Solved

How to make a replicas on the other domain's domino server

Posted on 2004-09-27
16
1,163 Views
Last Modified: 2013-12-18
Hi experts,

What I want to do is cross-certify two server in different domain's domino, say HK-Domino in HK-Domain and CN-Domino on CN-Domain.

I want make a HK-Domino user mail file replica in CN-Domain and let the HK user can access the mail files in CN-Domino which replicate from HK-Domino.

I read some documents on this site and I know some of the steps but I cannot make the cross-certify successfully. Here are my questions:

1. Should I use cert.id or server.id to make cross-certify ?
2. How to make a safe copy of cert.id or server.id to make the cross-certify ?
3. How to cross-certify the server.id or cert.id ?
4. How to make effect of the cross-certify server.id or cert.id (is it copy to mail directory and restart the domino server?) ?
5. How to identify the server.id or cert.id are cross-certified ?

Many thanks!
0
Comment
Question by:fishwm
  • 6
  • 5
  • 4
16 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 12167437
It's all described in detail in the Admin Help database. In short, the process involves two servers getting to know each other, whilst you tell them that the other one IS who he claims to be. The idea is to get a safe-id from system A and you cross-certify it on system B, and vice versa. In the process, you don't need to have safe id's, you can do it with the complete id-file. So:

1. You need 2 cert.id files in the process, one for each domain
2. In this case where everything stays internal, don't make safe-id's
3. Use the Admin client and cross-certify the other domain's server.id with this domain's cert.id
4. Nothing needs to be restarted, you need to adapt the ACL of the mailfile or, what's better, you have to adapt either OtherDomainServers or LocalDomainServers groups in the N&A book. It is for you to decide where to put each server. Do check the privileges in the ACL's for the group you put the server in.
5. Have a try...
0
 

Author Comment

by:fishwm
ID: 12167521
Hi Bosman,

Actually, I try it before and I found it was cross-certified under People & Group --> certificates --> Notes Cross Certificates --> HK-Domino--> CN-Domino/CN-Domain

Once I want to create a new replicas in the CN-Domino, it has a error message " 09/28/2004 04:28:58 PM  Admin Process: Received the following error performing a Check Access for New Replica Creation request on HK-Domain's Directory (File name: names.nsf): Server document not found in Domino Directory. "


0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 12167683
The certificate you mention is a certificate for the server only, which could mean that only the server can access the other domain. Are there other people/servers with cross-certificates to that domain? It might be a lot easier to set up domain cross-certification, so your /HK-Domain will accept all from /CN-Domain (and vv).

If you want to see what's wrong and where the error comes from, open the admin4.nsf database on the server and look for the unfinished activities. I suspect the cross-certification is only half completed. Is there also a matching cross-certificate in the other domain's N&A-book?
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 12172878
Sounds like you are properly cross-certified, and just need to get the replicas across... easiest way to check this is to issue a replication command on each servers' console so it tries to replicate with the other server -- on HK-DOmino, issue command REPL CN-Domino/CN-Domain and see if error messages show that it could not conect, or it could connect but could not authenticate (=not cross certified), or successfully replicates, even if there are no actual files to replicate.

The error message you are showing -- server document not found in address book -- is because of a limitation in the Administration process.  It normally can't work across two different domains.  The easy wa around this is to not use the amdin process to create the replicas -- just open a database using the regular Notes client, File -> Replication -> New Replica, and target the new rpelica to the other server.

You CAN get the admin process to work this way.  Go to Administration Help, click on Index, and go to the CROSS-SOMAIN ADMINISTRATION REQUESTS topic.
0
 

Author Comment

by:fishwm
ID: 12186450
Ho qwaletee,

I try to repliacte with cn-domino in CN-Domain, a lot of message come out :

09/30/2004 10:24:47 AM  Access control is set in CN-Domino/CN-Domain mailjrn.nt
f to not allow replication from mailjrn.ntf
09/30/2004 10:24:47 AM  Finished replication with serverCN-Domino/CN-Domain
09/30/2004 10:24:47 AM  Database Replicator shutdown

It seems can replicate with the CN-Domino but the access control block to the replication. I try to add the access right on server document : server --> current server document --> security --> create new replicas to otherDomainServer

and
server --> current server document --> security --> create database and templates to otherDomainServer

Should I using otherDomainServer ? I cannot found the HK-Domino in the address book!


0
 

Author Comment

by:fishwm
ID: 12186624
I just means how to set the access right in CN-Domino let HK-Domino to create replicas on CN-Domino.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 12188832
Did you add the servers' names to the groups I mentioned?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:fishwm
ID: 12198411
Hi bosman,

U mean add the server in the OtherDomainServers or LocalDomainServers groups ? But the server did not appear in the address book, how can I add the server in these group?

0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 12198857
Type the name in the group, it doesn't have to be in the N&A-book. You need to give it permission somehow. Either you put the full name in the ACL, or you use the always-present OtherDomainServers or LocalDomainServers group documents.
0
 

Author Comment

by:fishwm
ID: 12205758
Hi bosman,

After I add the server document and I can select the object of HK-Domino in the address book. So I try to make a replicas of a mail file to the CN-Domino.

A admin request was created but a message come out:

"10/02/2004 10:36:06 AM  Admin Process: Received the following error performing a
 Accelerated Create Replica request on Teddy Cheng (File name: admin4.nsf; Name:
 HK-Domino/HK-Domain): The destination server is not configured to be sent this type"

and the replica did not appear in the CN-Domino !

Any thing I missed ?
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 12206392
Why did you start with a mialfile? For starters, try the N&A-book itself. The N&A-books should be replicated from one domain to the other, to facilitate mail (using Directory Assistance).

> After I add the server document ...
Add a Server document?? Where? There should be NO Server document of a server outside a domain in the N&A-book!

If you didn't add the CN-server's name to the HK-server's Local or OtherDomainServer, then that is what you missed in the first place. I'm sorry to say that I'm no AdminP specialist, so I cannot really place the message you supplied.

How and where did you try to create the replica? Do you yourself have access to the servers, permission to create replicas, and permission to Manage the mailfile?
0
 
LVL 31

Accepted Solution

by:
qwaletee earned 100 total points
ID: 12702348
My fault... I did not follow up at the end.  fishwm misunderstood a message about FILE access levels, and assumed it was a SERVER access issue.  Therefore he pursued it as "I need the other server to grant my server acess to create replicas."  Wrong... the replica was already created, but the replica file did not explcitly list his server as having access to do updates.

At the same time, that means his original question (how to create replicas) was ni fact resolved, but there was a follow on problem.  So, I'll take the points :)
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 12702721
Fishwm, did you just close this question?  Thanks.  I hope your problem is fully resolved.
0
 

Author Comment

by:fishwm
ID: 12703826
Not fully resolved but you help me a lot on this problem. Thx!
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 12710418
This should be easy to resolve.  Please give an update status, either in this questino or by opening another.  Honestly, I think you should open another.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now