Link to home
Start Free TrialLog in
Avatar of sync957p
sync957p

asked on

Cross certification and server docs - 2 domains / 2 diferent releases

Hi all

I tought I done this in the past, but I'm having trouble repeating the process....

Ok, then :

1 - Cross certify ORG id's (@ org level) - no problems until here
2 - Create connections between 2 servers in different domains - no problems either
3 - Create server documents across domains/pabs ... ok here is the problem...

Copy server document for server1/ORG1 (R5) and paste it in ORG2(R6.5) directory - FAILS
Copy server document for server1/ORG2 (R6.5) and paste it in ORG1(R5) address book - FAILS

ok how do I do this? not copying / pasting ? help?
Avatar of Sjef Bosman
Sjef Bosman
Flag of France image

Not copying, indeed. Open the Admin client, go for Certificates and Create Cross-certificate.
Avatar of sync957p
sync957p

ASKER

No, sjef... in cross certification i have no problems.

What I want is to create server documents across diferent domains , so I can
have an entry for server1/ORG1 in ORG2's address book and vice versa.
Why would you want to do that ????

hummmm .... directory assistance across domains?

Let me check this :

2 diferent domains, diferent releases.

1 - cross certify at ORG level
2 - create connection records so servers can "talk"
3 - Create a db based on DA template for each server (lets think in just 1 server per domain to simplify)
4 - Add each server to the other domain address book ACL

Ok, here i'm going to pause to ask - if I don't have an entry for server1/ORG1 in ORG2's address book how
is adminp / ACL / etc know who he is? :)
so ...
5 - Create server documents across domains/pabs
6 - Change setup profile / policies so wrkstations can use DA
Did you cross-certify domains or servers?
What I cross certified was org.id's
SOLUTION
Avatar of Sjef Bosman
Sjef Bosman
Flag of France image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
well ok, but do I need to copy the server document or not?

the error msg while pasting is :

" Cannot store document; database has too many unique field names. Please ask your adminishtrator to compact the database "

I don't think it has anything to do with the subject in hand, since I already deleted the index and compacted the DB (names.nsf).

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
And you forgot 1 step in setting up directory assistance :

- create the dir ass. database on each server
- create REPLICA's of both names.nsf's on each server, and setup replication between the servers
- create the directory assistance documents on each server, using the local replica's.

cheers,

Tom
Go to the database properties, advanced tab, and enable the allow more field option.  Shut down the server, run ncompact -c names.nsf, restart server, and all should be well.
wait a sec... qwaletee are you telling that my procedure was correct? bozzie just stated I shouldn't do that.

can you please explain?

No, your procedure is not correct.  Well, it's not correct as long as you are not trying to merge your domains.  But you should still enable that option (it's enabled by default in a new installation, and I think (but I'm not sure) it's enabled when doing an upgrade too.

cheers,

Tom
Sorry about the offtopic :

Are you all experts from Portugal / England ?

Just noticed the GMT+00:00 in your posts
Belgium -  not GMT :-)  But I think you see all times displayed in your own timezone/timeformat....

cheers,

Tom
Well I tought that cross certification went well, but as it turned it didn't.

When I open the DA database I created in both domains and servers across a domain ( admin.id for DOMAIN 1 opens Directory Assistance DB in server in DOMAIN 2 ) I get a warning that I need to cross certifiy.

What went wrong with cross certification ? I followed the admin client help procedures (cross certify via "postal service")

Created Safe copies, etc.. and I have an Cross certification document, under "certificates" in both domain/orgs.

help?
What do your cross-certificates look like? If the Domains are cross-certified, then you should have a Xref-document under the category Notes Cross Certificates\DomainA with the name /DomainB, and vice versa. If you cross-certified just id's, then you'll see a Xref-document under the category Notes Cross Certificates\DomainA with the name John Do/DomainB.

Did you get any errormessages in the log databases?
Sjef,

They look just like you mentioned in your first description ( Xref-document under the category Notes Cross Certificates\DomainA with the name /DomainB, and vice versa ).

I get no errors in the log ( i looked in log.nsf under miscelanious events and in DOMAIN's certification log )

One thing I noticed is that in the certification log, when I open the cross certification document is that the "license type" for the cross certified domain is "unknow" instead of "north american" or "international" - could this be the problem?
Back to the start: how did you create those cross-certificates? Did you copy and paste those documents? Creating a cross-certificate can best be done as follows:
- get (a (safe) copy of) an id-file on DomainA (safe copy is not required)
- get an Admin client on DomainB
- get a certifier-id for DomainB
- run cross-certification for DomainA on DomainB using a server of DomainB
- repeat the lot for DomainB on DomainA, with the certifier-id for DomainA
that was exactly it.

I performed the cross certification using the admin client(s), let's not forget the domains use diferent releases (6.5.2 and 5.11)
Okay. Different releases: no big deal usually.

What happens when you try to access a server in DomainB with a user-id created for DomainA? From a normal Notes client? So ^O (or File/Database/Open), select or type the server from DomainB, and click Open so it will find the databases on the server. Does it show any database at all? If it does, then certification is indeed successfully completed.

The DA database is the same (replica) database on both systems? From the About in the DA database:
"To set up directory assistance, you create the Directory Assistance database from the DA50.NTF template. In the Directory Assistance database you define naming rules that associate naming hierarchies with each domain--this allows Notes to search only Public Directories of domains associated with those naming hierarchies when resolving the name of a recipient from another domain. You also use the Directory Assistance database to point to one or more strategically-located replicas of each domain's Public Directory. You then create a replica of the Directory Assistance database on all servers in each domain."
When I do what you mentioned the notes client sugests I create a cross certificate....

Perhaps I should repeat the entire process ?

What should I do to erase the cross certification I created ? Just delete the cross certification docs ?

Thanks
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Sorry for making this a 2-in-1 question, guys.

Thanks for making me realize my initial stupidity ( trying to paste server documents across domains ).

As for the cross certification issue I just found out that this is really how cross certification works ( while talking to Lotus Support )... what I mean is : don't matter if you cross certified at ORG level... all users will receive a notice to create a cross certificate in their personal address book, when they access a db in the other domain for their first time.

As usual thanks all for pointing me in the right directions.

And just a notice for all your Lotus Administrators and/or employees out there :

Shouldn't the administrator's client help include some lines to explain this behaviour ( cross certification dialog boxes to end users) to admins?

I think that at least Rob Kirkland book should include this...