Symetrik Domino Consulting

Last night, one of our admins accidentally replicated the R8 pilot server address book to a R6.5.6 production server address book through his notes client.

This royally screwed up the 6.5.6 address book. Some of the servers rebooted themselves, mail wouldn’t route, dc.nsf appeared to be out of order, etc.

We fixed it by manually replacing the address books on the bad servers at the file system level with a good copy from another server that hadn’t replicated the bad design yet. Another option to keep open is to keep a local replica of the NAB on all of your admin clients, and set your admin clients only to replicate with the server ever hour, 2 hours, or 4 hours. This way, the local replica copy of the NAB on the admin clients is pretty much up to date, but if something happens, it gives you a bit a time to discover that something is wrong. It’s not a perfect solution, but good (possible) option to have in place when you notice that something is very very wrong. A scenario might be that you discover your NAB is bad, and your local admin client hadn’t replicated for 3 hours and does not have the bad design. This can save you. Read the rest of this entry »

We have sites in South America where network connectivity is very unreliable. We have MPLS lines connecting the remote offices in those locations, and we also have Internet access from each of the offices.

When setting up our replication/mail routing architecture in these locations where connectivity is unstable we got a little creative.

First, we have our hub servers in the Home office in Hong Kong. These hub servers do all of the replication from Hub to spoke. This cuts down on the overall replication overhead on the network. The idea is that cluster cache doesn’t have to be rebuilt every time if we have only the hubs replicating to the spokes. At the end of the day, network utilization and time required to replicate is actually lower.

We also put clusters in each site. This alleviates downtime in the event that one of the servers goes down. Since we have clusters, we can set the connection document to replicate with the cluster instead of the individual servers. This provides much benefit because replication still occurs if one server is down. It also reduces the network utilization in half because replication will only occur one time, to the cluster, instead of twice to each individual server. Read the rest of this entry »

We have two hub servers in our environment that are clustered.

We use these as replication hubs to all of our spokes (local and remote sites). Additionally, these act as sort of a mail hub since all of our remotes sites are not directly connected to our home office site. Lastly, they also serve as outbound SMTP gateways.

Any mail that is sent from Chile to a user in Spain gets routed through Hong Kong since their is not a direct connection from Chile to Spain.

All servers in each site are in their own NNN (Notes Named Network). The Hong Kong site servers are in their own NNN. The hubs are in their own NNN.

This allows us to route mail through Hong Kong where necessary using mail connection documents. Read the rest of this entry »

I take a look at our admin4.nsf database every morning as part of the things that I “check on” in our environment.

I usually look for pending deletes that other admins in other regions don’t have the access to approve, or don’t know to approve.

I also look at the errors to see who is using an ID file with a public key certificate that does not match their person document. This error pops up when they are using a certificate that is different than the one their person document was generated with.

This disallows adminp to update the Internet password field with their Lotus Notes Client ID file password. That option is set in the user security preferences on the Security Basics tab. Read the rest of this entry »

So I’m wondering what the implications are if you lower your user’s access in the mail files to editor instead of manager.

Here’s what I’ve come up with (not we are using OpenNTF 1.7b mail template on mostly 6.5.6FP2 servers with 6.5.x clients – http://www.openntf.org to get the template).

If they only have editor access:
1. Quick Stuff access does not work, because they cannot update the outline. Adding a user to Quick Stuff basically adds a name to the outline. They cannot update the outline because they don’t have designer access.
2. They cannot archive their mail file. I’m not sure why, but I’m guessing it has something to do with creating a new database.
3. They cannot delegate their mail file to other users. I’m guessing this is because to do so, you basically update the ACL in the mail file.

Any feedback on the above or other gotchas?