?
Solved

Server Certificate expired - can't log in!!!

Posted on 2006-04-14
20
Medium Priority
?
6,259 Views
Last Modified: 2013-11-16
I just got responsible for a Lotus server. The guy before me sadly past away.
Now I can't log in, because his certificate has expired; he was the admin of the server and there is no one else.

I got a couple of .id files, all expired, can I in any way tamper these to allow me to log in as administrator?
I know the password of the old admins account.

THIS IS REALLY URGENT!!!
0
Comment
Question by:jansjobe
  • 10
  • 8
  • 2
20 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 16460227
Tampering with id-files is not possible. Notes and Domino do have a very tight security.

There are 2 types of id-files: the certifier id, and all the rest: server-id, admin-id, user-id (they are basically the same). To (re-)certify an id-file, you NEED to have the certifier id-file (cert.id) and you NEED to know the password. If you don't have them both, you're in big trouble. You find that the password to the cert.id file is the same as the password to the admin.id file, but that's not always the case.

What id's are expired? Server-id?, Admin-id? Your id? Are there any valid id's left?

I assume you're on a Windows server (any version). It would then be possible to recertify id's from the server's environment but running as local user, on the server itself. What environment do you have: hardware, O/S, Notes and Domino versions, etc.?
0
 

Author Comment

by:jansjobe
ID: 16460451

This Lotus server is only used as a database for a web server, and it is still running OK. But now I have to update a lot of data and cannot get in...

I have the cert.id but I don't know the password...
There is also
server.id (expired)
dolcert.id (old, never touched since 2000)
SAFE.ID (don't know)
and last a user id for the previous admin, wich I know the password for.

No valid id's seems to be left...

As I understand it, the cert.id is the one to go for here, but how? And if I can find out the password; what do I do with this file?
Can I make a new user (myself) and give me full permission to everything? How?

I am very new to Lotus, and need all the help I can get!!!

Best Regards,
Jan
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 16460688
I understand all your question, but I must say that there is little hope when you don't know the passwords. Decrypting an id-file isn't possible without a password. Important are:
- cert.id (required when (re)certifying users) and password
- server.id

If you have those 3 items (2 id's and password), AND you have access to the server, AND the server is a Windows system, you might be able to fix it.

It is (or used to be) possible to log in in the server's data directory as a user. The Domino-server should be stopped, and then you can start nlnotes from the server's data directory, using the server's id. When that works, you can try to get your server.id file recertified. But you NEED the password for the certifier id.

Still, you didn't answer the questions from my previous post.

You might be better off if set up a new server with the same name but on a separate system, and you try to copy the website database to that new server's data directory. However, if the databases were sufficiently protected, you won't get access. Also, you need to create user-id's for the users you had.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:jansjobe
ID: 16460945
It is a windows machine with XP Pro SP2.
Notes 6.5.1
Domino also 6.5.1 (???)
Does hardware really matter? Celeron 1.2GHz, 512 RAM

How can I get access locally?

A new server is no option at this time...

And there was no users exept the admin.

As I understand there is a console; can I use this ?
0
 

Author Comment

by:jansjobe
ID: 16460965
YES!!!
I found out the password for the cert.id !!!!
The former admin did not have a lot of imagination...

And the server.id does not seem to have a password?!?? I can open it in "Configuration->ID Properties" without entering anything.

What do I do now? I need a really thorough explanation!

Best regards,
Jan
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 16460970
Well done!! Ehm, it's 19:00 over here, dinner time.

Maybe I'll be back later today...
0
 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 300 total points
ID: 16471076
Look up how to certify an ID in the Notes Administrative Client - Help.

see
Recertifying a certifier ID or a user ID  

I hope this helps !
0
 

Author Comment

by:jansjobe
ID: 16472223
Sorry, but I can't even log in, there is no user at this time with valid certificate...
0
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 1200 total points
ID: 16475972
You might be able to log in as a "user" using the server.id file in the Domino-server's environment. Stop Domino, then start Notes from the data directory, select a different id-file (server.id) and tell us what happens.

Most likely outcome: it refuses...

But if it works, you're in on you local system. DON'T try to access the Domino server, 1) it is stopped and must stay like that while you're busy, and 2) YOU are the Domino server at the moment.
0
 

Author Comment

by:jansjobe
ID: 16477184
"Notes from the data directory", exactly how do I do this? Start the Notes Client and select this directory? Or double click some file in the data directory?
And how do I stop the Domino server? "Exit" or something in the open server (dos-like) window?

As I said, I am VERY new to Lotus!
0
 

Author Comment

by:jansjobe
ID: 16477236
I must add that this server is always online and I must keep the downtime to a MINIMUM!
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 16477253
Indeed, you go into the program directory on the server and you doubleclick on notes.exe. I think it's not necessary that you have to be in the data directory.

To stop the Domino server you type "Quit" on the console (DOS-like indeed).
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 16477265
jansjobe,
> I must keep the downtime to a MINIMUM!
Then do this when there are practically no users (early in the morning or in the evening). How many visitors per day do you have?
0
 

Author Comment

by:jansjobe
ID: 16477390
Good question; is this something I can see in Domino somewhere?
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 16478007
WIth the administrator client you should be able to see that info. Once you can log in.

You are in a Chicken and egg situation, you can not recertify until you log on, but you can not log on until you have a valid ID and certificate.

Unless you are able to log on as the Server using the Server ID, ( doubtful in R 6.5 ), then you may have to start from scratch and recreate the Server.

Is there a Noes client installed somewhere ?  Do you even have the Noets client software or CD ?

The client is normally NOT installed on the server machine.

I hope this helps !
0
 

Author Comment

by:jansjobe
ID: 16491761
I am now very tired. This is not good. Not good at all.
I tried to shut down, open local, certify both server.id and admin.id, and it seemed to work.

Now when I try to run Domino Admininstrator (on the server) I get:
Server error: Requesting system's ID is the same as the servers ID. You can not use the same ID on two systems.
When I try to log in from a client with the old admins id, it's the same: expired...

HELP!!!!!!!!!!!!

Also found:

http://www.ibm.com/support/docview.wss?rs=899&context=SW710&context=SW760&context=SW870&context=SWA40&context=SWA50&context=SWAZ0&context=SWB20&context=SWB40&context=SWCZ0&context=SWD10&context=SWD20&context=SWDZ0&context=SWH30&context=SWL40&dc=DB510&dc=DB520&dc=D800&dc=D900&dc=DA900&dc=DA800&dc=DB530&dc=DA600&dc=D600&dc=D700&dc=DA500&dc=D200&dc=DA410&dc=DA450&dc=DA430&dc=DA440&dc=DB540&dc=DB400&dc=DA420&dc=DA460&dc=DB300&dc=DA470&dc=DA480&dc=DB100&dc=DA4A10&dc=DA4A20&dc=DA700&dc=DA4A30&dc=DB550&dc=D100&q1=recertify+server+id&uid=swg21084795&loc=en_US&cs=UTF-8&lang=all

but I don't understand it all.

Could you giva me a
1.
2.
3.
list to do everything.

Please????



0
 

Author Comment

by:jansjobe
ID: 16492161
Stupid me. I forgot to copy the recertified id to my client: NOW I CAN LOG IN REMOTELY!!!!!

Now I need help to create myself as a user with full rights,
fix the thing at the server,
and check that everything is alright.


More questions:

It is only one file (.nsf) that is important. If I make a new install on a new machine, can I just copy this file to that server?

Is it possible to export the data from this file to some other format? SQL maybe. My employer is considering another solution for the database.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 16495774
Hey! Well done!

About you last post:
1. isn't the admin user a user with full rights?
2. if you install a new environment (server and client) with exactly the same name as the old one, you might succeed. I'd say 80%
3. export is possible, but it ain't as easy as you think: no SQL (standard, requires additional product), and it depends heavily on the structure of the database. One form and a few views are probably easy, but many forms and a complex document structure might take a long time.

Your server may serve you a long time when you fixed it all. The certificates should never have expired with the proper management, and documentation. See to it that you do a better job! :)
0
 

Author Comment

by:jansjobe
ID: 16533161
Thanks guys!
Always get my things solved here!

Jan
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 16533432
You're welcome!

Next time, be a sport, and give an A... Or tell us why you're not completely satisfied.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For Desktop Techs: How to retain a user's Notes configuration data when swapping out the end user's computer. (Assuming that you are not upgrading to a completely different version of Notes client) All you need to do is: 1) install Notes o…
  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question