jansjobe
asked on
Server Certificate expired - can't log in!!!
I just got responsible for a Lotus server. The guy before me sadly past away.
Now I can't log in, because his certificate has expired; he was the admin of the server and there is no one else.
I got a couple of .id files, all expired, can I in any way tamper these to allow me to log in as administrator?
I know the password of the old admins account.
THIS IS REALLY URGENT!!!
Now I can't log in, because his certificate has expired; he was the admin of the server and there is no one else.
I got a couple of .id files, all expired, can I in any way tamper these to allow me to log in as administrator?
I know the password of the old admins account.
THIS IS REALLY URGENT!!!
ASKER
This Lotus server is only used as a database for a web server, and it is still running OK. But now I have to update a lot of data and cannot get in...
I have the cert.id but I don't know the password...
There is also
server.id (expired)
dolcert.id (old, never touched since 2000)
SAFE.ID (don't know)
and last a user id for the previous admin, wich I know the password for.
No valid id's seems to be left...
As I understand it, the cert.id is the one to go for here, but how? And if I can find out the password; what do I do with this file?
Can I make a new user (myself) and give me full permission to everything? How?
I am very new to Lotus, and need all the help I can get!!!
Best Regards,
Jan
I understand all your question, but I must say that there is little hope when you don't know the passwords. Decrypting an id-file isn't possible without a password. Important are:
- cert.id (required when (re)certifying users) and password
- server.id
If you have those 3 items (2 id's and password), AND you have access to the server, AND the server is a Windows system, you might be able to fix it.
It is (or used to be) possible to log in in the server's data directory as a user. The Domino-server should be stopped, and then you can start nlnotes from the server's data directory, using the server's id. When that works, you can try to get your server.id file recertified. But you NEED the password for the certifier id.
Still, you didn't answer the questions from my previous post.
You might be better off if set up a new server with the same name but on a separate system, and you try to copy the website database to that new server's data directory. However, if the databases were sufficiently protected, you won't get access. Also, you need to create user-id's for the users you had.
- cert.id (required when (re)certifying users) and password
- server.id
If you have those 3 items (2 id's and password), AND you have access to the server, AND the server is a Windows system, you might be able to fix it.
It is (or used to be) possible to log in in the server's data directory as a user. The Domino-server should be stopped, and then you can start nlnotes from the server's data directory, using the server's id. When that works, you can try to get your server.id file recertified. But you NEED the password for the certifier id.
Still, you didn't answer the questions from my previous post.
You might be better off if set up a new server with the same name but on a separate system, and you try to copy the website database to that new server's data directory. However, if the databases were sufficiently protected, you won't get access. Also, you need to create user-id's for the users you had.
ASKER
It is a windows machine with XP Pro SP2.
Notes 6.5.1
Domino also 6.5.1 (???)
Does hardware really matter? Celeron 1.2GHz, 512 RAM
How can I get access locally?
A new server is no option at this time...
And there was no users exept the admin.
As I understand there is a console; can I use this ?
Notes 6.5.1
Domino also 6.5.1 (???)
Does hardware really matter? Celeron 1.2GHz, 512 RAM
How can I get access locally?
A new server is no option at this time...
And there was no users exept the admin.
As I understand there is a console; can I use this ?
ASKER
YES!!!
I found out the password for the cert.id !!!!
The former admin did not have a lot of imagination...
And the server.id does not seem to have a password?!?? I can open it in "Configuration->ID Properties" without entering anything.
What do I do now? I need a really thorough explanation!
Best regards,
Jan
I found out the password for the cert.id !!!!
The former admin did not have a lot of imagination...
And the server.id does not seem to have a password?!?? I can open it in "Configuration->ID Properties" without entering anything.
What do I do now? I need a really thorough explanation!
Best regards,
Jan
Well done!! Ehm, it's 19:00 over here, dinner time.
Maybe I'll be back later today...
Maybe I'll be back later today...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry, but I can't even log in, there is no user at this time with valid certificate...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
"Notes from the data directory", exactly how do I do this? Start the Notes Client and select this directory? Or double click some file in the data directory?
And how do I stop the Domino server? "Exit" or something in the open server (dos-like) window?
As I said, I am VERY new to Lotus!
And how do I stop the Domino server? "Exit" or something in the open server (dos-like) window?
As I said, I am VERY new to Lotus!
ASKER
I must add that this server is always online and I must keep the downtime to a MINIMUM!
Indeed, you go into the program directory on the server and you doubleclick on notes.exe. I think it's not necessary that you have to be in the data directory.
To stop the Domino server you type "Quit" on the console (DOS-like indeed).
To stop the Domino server you type "Quit" on the console (DOS-like indeed).
jansjobe,
> I must keep the downtime to a MINIMUM!
Then do this when there are practically no users (early in the morning or in the evening). How many visitors per day do you have?
> I must keep the downtime to a MINIMUM!
Then do this when there are practically no users (early in the morning or in the evening). How many visitors per day do you have?
ASKER
Good question; is this something I can see in Domino somewhere?
WIth the administrator client you should be able to see that info. Once you can log in.
You are in a Chicken and egg situation, you can not recertify until you log on, but you can not log on until you have a valid ID and certificate.
Unless you are able to log on as the Server using the Server ID, ( doubtful in R 6.5 ), then you may have to start from scratch and recreate the Server.
Is there a Noes client installed somewhere ? Do you even have the Noets client software or CD ?
The client is normally NOT installed on the server machine.
I hope this helps !
You are in a Chicken and egg situation, you can not recertify until you log on, but you can not log on until you have a valid ID and certificate.
Unless you are able to log on as the Server using the Server ID, ( doubtful in R 6.5 ), then you may have to start from scratch and recreate the Server.
Is there a Noes client installed somewhere ? Do you even have the Noets client software or CD ?
The client is normally NOT installed on the server machine.
I hope this helps !
ASKER
I am now very tired. This is not good. Not good at all.
I tried to shut down, open local, certify both server.id and admin.id, and it seemed to work.
Now when I try to run Domino Admininstrator (on the server) I get:
Server error: Requesting system's ID is the same as the servers ID. You can not use the same ID on two systems.
When I try to log in from a client with the old admins id, it's the same: expired...
HELP!!!!!!!!!!!!
Also found:
http://www.ibm.com/support/docview.wss?rs=899&context=SW710&context=SW760&context=SW870&context=SWA40&context=SWA50&context=SWAZ0&context=SWB20&context=SWB40&context=SWCZ0&context=SWD10&context=SWD20&context=SWDZ0&context=SWH30&context=SWL40&dc=DB510&dc=DB520&dc=D800&dc=D900&dc=DA900&dc=DA800&dc=DB530&dc=DA600&dc=D600&dc=D700&dc=DA500&dc=D200&dc=DA410&dc=DA450&dc=DA430&dc=DA440&dc=DB540&dc=DB400&dc=DA420&dc=DA460&dc=DB300&dc=DA470&dc=DA480&dc=DB100&dc=DA4A10&dc=DA4A20&dc=DA700&dc=DA4A30&dc=DB550&dc=D100&q1=recertify+server+id&uid=swg21084795&loc=en_US&cs=UTF-8&lang=all
but I don't understand it all.
Could you giva me a
1.
2.
3.
list to do everything.
Please????
I tried to shut down, open local, certify both server.id and admin.id, and it seemed to work.
Now when I try to run Domino Admininstrator (on the server) I get:
Server error: Requesting system's ID is the same as the servers ID. You can not use the same ID on two systems.
When I try to log in from a client with the old admins id, it's the same: expired...
HELP!!!!!!!!!!!!
Also found:
http://www.ibm.com/support/docview.wss?rs=899&context=SW710&context=SW760&context=SW870&context=SWA40&context=SWA50&context=SWAZ0&context=SWB20&context=SWB40&context=SWCZ0&context=SWD10&context=SWD20&context=SWDZ0&context=SWH30&context=SWL40&dc=DB510&dc=DB520&dc=D800&dc=D900&dc=DA900&dc=DA800&dc=DB530&dc=DA600&dc=D600&dc=D700&dc=DA500&dc=D200&dc=DA410&dc=DA450&dc=DA430&dc=DA440&dc=DB540&dc=DB400&dc=DA420&dc=DA460&dc=DB300&dc=DA470&dc=DA480&dc=DB100&dc=DA4A10&dc=DA4A20&dc=DA700&dc=DA4A30&dc=DB550&dc=D100&q1=recertify+server+id&uid=swg21084795&loc=en_US&cs=UTF-8&lang=all
but I don't understand it all.
Could you giva me a
1.
2.
3.
list to do everything.
Please????
ASKER
Stupid me. I forgot to copy the recertified id to my client: NOW I CAN LOG IN REMOTELY!!!!!
Now I need help to create myself as a user with full rights,
fix the thing at the server,
and check that everything is alright.
More questions:
It is only one file (.nsf) that is important. If I make a new install on a new machine, can I just copy this file to that server?
Is it possible to export the data from this file to some other format? SQL maybe. My employer is considering another solution for the database.
Now I need help to create myself as a user with full rights,
fix the thing at the server,
and check that everything is alright.
More questions:
It is only one file (.nsf) that is important. If I make a new install on a new machine, can I just copy this file to that server?
Is it possible to export the data from this file to some other format? SQL maybe. My employer is considering another solution for the database.
Hey! Well done!
About you last post:
1. isn't the admin user a user with full rights?
2. if you install a new environment (server and client) with exactly the same name as the old one, you might succeed. I'd say 80%
3. export is possible, but it ain't as easy as you think: no SQL (standard, requires additional product), and it depends heavily on the structure of the database. One form and a few views are probably easy, but many forms and a complex document structure might take a long time.
Your server may serve you a long time when you fixed it all. The certificates should never have expired with the proper management, and documentation. See to it that you do a better job! :)
About you last post:
1. isn't the admin user a user with full rights?
2. if you install a new environment (server and client) with exactly the same name as the old one, you might succeed. I'd say 80%
3. export is possible, but it ain't as easy as you think: no SQL (standard, requires additional product), and it depends heavily on the structure of the database. One form and a few views are probably easy, but many forms and a complex document structure might take a long time.
Your server may serve you a long time when you fixed it all. The certificates should never have expired with the proper management, and documentation. See to it that you do a better job! :)
ASKER
Thanks guys!
Always get my things solved here!
Jan
Always get my things solved here!
Jan
You're welcome!
Next time, be a sport, and give an A... Or tell us why you're not completely satisfied.
Next time, be a sport, and give an A... Or tell us why you're not completely satisfied.
There are 2 types of id-files: the certifier id, and all the rest: server-id, admin-id, user-id (they are basically the same). To (re-)certify an id-file, you NEED to have the certifier id-file (cert.id) and you NEED to know the password. If you don't have them both, you're in big trouble. You find that the password to the cert.id file is the same as the password to the admin.id file, but that's not always the case.
What id's are expired? Server-id?, Admin-id? Your id? Are there any valid id's left?
I assume you're on a Windows server (any version). It would then be possible to recertify id's from the server's environment but running as local user, on the server itself. What environment do you have: hardware, O/S, Notes and Domino versions, etc.?