Lotus iNotes - users cannot log into mail database
Few days ago we installed brand new Domino 8.5.3 server in MS Windows 2008R2 environment.
Before Domino, user was powered by Lotus Foundations Server, from which we sucessfuly migrated users mail databases.
Also, we created self certificate for the server so it can use SSL for secure access.
However, the problem appered instantly which is this:
- Only domain administrator and one other user can use webmail access. Also, only those two users can use their Blackberry phones to access mail, and Lotus Traveler for Symbian powered devices.
- All other users are failing to use any of those services.
Accessing the mail server through web browser or BB results in reappearance of the login dialog and nothing happens. After few login inputs, server reports generic error "User not authenticated". Looking at the Domino Console shows no warrnings or errors, whatsoever. Also, checking of the server log file log.nsf shows that no error/warning entries are there.
The most confusing fact is that those two users can access those features (including mail databases of other users where ACL allows), and others can't. Even if we register new users, all of them cannot access their mail databases through iNotes web access.
Any ideas would be most welcome.
Before Domino, user was powered by Lotus Foundations Server, from which we sucessfuly migrated users mail databases.
Also, we created self certificate for the server so it can use SSL for secure access.
However, the problem appered instantly which is this:
- Only domain administrator and one other user can use webmail access. Also, only those two users can use their Blackberry phones to access mail, and Lotus Traveler for Symbian powered devices.
- All other users are failing to use any of those services.
Accessing the mail server through web browser or BB results in reappearance of the login dialog and nothing happens. After few login inputs, server reports generic error "User not authenticated". Looking at the Domino Console shows no warrnings or errors, whatsoever. Also, checking of the server log file log.nsf shows that no error/warning entries are there.
The most confusing fact is that those two users can access those features (including mail databases of other users where ACL allows), and others can't. Even if we register new users, all of them cannot access their mail databases through iNotes web access.
Any ideas would be most welcome.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
DomLog can be used, but is costly in terms of performance. better to use logging to textfiles.
IMHO, in most cases, performance isn't the issue, and fast and simple access to the logs is appreciated...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for dpohl's comment #37802806
Assisted answer: 200 points for sjef_bosman's comment #37799864
for the following reason:
As it was described in my answer to questions from other experts, I discovered the problem by myself. Since I documented in detail what was the problem and where the solution was, I think I diserve some rewar points, right?
Accepted answer: 0 points for dpohl's comment #37802806
Assisted answer: 200 points for sjef_bosman's comment #37799864
for the following reason:
As it was described in my answer to questions from other experts, I discovered the problem by myself. Since I documented in detail what was the problem and where the solution was, I think I diserve some rewar points, right?
I object. You do not seem to realize that my answer described EXACTLY that the crappy way in which you executed the migration was the root cause of the failure.
A little research into documentation provide by IBM, especially one of the many upgrade or deployment guides, combined with proper study of the Admin guide, would have made this a lot easier, and wrinkle free for your users. And with a lot less work for you, and fewer security risks. You did not get errors because everyone has the keys to everything. You are lucky encryption was not used more by your users, or you would have had heaps of troubles. I repeat: the fact that your setup works is more due to luck than your understanding of Domino.
Please, educate yourself, and at least run your deployment plan by an export before rollout. Good luck.
A little research into documentation provide by IBM, especially one of the many upgrade or deployment guides, combined with proper study of the Admin guide, would have made this a lot easier, and wrinkle free for your users. And with a lot less work for you, and fewer security risks. You did not get errors because everyone has the keys to everything. You are lucky encryption was not used more by your users, or you would have had heaps of troubles. I repeat: the fact that your setup works is more due to luck than your understanding of Domino.
Please, educate yourself, and at least run your deployment plan by an export before rollout. Good luck.
ASKER
@larsberntrop
I have to say that your reaction and your comment absolutely goes out of proportion.
First, your answer have no relevance to my question, as I was talking about migration from Lotus Foundations Server to the full featured Lotus Domino Server. LFS server is completely locked down version who's purpose in LFS environment is mail serving only, nothing more, nothing less. Everything else is controlled by SuSe Enterprise Server, which includes even way of encryption of databases. You CAN set different attributes directly on NFS databases, but after server restart in any case, all those settings will be set again by the system to the default values. So, please, don't talk about my Domino knowledge here, since it sound pretty offensive and rude.
However, as I said at the beginning of this post, you were talking about upgrading Lotus Domino, not moving NFS databases only from LFS environment to the Domino environment.
Anyway, FYI, BEFORE we moved databases physicaly from the LFS server, we did preparations considering encryption, so again - don't question my knowledge, but question your way of talking to someone you even don't know.
Also, I gave point to sjef_bosman only since his questions were showing the direction, even if I already solved the problem much before I red his and all other comments here. And I honestly aknowledge that the error was all ours (or mine, whatever will suite your mind) that we forgot to check the user's Internet password.
Thank you for your time to try and help me. I'm honestly gratefull for that which I showed in my post thanking to all of you two times.
I have to say that your reaction and your comment absolutely goes out of proportion.
First, your answer have no relevance to my question, as I was talking about migration from Lotus Foundations Server to the full featured Lotus Domino Server. LFS server is completely locked down version who's purpose in LFS environment is mail serving only, nothing more, nothing less. Everything else is controlled by SuSe Enterprise Server, which includes even way of encryption of databases. You CAN set different attributes directly on NFS databases, but after server restart in any case, all those settings will be set again by the system to the default values. So, please, don't talk about my Domino knowledge here, since it sound pretty offensive and rude.
However, as I said at the beginning of this post, you were talking about upgrading Lotus Domino, not moving NFS databases only from LFS environment to the Domino environment.
Anyway, FYI, BEFORE we moved databases physicaly from the LFS server, we did preparations considering encryption, so again - don't question my knowledge, but question your way of talking to someone you even don't know.
Also, I gave point to sjef_bosman only since his questions were showing the direction, even if I already solved the problem much before I red his and all other comments here. And I honestly aknowledge that the error was all ours (or mine, whatever will suite your mind) that we forgot to check the user's Internet password.
Thank you for your time to try and help me. I'm honestly gratefull for that which I showed in my post thanking to all of you two times.
I'm sorry, but I stand by my comments. Granted, upon reflection the notes.ini would have had to be edited to convert it from Unix style linebreaks to Windows style line breaks, but you could've still performed an Upgrade of the Foundations server by creating a new Windows server, copy the data directory andnotes.ini from LFS, and let Domino installer upgrade that. The LFS specific design wil disappear when the 8.5.3 design updates are applied, perhaps with some checking with a designer client to see that all the old LFS cruft was removed.
Benefits: no need to recreate all the users, or sign all the dbs, encryption would have continued to work.
I'm sorry if my tone offended you. I'm perhaps too passionate about Domino...
Benefits: no need to recreate all the users, or sign all the dbs, encryption would have continued to work.
I'm sorry if my tone offended you. I'm perhaps too passionate about Domino...
ASKER
You're right for that matter - migration could be done the way you described now. But, first, the existing LFS server was used by only 14 users in total, and second - since we had to use the same hardware, and had no other resource for migration on the site, I think the way we did it was pretty reasonable.
Still, my question was pointing to the situation that appeared AFTER the installation of the Domino Server was already in place, so, as you are, I'm standing behind my answer to your objection - your suggestion, no matter how good your intentions were, was not answering anything but suggested how the migration should be done.
I accept your appology and somehow I'm sure we share the same level of passion for Lotus Domino.
I wish you all the best and hope to meet you on some other questions here, as a collegue and compatriot, and not someone who I have to calm down when he missunderstands my question, thinking, or whatever else. ;-)
Sincerly,
Damir.
Still, my question was pointing to the situation that appeared AFTER the installation of the Domino Server was already in place, so, as you are, I'm standing behind my answer to your objection - your suggestion, no matter how good your intentions were, was not answering anything but suggested how the migration should be done.
I accept your appology and somehow I'm sure we share the same level of passion for Lotus Domino.
I wish you all the best and hope to meet you on some other questions here, as a collegue and compatriot, and not someone who I have to calm down when he missunderstands my question, thinking, or whatever else. ;-)
Sincerly,
Damir.
Sounds like you did a new install and so the new server cannot trust the users certified with the old certificate, because of how PKI works...
If you have a backup of the data directory and the notes.ini of the original server, you might try this:
Create a fresh 2008 server with the data directory and notes.ini in the intended place, and install Domino 8.5.3 over it. It should upgrade and produce a running server.
Btw: I would not boast about a succesful migration if users cannot access their mail!