Domino Access List Issues - New 8.5 Mail databases

Hello,

We are in the process of rolling out Domino 8.5. Im also creating new mailbox's for the users. I do this by creating the mailbox on the shore server and then pushing it out to the vessels.

When i logon to the vessel and start nlnotes.exe (logged on as the server, with server ID) i can’t open the new databases i have created even though i have got the server clearly listed in the access list with full rights. In order to access the database i need to use my own ID (full administrator) or use the users ID.

The strange thing is - if i try to open all 6 of the new mailbox's i can open 2 or 3 of them but others i cant??

I have checked and double checked the access lists and they are all identical.

Can anyone advise why this might be happening and how i can fix it?

Attached is what the access control list looks like.

Thanks
 Access list of database that will not let server Navion Oslo into the database
TeekayVSSAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DominoGCommented:
Can I first ask what is the purpose of the # symbol in

#Admins
#Servers
0
bluemelnCommented:
Check if the server ID is listed as an Administrator in the Configuration document.
Domino Admin > Configuration tab > Server Document > Security tab.

Is there a reason you log on with the Server ID rather than an admin ID?

DominoG: The #sign at the beginning indicates that it is a group, it is a naming convention to easily distinguish groups from individuals.
0
Sjef BosmanGroupware ConsultantCommented:
The server's access rights have little to do with the user's access rights. It is a bad idea to log on as a server.  A server (as indicated by the ACL) does not have the same operations on a database as a user.

Additional remarks/questions:
- What error message do you get??
- Is a vessel also a server?
- How do you "push out" mail databases?
- Who is the owner of these mail databases? What is their ACL?
- Why do you use nlnotes.exe ?
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

TeekayVSSAuthor Commented:
Hi,

First of all, thanks for your responses.

Additional remarks/questions:
- What error message do you get??
When i try to access the data base i get the alert "You are not autherised to access that database"

- Is a vessel also a server?
Each vessel is a server - every pysical vessel has its own Domino server.

- How do you "push out" mail databases?
I first create the mail databases (logged in with my own ID) and give them the correct owner and access rights. I then create a new replica on the server and setup a connection document. The system then pushes them out over night.

- Who is the owner of these mail databases? What is their ACL?
The owner is set as the user who will be using the mail database (Cheng - Vessel Name, Choff, Master or Mates). The example above is a system mail database and its just used to email files to the vessel, however i have attached a example of a user mail databases (Cheng) that i cant access with the server ID.

- Why do you use nlnotes.exe ?
We use nlnotes to access the domino server and database, we logon as the consloe to the sever (server 2003 in workstation mode),  and then start nlnotes from D:\Notes and this allows us to access the databases. We dont have the Admin program installed as its a shared server and secirity is less than aditquit to be honest.

Im aware that we should not be using the server ID to logon, however the server ID is in the D:\Notes folder and we dont want to transfer the admin ID's to the vessels server everytime we logon (very low 80k bandwidth) and then leave them there. We have a few different poeple doing this.


bluemeln:
Check if the server ID is listed as an Administrator in the Configuration document.
Domino Admin > Configuration tab > Server Document > Security tab.

I checked this and we have the #Servers group in there - It has all the vessels in there.

Thanks!

   Cheng mail database ACL - Cant be accessed by server ID Amundsen Spirit
0
TeekayVSSAuthor Commented:
Here i have also attched the Choff mail ACL - I can access this database fine?

 Choff mail database ACL -  Can be accessed by Amundsen Spirit server ID
0
TeekayVSSAuthor Commented:
Sorry - now with the server selected:

 Choff mail database ACL -  Can be accessed by Amundsen Spirit server ID
0
doninjaCommented:
If a server ID is explicitly listed or added to a group in the ACL that has the User Type of Server then you will not be able to us notes.exe to logon as that server. It will only work when used as part of a domino server.

This si a security feature to stop people getting a server id file that normally has no password and trying to use it to access databases.

Some of the databases may not have the server name explictly listed and is therfore allowing access to the mailfile or has anonymous or default permissions set to allow access.

First I would try this again not logged on as server but with server started, then to test access to a db using the server, from the console try a simple compact of the database
load compact database options
you can only run compact if you have access.

To test user access then get an ID to use with nlnotes.exe that is a member of your #Admins group

0
akhafafCommented:
  Hi there TeekayVSS ,,,

- >>> The strange thing is - if i try to open all 6 of the new mailbox's i can open 2 or 3 of them but others i cant??<<< is possible to make a small try over here ???
Is it possible to copy the ACL of one of Mailboxes you are able to access to one of the mailboxes you are able to access then check ??? I am not really sure about this but just I would like to try .

Moreover, could you have a fast look on the server documents and the configuration documents of all domino servers ( just for checking )

http://www.ibm.com/developerworks/lotus/documentation/notes/

Best Wishes
0
TeekayVSSAuthor Commented:
Hello,

After leaving this setup for some time (days), i can now access everything as i want. No one made any changes.

Strange one.

Anyway it works now.
0
Sjef BosmanGroupware ConsultantCommented:
Maybe because you installed R8.5.3 recently? ;-)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
akhafafCommented:
Or maybe you installed a Fix Pack on the domino server ......
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Lotus IBM

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.