Domino Authentication via SAML – All Flavours   

By Milan Matejic | 10/13/23 1:55 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

For the Engage 2022 event, I prepared a "Domino Authentication via SAML - All Flavours" session, to present it with my colleague Herwig W. Schauer. Alas, the session never got accepted and I never had time to convert it to a whitepaper. As I invested quite a bit of time for preparing the slides, I thought that I should upload it here before it inevitably travels into oblivion. Maybe it will come handy for some of you.

HCL Connections Mail Plug-in Deployment – Missing Information in the Documentation   

By Milan Matejic | 5/23/23 12:18 AM | Infrastructure - Connections | Added by Roberto Boccadoro

If you are planning to deploy the HCL Connections Mail Plug-in, take note of the KB0092821 knowledge base article. This is a mandatory step that must be done in HCL Connections 8 CR1 and newer environments. If the steps described in KB0092821 article are not followed, you will get the following error message in the browser console: Error: Unable to load https://<mailserver_hostname&gt; status: 403

HCL Notes – Swiftfile Not Working as Expected   

By Milan Matejic | 3/29/23 3:53 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

When using the "preview pane" in HCL Notes, and clicking on a folder, suggested by SwiftFile, the "move to folder" dialogue would sometimes come up. This was happening to my client, in about 1 of 20 cases

HCL Connections 8 – PDF Export Issues After Installing CNX in a Clustered WAS Environment   

By Milan Matejic | 3/24/23 5:12 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Recently I encountered an issue with PDF Export, right after the installation of HCL Connections applications in a multi-node, clustered, IBM WebSphere Application Server environment. This problem only occurs in a multi-node WAS environment. In the HCL Connections GUI, in the “PDF Export Access” settings of the”Edit Community” menu (Community –> Community Actions –> Edit Community –> PDF Export Access), the following error was displayed: Error 500: org.springframework.web.util.NestedServletException: Handler dispatch failed; nested exception is java.lang.NoClassDefFoundError: com/ibm/ess/ic/ic360/security/tai/Ic360ImpersonateUserTAI

HCL SafeLinx – Encrypted Communication Between the SafeLinx Client and the SafeLinx Server   

By Milan Matejic | 7/14/22 1:34 AM | Infrastructure - SafeLinx | Added by Roberto Boccadoro

One of the first things you should do, is to configure the communication between the HCL SafeLinx Administration client and the HCL SafeLinx Access Manager, so that it takes place in an encrypted and secure manner. For this, only a few simple steps are needed.

Kubernetes – Host Entries   

By Milan Matejic | 3/18/22 3:22 AM | Infrastructure - Connections | Added by Roberto Boccadoro

As Kubernetes pods do not make use of the Kubernetes nodes/hosts "host" file (/etc/hosts), which can be a challenge or a blessing, do not despair if you find yourself in an environment in which some DNS entries are missing. There is an easy workaround to "get you going".

HCL Connections – Orient Me “Loop”  

By Milan Matejic | 3/17/22 12:55 PM | Infrastructure - Connections | Added by Roberto Boccadoro

After deploying Orient Me, every try to open the new Orient Me homepage would result in a "loop", the user was being redirected from the Orient Me (/social) page to the Homepage application (/homepage) and back again to the Orient Me page. The root cause for the problem was not a bug or an error in the HCL Connections code, but rather the configuration of the HCL Connections Blue Stack and other components in the IT landscape of this environment.

HCL Connections CP – Enabling Elasticsearch Metrics  

By Milan Matejic | 3/16/22 3:50 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Recently, when enabling Elasticsearch metrics, I ran into an issue with the "config_blue_metrics.py" script. Which was failing every time I tried to run it . After looking into the WebSphere Metrics Application logs, “AppsCluster” if your HCL Connections Blue Stack environment is installed as a “Medium deployment”, I’ve noticed the following error: [10/3/22 17:26:54:477 IST] 0000016c LotusConnecti E Unable to access the required data javax.servlet.ServletException: java.io.FileNotFoundException: SRVE0190E: File not found: /configsetter ....

HCL Sametime – RunFaster=1  

By Milan Matejic | 3/3/22 2:50 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

verybody likes when software performs well and feels "snappy", guided by that mantra I've found that with the help of one "sametime.ini" parameter for LDAP tuning, you can improve the "login" performance of the clients and the time it takes to load Sametime Business Cards considerably.

HCL Sametime – Setting the Community ID  

By Milan Matejic | 12/7/21 2:40 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

If you are planning to deploy HCL Sametime Community service in a cluster or HA architecture, setting a Community ID is a must. Ideally, this should be an FQDN used for accessing the Community servers, something which is easy to remember, and your users can relate to. So, think ahead and use a name that can be used to access the service externally and internally

HCL Traveler – Cleaning up the “lotustraveler.nsf” database  

By Milan Matejic | 9/17/21 1:25 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

If you are seeing some old and invalid objects in the "lotustraveler.nsf", on the HCL Traveler server, try running "tell traveler cleanup show" command. It will show you which entries are obsolete and could be deleted. Provided that you are OK with the result, run the "cleanup" command without the "show" option, this command will delete the entries previously shown.

HCL SafeLinx – Performance for Nomad  

By Milan Matejic | 9/16/21 1:29 AM | Infrastructure - SafeLinx | Added by Roberto Boccadoro

If you are planing to deploy HCL Nomad and you are unsure about the hardware needed for the HCL SafeLinx server, make sure to read the recently published knowledge base article "HCL SafeLinx Performance for Nomad". It offers important performance insights for HCL SafeLinx and HCL Nomad, and shows just how cost-effective HCL SafeLinx is.

HCL Sametime Meetings – Meeting Chat Issue  

By Milan Matejic | 5/17/21 5:20 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

Recently I ran into the issue with HCL Sametime, the Chat was not working inside the Sametime Meetings. In this environment, the Sametime Meetings components are deployed on a single Docker host server. After a little bit of Troubleshooting and Log Analysis, I found the following error in the Sametime Proxy catalina logs: WARNING [https-jsse-nio-443-exec-8] com.ibm.rtc.stproxy.servlet.STProxyServlet.forward CLFRX0050E: User null – /stwebapi/chat/nway – <meeting_server_ip_address> is not authenticated.

HCL Sametime Policies – Troubleshooting  

By Milan Matejic | 4/19/21 3:08 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

I needed to set a new HCL Sametime policy just for a handful of users, so I have decided to do this via an explicit Sametime policy, assigned to the users via a new user group in LDAP user repository. This process is simple and very well documented, check out the official documentation if you have to do this https://help.hcltechsw.com/sametime/11.5/admin/creating_new_policy.html

HCL Connections Docs – 2.0.1 Update Issue  

By Milan Matejic | 4/7/21 1:30 AM | Infrastructure - Connections | Added by Andi Kress

Lately I had an issue upgrading from HCL Docs 2.0 CR3 iFix009 to 2.0.1. While upgrading “Docs Editor” application, using upgrade/install scripts, I was blessed with the following error code

HCL Connections 7 – PDF Export Issues  

By Milan Matejic | 4/2/21 4:40 AM | Infrastructure - Connections | Added by Roberto Boccadoro

After upgrading to HCL Connections 7, the new PDF Export feature didn't work. By clicking on the new "PDF" button inside the Wiki Page and trying to export it as a PDF, I would get an error in the GUI. In my two environments where I have encountered this, I had to do the following steps...

HCL Sametime Meetings 11.5 and LTPA version 2  

By Milan Matejic | 4/1/21 3:39 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

As the LTPA Token version 2 is more secure than the LTPA Token version 1, it has become a new default for me. Lately I found out that the Sametime Meetings Server does not accept the LTPA Token v2 out of the box, more on that in the following. :-)

HCL Sametime - Access User Directory over LDAPs  

By Milan Matejic | 3/9/21 2:19 AM | Infrastructure - Sametime | Added by Andi Kress

Configuring HCL Sametime Community Server to access the user directory over LDAPs is straightforward and usually fairly simple. In order to configure the access to Microsoft Active Directory for example, over LDAPs, you have to do the following...

HCL Domino – Directory Assistance – Access to Active Directory via LDAPs – Thoughts about HCL Connections, Domino and Sametime  

By Milan Matejic | 3/4/21 1:37 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

In order to re-configure the existing HCL Domino Directory Assistance document for accessing the user data over encrypted LDAP connection or LDAPs you have to do the following: Create a Domino keyring file for the source Domino server.

HCL Connections Invite – Issues when using TDS/SDS as User Repository  

By Milan Matejic | 3/3/21 5:04 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Take care when deploying the HCL Connections Invite application using the TDS (Tivoli Directory Server)/SDS (IBM Security Directory Server) as user repository. The following information from the official documentation is wrong.

HCL SafeLinx – SSL Issues   

By Milan Matejic | 2/11/21 8:35 AM | Infrastructure - SafeLinx | Added by Roberto Boccadoro

If you are using HCL SafeLinx and you cannot access your websites using “HTTPS” and you see the following error in the HCL SafeLinx “wg.log” log file: PKCS12_parse failed, return 587686001 (error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure Then, most likely, either you are using the wrong password for the “P12” file, database where your SSL certificates reside, or your HCL SafeLinx Server is installed on Linux and the password for the “P12” file contains some special characters that need to be escaped.

HCL Domino & ADFS – SSO Suddenly stops working  

By Milan Matejic | 1/26/21 2:28 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

If you are using ADFS with Domino as a Single Sign-On solution, and you get a call from a friendly user telling you that Single Sign-On stopped working, check if you are seeing the following error on the HCL Domino server console: SECCheckAndParseSAMLResponse> VerifyAssertionSignature : Document has been modified or corrupted since signed! (signature)

HCL Connections & Kerberos Authentication Protocol Issue  

By Milan Matejic | 1/12/21 2:46 AM | Infrastructure - Connections | Added by Roberto Boccadoro

After implementing Kerberos Authentication protocol for HCL Connections, as described in the official documentation (HCL Connections and IBM WebSphere documentation) and restarting the whole environment, the “synchronization status” of the Nodes in the IBM WebSphere ISC Console appeared to be “unknown”. All the HCL Connections Applications were running, there were no errors in GUI and the SSO was working without any issues.

HCL Traveler Database Migration – From DB2 to MS SQL – Made Easy  

By Milan Matejic | 1/7/21 2:55 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

One of my customers wanted to migrate the HCL Traveler Database from IBM DB2 to Microsoft SQL. The customer is using Microsoft SQL for all other applications, which is set up with redundancy and high availability in mind, so this was a sensible choice, opposed to running a single instance of DB2.

HCL SafeLinx 1.1.1 & HTTP Strict-Transport-Security   

By Milan Matejic | 12/11/20 4:37 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

After a SafeLinx Deployment I wanted to set the HTTP Strict-Transport-Security header, but there was nothing in the documentation about it, and I also could not find any option regarding this in the SafeLinx Administrator client settings. So I opened a Support case. According to the support you can use the command line on the HCL SafeLinx server to set the HTTP Strict-Transport-Security header as well as any other token header.

Domino, Designer and Notes v12 Roadmap – Thoughts about HCL Connections, Domino and Sametime  

By Milan Matejic | 11/11/20 3:42 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

During the first day of the virtual HCL Factory Tour we were able to see the roadmap for Domino, Designer and Notes v12. HCL continues to innovate and sets the bar high in regard to product quality. The new release of Domino, version 12, is coming in Q2 of 2021.

HCL Sametime Premium announced – It’s a stunner!  

By Milan Matejic | 11/10/20 12:18 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

As a part of HCL Digital Week, Luis and Gini presented the HCL Sametime Premium. It is intuitive, easy to use and frankly everything what we want from a modern video conferencing solution and more. The emphasis is put on cost savings, according to HCL you can save, for ten thousand users, over a million us dollars annually! In the following I will write a brief summary of the session, along with a few thoughts of my own.

HCL Domino v12 Preview – HCL Digital Week  

By Milan Matejic | 11/9/20 4:29 PM | Business - Events / People | Added by Oliver Busse

Today, as a part of the HCL Digital Week, we had an opportunity to take a glimpse into the future and the v12 version of HCL Domino. In the following I will write a brief summary of the session, along with a few thoughts of my own.

HCL Notes Connections Plug-In – Login via SPNEGO not possible   

By Milan Matejic | 10/20/20 3:29 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

If you are trying to use SPNEGO as the means for authenticating HCL Notes Connections Plug-In and you run into an issue, check if "Use the alias host name for the application server" option is used on Websphere Application Server and if that is the case try turning it off.

HCL Domino – Default LTPA Token  

By Milan Matejic | 10/19/20 3:07 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

I came across an HCL Domino environment with HCL Sametime where the Sametime embedded clients were logging in via LTPA but with a different authentication server than the Sametime Community server. As you can imagine, this was important to keep in mind during a Sametime migration. The Domino server used for authenticating Sametime clients is also hosting multiple websites and using multiple LTPA tokens, so the question was, which LTPA token is actually used for authenticating the Sametime clients.