soon...if IBM/HCL are willing to.


IBM/HCL ....please make the IBM Notes Client GDPR compliant !
Published by: Jesper B. Kiær at 21-05-2018 17:30:00 Full Post

"The trust relationship between this workstation and the primary domain failed" using Synology as Active Directory server

I am using my Synology server as my Active Directory server.


Synology uses Samba as the Active Directory server and it has been working great so far, ..well until today.

Suddenly I could not login and got the error "The trust relationship between this workstation and the primary domain failed".

Whaaat??

I logged into the Synology server with another PC and figured the issue most likely was related to Domain Policies.

And yes.... if you have policy with "Maximum password age" AND an account with "Password never expires" you have a conflicting situation, when the password expires.






So make sure "Maximum password age" is not ticked off if you want to have an account which never expires


Ideally Synology should have warned about this conflicting situation when saving, but ...
Published by: Jesper B. Kiær at 16-04-2018 14:47:00 Full Post

Read More

Blog Search

About this Blog

Writings mostly about XPages, Solr, Machine Learning ...Life by me:
Jesper Kiaer, Copenhagen, Denmark

You can hire me at contact@jezzper.com