Server Certificate expired - can't log in!!!

I just got responsible for a Lotus server. The guy before me sadly past away.
Now I can't log in, because his certificate has expired; he was the admin of the server and there is no one else.

I got a couple of .id files, all expired, can I in any way tamper these to allow me to log in as administrator?
I know the password of the old admins account.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sjef BosmanGroupware ConsultantCommented:
Tampering with id-files is not possible. Notes and Domino do have a very tight security.

There are 2 types of id-files: the certifier id, and all the rest: server-id, admin-id, user-id (they are basically the same). To (re-)certify an id-file, you NEED to have the certifier id-file ( and you NEED to know the password. If you don't have them both, you're in big trouble. You find that the password to the file is the same as the password to the file, but that's not always the case.

What id's are expired? Server-id?, Admin-id? Your id? Are there any valid id's left?

I assume you're on a Windows server (any version). It would then be possible to recertify id's from the server's environment but running as local user, on the server itself. What environment do you have: hardware, O/S, Notes and Domino versions, etc.?
jansjobeAuthor Commented:

This Lotus server is only used as a database for a web server, and it is still running OK. But now I have to update a lot of data and cannot get in...

I have the but I don't know the password...
There is also (expired) (old, never touched since 2000)
SAFE.ID (don't know)
and last a user id for the previous admin, wich I know the password for.

No valid id's seems to be left...

As I understand it, the is the one to go for here, but how? And if I can find out the password; what do I do with this file?
Can I make a new user (myself) and give me full permission to everything? How?

I am very new to Lotus, and need all the help I can get!!!

Best Regards,
Sjef BosmanGroupware ConsultantCommented:
I understand all your question, but I must say that there is little hope when you don't know the passwords. Decrypting an id-file isn't possible without a password. Important are:
- (required when (re)certifying users) and password

If you have those 3 items (2 id's and password), AND you have access to the server, AND the server is a Windows system, you might be able to fix it.

It is (or used to be) possible to log in in the server's data directory as a user. The Domino-server should be stopped, and then you can start nlnotes from the server's data directory, using the server's id. When that works, you can try to get your file recertified. But you NEED the password for the certifier id.

Still, you didn't answer the questions from my previous post.

You might be better off if set up a new server with the same name but on a separate system, and you try to copy the website database to that new server's data directory. However, if the databases were sufficiently protected, you won't get access. Also, you need to create user-id's for the users you had.
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

jansjobeAuthor Commented:
It is a windows machine with XP Pro SP2.
Notes 6.5.1
Domino also 6.5.1 (???)
Does hardware really matter? Celeron 1.2GHz, 512 RAM

How can I get access locally?

A new server is no option at this time...

And there was no users exept the admin.

As I understand there is a console; can I use this ?
jansjobeAuthor Commented:
I found out the password for the !!!!
The former admin did not have a lot of imagination...

And the does not seem to have a password?!?? I can open it in "Configuration->ID Properties" without entering anything.

What do I do now? I need a really thorough explanation!

Best regards,
Sjef BosmanGroupware ConsultantCommented:
Well done!! Ehm, it's 19:00 over here, dinner time.

Maybe I'll be back later today...
Look up how to certify an ID in the Notes Administrative Client - Help.

Recertifying a certifier ID or a user ID  

I hope this helps !
jansjobeAuthor Commented:
Sorry, but I can't even log in, there is no user at this time with valid certificate...
Sjef BosmanGroupware ConsultantCommented:
You might be able to log in as a "user" using the file in the Domino-server's environment. Stop Domino, then start Notes from the data directory, select a different id-file ( and tell us what happens.

Most likely outcome: it refuses...

But if it works, you're in on you local system. DON'T try to access the Domino server, 1) it is stopped and must stay like that while you're busy, and 2) YOU are the Domino server at the moment.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jansjobeAuthor Commented:
"Notes from the data directory", exactly how do I do this? Start the Notes Client and select this directory? Or double click some file in the data directory?
And how do I stop the Domino server? "Exit" or something in the open server (dos-like) window?

As I said, I am VERY new to Lotus!
jansjobeAuthor Commented:
I must add that this server is always online and I must keep the downtime to a MINIMUM!
Sjef BosmanGroupware ConsultantCommented:
Indeed, you go into the program directory on the server and you doubleclick on notes.exe. I think it's not necessary that you have to be in the data directory.

To stop the Domino server you type "Quit" on the console (DOS-like indeed).
Sjef BosmanGroupware ConsultantCommented:
> I must keep the downtime to a MINIMUM!
Then do this when there are practically no users (early in the morning or in the evening). How many visitors per day do you have?
jansjobeAuthor Commented:
Good question; is this something I can see in Domino somewhere?
WIth the administrator client you should be able to see that info. Once you can log in.

You are in a Chicken and egg situation, you can not recertify until you log on, but you can not log on until you have a valid ID and certificate.

Unless you are able to log on as the Server using the Server ID, ( doubtful in R 6.5 ), then you may have to start from scratch and recreate the Server.

Is there a Noes client installed somewhere ?  Do you even have the Noets client software or CD ?

The client is normally NOT installed on the server machine.

I hope this helps !
jansjobeAuthor Commented:
I am now very tired. This is not good. Not good at all.
I tried to shut down, open local, certify both and, and it seemed to work.

Now when I try to run Domino Admininstrator (on the server) I get:
Server error: Requesting system's ID is the same as the servers ID. You can not use the same ID on two systems.
When I try to log in from a client with the old admins id, it's the same: expired...


Also found:

but I don't understand it all.

Could you giva me a
list to do everything.


jansjobeAuthor Commented:
Stupid me. I forgot to copy the recertified id to my client: NOW I CAN LOG IN REMOTELY!!!!!

Now I need help to create myself as a user with full rights,
fix the thing at the server,
and check that everything is alright.

More questions:

It is only one file (.nsf) that is important. If I make a new install on a new machine, can I just copy this file to that server?

Is it possible to export the data from this file to some other format? SQL maybe. My employer is considering another solution for the database.
Sjef BosmanGroupware ConsultantCommented:
Hey! Well done!

About you last post:
1. isn't the admin user a user with full rights?
2. if you install a new environment (server and client) with exactly the same name as the old one, you might succeed. I'd say 80%
3. export is possible, but it ain't as easy as you think: no SQL (standard, requires additional product), and it depends heavily on the structure of the database. One form and a few views are probably easy, but many forms and a complex document structure might take a long time.

Your server may serve you a long time when you fixed it all. The certificates should never have expired with the proper management, and documentation. See to it that you do a better job! :)
jansjobeAuthor Commented:
Thanks guys!
Always get my things solved here!

Sjef BosmanGroupware ConsultantCommented:
You're welcome!

Next time, be a sport, and give an A... Or tell us why you're not completely satisfied.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Lotus IBM

From novice to tech pro — start learning today.