Name change causes "you are not authorized to access that database" error
Dear experts,
I have a user who recently had a name change earlier this year. She was doing OK until earlier this week when she was not able to access her encrypted local archive mail file (not sure when she created this archive). I believe she is on Note 8.5 and the error message is "You are not authorized to access that database". When she changes to her old ID the error message changes to "The database has local access protection (encrypted) and you are not authorized to access it".
She did actually do a lookup on the Lotus Notes forum and came across this paragraph that says "Unfortunately, in order to completely recover from issuing a user two different ID files, you would need to merge those two ID files together and collect all of their keys into a single ID file. There are no tools in any currently shipping product of Notes/Domino that can perform that task, but the Notes ID vault feature, which is being introduced in N/D 8.5, adds that capability."
So she is on 8.5, would her mail server have to be on R8.5? Is there anything else that she can do? Thank you.
Looking forward to hearing from you - Notes Rookie
I have a user who recently had a name change earlier this year. She was doing OK until earlier this week when she was not able to access her encrypted local archive mail file (not sure when she created this archive). I believe she is on Note 8.5 and the error message is "You are not authorized to access that database". When she changes to her old ID the error message changes to "The database has local access protection (encrypted) and you are not authorized to access it".
She did actually do a lookup on the Lotus Notes forum and came across this paragraph that says "Unfortunately, in order to completely recover from issuing a user two different ID files, you would need to merge those two ID files together and collect all of their keys into a single ID file. There are no tools in any currently shipping product of Notes/Domino that can perform that task, but the Notes ID vault feature, which is being introduced in N/D 8.5, adds that capability."
So she is on 8.5, would her mail server have to be on R8.5? Is there anything else that she can do? Thank you.
Looking forward to hearing from you - Notes Rookie
Sjef Bosman
How was the name change done in Notes? Was she issued a new id or was the old id changed using the Admin client and Adminp?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Full Admin won't allow you to decrypt a database... A backup ID would, indeed, but the user's keys shouldn't have changed in a normal rename process. Hence my question how the name change was done.
Hi,,
I am so sorry there was a little misunderstanding of the question from my side ( I didnt notice it was a Properties==>Encryption Settings==>Locally encrypted this database using Strong Encryption )...
I am so sorry there was a little misunderstanding of the question from my side ( I didnt notice it was a Properties==>Encryption Settings==>Locally encrypted this database using Strong Encryption )...
ASKER
I believe the name change was done using adminp. I will see if i can get the instructions she received.
If it's in the archive... ;-))
ASKER
Looks like she received typical instructions. She decrypted her local archive with her old ID and re-encrypted with her new ID. Any ideas why her local archive is now inaccessible?
Thanks.
Thanks.
after decrypting her local archived file she must have added her new name to the ACL of the Archvie file and remove the old ones then encrypt it with the new ID
ASKER
I don't think she removed her old name from the ACL - i just checked - she is not even sure how to do that. Would you let me know if she has any other options or is her archive lost?
Thank you.
Thank you.
ASKER
Can her archive be copied to another server in another domain and be decrypted there?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
She was able to locate the old ID file but still got the error "The database has local access protection (encrypted) and you are not authorized to access it". No backups of the entire hard drive. :(
ASKER
Thanks - I guess we tried. No name changes!
Boy would I love to have a go at it... This should work, with the right id. Even stronger: this definitely works. Ergo... don't know... ;-(
ASKER
Her archive is huge so no go there. It is almost 7 GBs!!!!
Thanks for having tried!
Regards - Notes Rookie
Thanks for having tried!
Regards - Notes Rookie
Most dissatisfactory... :(
And unfortunately one cannot even find out who encrypted the database.
She definitely used to be able to open the archive, so it must be possible to open the archive with the old ID. Just to humour me: please try one more time, but on a separate PC that is NOT connected to the server, with a freshly restored ID-file and in location Island. That should be a way to prevent the ID-file from being updated by the Notes login.
And unfortunately one cannot even find out who encrypted the database.
She definitely used to be able to open the archive, so it must be possible to open the archive with the old ID. Just to humour me: please try one more time, but on a separate PC that is NOT connected to the server, with a freshly restored ID-file and in location Island. That should be a way to prevent the ID-file from being updated by the Notes login.
ASKER
I have sent her your suggestion - we'll see what happens.
BTW - I will miss our exchanges - I got laid off and my last day with the Domino/Notes world will be July 12. I am hoping to keep my skills relatively sharp - I have software copy for the server but not the client. Would you happen to know which registry keys I should be importing?
BTW - I will miss our exchanges - I got laid off and my last day with the Domino/Notes world will be July 12. I am hoping to keep my skills relatively sharp - I have software copy for the server but not the client. Would you happen to know which registry keys I should be importing?
That's sad news... AFAIK Notes still isn't very picky about the registry values, it should run even without them.
Any plans to join an IBM Notes partner? If you need any references, just let me know (for what my name is worth). By the way, there is a market for good Domino Admins out there! Ever thought of starting as a freelancer?
Any plans to join an IBM Notes partner? If you need any references, just let me know (for what my name is worth). By the way, there is a market for good Domino Admins out there! Ever thought of starting as a freelancer?
ASKER
No plans to do anything for a while - need a sabbatical to de-stress. But I will be in touch before my subscription expires in December (?) and I have thought about being a freelancer. Is that your email address in your profile under EE? Thanks for your offer to be a reference. Everybody has been great about wanting to help me find another job. Thanks again for all your help in the past and now possibly in the future. Those of us who love Notes should stick together!
Well, join the club at LinkedIn, there are some Notes related groups, you'll find me in "Lotus Notes/Domino Technologies" and "Lotus Notes and Domino". The latter doesn't refuse recruiters, there are a few jobs in Brazil. ;-)
And yep, that's one of my mail addresses...
Wish you good luck!
And yep, that's one of my mail addresses...
Wish you good luck!
ASKER
Hi sjef - You were right as usual - the Notes client started right up without need of the proper registry entries once I copied it off my external drive and onto my new laoptop/tablet. Discussed with the hubs and it was decided I will retire and enjoy life as it is too darn short! Give me a call if you are ever in Los Angeles, CA area.
Take care - Notes Rookie (aka Jade)
Take care - Notes Rookie (aka Jade)
"It was decided..." LOL
Some thoughts:
- good decision!
- being a freelancer is almost like retiring: you just take the projects you like, nothing else
- you could stay @ EE to answer Notes questions ("no I can't" "of course you can!')
- oh yes, LA... well, I can't see that happen any time soon, being a freelancer in France/Europe (who doesn't need vacations)
- but thanks for the invitation!
- and if we don't "meet" again: fare well!
Some thoughts:
- good decision!
- being a freelancer is almost like retiring: you just take the projects you like, nothing else
- you could stay @ EE to answer Notes questions ("no I can't" "of course you can!')
- oh yes, LA... well, I can't see that happen any time soon, being a freelancer in France/Europe (who doesn't need vacations)
- but thanks for the invitation!
- and if we don't "meet" again: fare well!