Lotus IMP

These are the some important points to Remember the Lotus Administrator1) NSF Notes Storage Facility 2) NTFNotes Template Facility3) MIMEMulti purpose Internet Mail Extension4) We can give multiples passwords only for the Cert.id5) If we include the Server_Restricted =2 in the notes.ini file then only administrator can Access the server not other users.6) By default User.ID file Expires 2 years and Server.ID & Cert.ID Expires 100 Years7) If we find Kit Type=2 in the notes.ini file then, that noets.ini file is for the server.If we fine Kit Type=1, then notes.ini file for the client.8) Limitation of the Organization Unit only 4 levels. But IBM recommended keeping only two Organization Units.9) If we Register one Origination Unit, then it will created one ID file for OU & a Certifier Document in Domino Directory.10) User ID file Contains the Personal Document also11) When we Register User, then Domino Atomically Cerate the one ID file for the User, User Personal Document &Mail Database is created.12) By Default User Password is store in the User ID file.13) If User is moving from one server to other Server in Different Domin, then AdminP not involves the Process, Only if the User is moving form one Server to other Server with same Domin then only AdminP Process the Request.14) Local Domino Server Group is created by default when we installed the Additional Server.15) Server Console Security can implement thought the command Set Secure <password>16) If Administrator is forgot the console password, then just remove set secure line in the notes.ini file.17) By default no body Full Access Administrator.18) If User is include in the Server Access Group & Not Access server Group, then the particular user not access the server. 19) In server Document “Create Database & Templates” , if this option is empty then Every body can created the Database . This has to take care by administrator.20) By default Administrator Has the Right to create the Template.21) On Every Lotus Database having On Disk Structure (ODS) Versions

R6-43 R5-41 R4-20 R3-17 R2-16

22) After Upgrading the server from R5 to R6 , give the Compact Command then ODS version will change on every database.23) If .NSF Database is changed to .NS5, then it will not convert to any other ODS versions .it’s remains ODS version 41 only .that means R5 only.

24) Replication Occurs only Both Replica ID’s are same.25) Domino R6 Enterprise Server & Utility Server Support Clustering26) Domino Mail Server R6 version Do not Support Clustering. 27) Best Example of the Depositor is Mail. Box28) By default all users having the Author access to the Domino Directory.29) In the Readers filed controls that can see the Document & Authors filed promotes who author to editor to specific Document.30) Public Documents means even the no access users can see and edit the create the Document.31) Lotus uses the Secrete key encryption for Filed level security.32) NRPCNotes Remote Processor call.33) Domino Support Native MIME. But R4, R5 not support MIME.34) Mailer is lotus client software which deposits the mail to Mail. Box35) Domino Administrator can create Maximum of 10 Mail. Box36) Every User other then Administrator Depositor Access to Mail. Box37) DNNDomino Named Network38) NNNNotes Named Network39) By default Mail. Box Compact the every Day 4.00AM40) If ID file is store in the Domino Directory the ID file should contained the Password. If ID file not having password, then it will not store in the Domino Directory.41) SSOSingle sing On42) LDTWS Lotus Domino Toolkit for WebSphere StudioServer Console Commands:

Raj Kumar.B Mail ID : [email protected] 1

Show Serverit show the dead mails & pending mails. Tell Router Update configRouters will be reloaded the routing table. Tell AdminP Process Alladministor process the all pending requests. Load Fixup <Database name>It fix up the particular database. Load Compact <Database Name> It compact the that particular database Tell Router CompactIt Compact the Mail. Box Tell Router Show QueueIt will shows the mail held in transfer queues to spcfic servers. Show ClusterIt shows local server's cluster name cache, which includes a list of all cluster

members and their status, based on information received during the server’s cluster probes. Replicators=number of tasks , this setting you have to specify in the server notes.ini file. Restart Port portname, Using this command you can restart the TCPIP prot & other ports. Start Port portname, using this command you can start the port. like TCPIP Stop Port portname, Using this command you can stop the port. Show OpendatabaseIt will shows the current open databases Show Server It will Shows the server Information. Show Allports It will show the all ports Information on the Server. Show Users It will shows the Users will are in open sections. Show Memory It will show the memory Information on the server. Show Time It will shows the Current time on the server. Broadcast “Message” It will Broadcast the message to every open section user. Dbcache Show It will show the Cache files information on server. Dbcache Flush Clear the Cache on the server. Show Diskspace It will show the Disk Space information on the server.

Changing a TCP or SSL port number:By default, all NRPC connections use TCP port 1352. Because the Internet Assigned Number Authority (IANA) assigned Lotus Domino this port number, non-Domino applications do not usually compete for this port.

Do not change the default NRPC port unless:

You can use a NAT or PAT firewall system to redirect a remote system's connection attempt.

You are using Domino port mapping.

You create a Connection document that contains the reassigned port number.

To change the default NRPC port number, use the NOTES.INI setting TCPIPportname_TCPIPAddress and enter a value available on the system that runs the Domino server. TCP ports with numbers less than 5000 are reserved for application vendors. You may use any number from 1024 through 5000, as long as you don't install a new application that requires that number.

Default ports for Internet services

You may occasionally need to change the number of the TCP or SSL port assigned to an Internet service. Lotus Domino uses these default ports for Internet services: Service Default TCP port Default SSL portPOP3 110<nozeros> 995 <nozeros>

IMAP 143 <nozeros> 993 <nozeros>

LDAP 389 <nozeros> 636 <nozeros>

SMTP inbound 25 <nozeros> 465 <nozeros>

SMTP outbound 25 <nozeros> 465 <nozeros>

HTTP 80 <nozeros> 443 <nozeros>

IIOP 63148 <nozeros> 63149 <nozeros>

Server Controller N/A 2050<nozeros>

When we installed the First Domino server the following are created atomically


Cert.id--This is Organization Certifier & save in the Domino Directory Server.id Admin.id A Mail Database is created for the Administrator A personal document is created for the Administrator in domino directory. A server Document is created. A Domino Directory is created for server. A configuration Document is created for Domino Directory Log.nsf Certlog.nsf Admin4.nsf

These above 3 databases are required to run AdminP

Partition Server:

In partition server Environment, all Partitions share the same domino program directory and each partition has its own Domino data directory & notes.ini

Preventing users from viewing ADMIN4.NSF in a hosted environment :

By default, access to the Administration Requests database (ADMIN4.NSF) is set to "Author" for hosted organization administrators and for -Default-. With this level of access, anyone with a Notes ID at a hosted organization can open ADMIN4.NSF with a Notes client and view user activity in the database. This is a security risk.

To prevent users at a hosted organization site from accessing ADMIN4.NSF, do the following:

1. As the service provider administrator, open ADMIN4.NSF and select File - Database - Properties.

2. Select the i Tab and click User Detail.

3. In the User Activity interface, select the check box "Activity is confidential."

4. Click OK. Click X to close out of Properties.

The Domino server log (LOG.NSF):

Every Domino server has a log file (LOG.NSF) that reports all server activity and provides detailed information about databases and users on the server. The log file is created automatically when you start a server for the first time.

Notes ID file contains

User Name Password Certifier Information Certifier Duration Public Key Private Key Secrete Key

Procure for Enable Automatic Backup User ID files:

Create a New Database called Escrow.nsf by using the Mail6.nsf template. By default the Escrow.nsf can’t receive the mails, it can only send the Mails In order to receive the Mail to Escrow.NSf, cerate Mail-in-Database for the Escrow.nsf After above setting apply the Automatic Backup user ID for Organization.

General User Registration is of 4 types

1. Basic RegistrationUser Name & Password is mandatory 2. Advanced Registration3. Text File Registrationlast Name & Passwords are mandatory4. MigrationMigration tool must be installed during the Domino Administrator Software.


Policies:

A policy is a document that identifies a collection of individual policy settings documents. Each of these policy settings documents defines a set of defaults that apply to the users and groups to which the policy is assigned.

Policy Setting Documents are 4 Types1. Registration Policy2. Security Policy3. Desktop Policy4. Setup Policy5. Mail Archive Policy

Registration If a policy including registration policy settings is in place before you register Notes users, these settings set default user registration values including user password, Internet address format, roaming user designation, and mail.

Setup If a policy including setup policy settings is in place before you set up a new Notes client, these settings are used during the initial Notes client setup to populate the user's Location document. Setup settings include Internet browser and proxy settings, applet security settings, and desktop and user preferences.

Desktop Use desktop policy settings control and update the user's desktop environment or to reinforce setup policy settings. For example, if a change is made to any of the policy settings, the next time users authenticate with their home server, the desktop policy settings restore the default settings or distribute new settings specified in the desktop policy settings document.

Mail archiving Use archive policy settings to control mail archiving. Archive settings control where archiving is performed and specify archive criteria.

Security Use security settings to set up administration ECLs and define password-management options, including the synchronization of Internet and Notes passwords.

“If user is Already register, then we can apply only Archive Policy & Security Policy & Setup Policy”

“Policy are Introduced in the Domino R6 Version”

Groups:

Groups can be used for three purposes Mailing Server Security Database Security

Groups are 5 Types in Lotus Domino1. Multipurpose2. Mail Only3. ACL only4. Server Group5. Deny List Group

Multi-purpose Use for a group that has multiple purposes -- for example, mail, ACLs, and so on. This is the default.Access Control List only Use for server and database access authentication only.Mail only Use for mailing list groups.Servers only Use in Connection documents and in the Domino Administration client's domain bookmarks for grouping.Deny List only Use to control access to servers. Typically used to prevent terminated employees from accessing servers, but this type of group can be used to prevent any user from accessing particular servers. The Administration Process cannot delete any member of the group.

Administrator Types in Lotus Domino:

They are 6 types of Administrator will Available in the Domino server.1. Full Access Administrator2. View Only Administrator3. System Administrator4. Database Administrator


5. Administrator6. Remote Administrator

Encryption:

Domino uses the two types of Encryption Techniques

1. RSA Encryption

2. Dual Key Encryption

Encryption protects data from unauthorized access. For all types of encryption except network port encryption, Domino uses public and private keys .so that data encrypted by one of the keys can be decrypted only by the other. The public and private keys are mathematically related and uniquely identify the user. Both are stored in the ID file. Within the ID file, the public key is stored in a certificate, but the private key is stored separately from the certificate. The certificate containing the public key is also stored in the Domino Directory, where it is available to other users.

To create Notes public and private keys, Domino uses the dual-key RSA Cryptosystem and the RC2 and RC4 algorithms for encryption. To create the Internet public key, Domino uses the x.509 certificate format, which is an industry-standard format that many applications, including Domino, understand.

Both the Notes client and Domino server support 1024-bit RSA key and 128-bit symmetric key for S/MIME and SSL. The Notes proprietary protocols use a 630-bit key for key exchange, and a 64-bit symmetric key.

Cluster Concept:

All the servers in a Domino cluster continually communicate with each other to keep updated on the status of each server and to keep database replicas synchronized. Each server in the cluster contains cluster components that are installed when lotus domino Enterprise Server or Lotus domino 6 Utility server. These components in the Administrator process perform the Cluster Management & Monitor task to ensure that the cluster running smoothly.

“Cluster is group of 2 to 6 servers of same Domain & same DNN”

Clustering requirements:

1. All servers in a cluster use TCP/IP Protocol.2. All servers in the Cluster uses the same Domain and servers must use the same Domino Directory.3. A server can be a Member of only one cluster.4. All servers in a Cluster should be above R4.63 Enterprise Edition server.5. Placed the Cluster servers in the Private LAN (Optional)6. Client software is above R4.5 & Client should use the TCP/IP protocol.

There are two major reasons to create a replica for a database in a cluster -- to provide constant availability of the data and to distribute the workload between multiple servers.If you create too many Replicas’ in the cluster then it is unnecessarily to the overhead of maintaining a system and affect performance.

Example of clustering two servers for mail and applications

If you have only two servers in your cluster, you can set them up in one of two ways: You can use one of the servers as the primary server for user access and use the second server as a backup and failover server, or you can equally divide the workload between the two servers and have them fail over to each other. Dividing the workload typically ensures better performance when both servers are running. When one server is not available, performance is the same in both scenarios because one server must process the entire workload of both servers.

The following figure shows a cluster with two servers with the workload divided between the servers.


Adding a Cluster Server:

You will be prompted by verification prompt. Select Yes.You will prompted to create a New Cluster the 1st time you create a cluster. Click OK.

Next, you'll be prompted to provide a name for your cluster. For this example we have selected to name the cluster "MailCluster1".

Select "Yes" to the "....request immediately or via Admin Process" dialog.


You will receive the following prompt when successful.

We need to setup another Domino server on the same cluster in order for failover to function. Select another Domino server and step through the same steps as shown above. The only exception, is when prompted for the name of the cluster DO NOT select *Create New Cluster, select the down arrow key and select the cluster which was created in the steps above. (MailCluster1)

The Domino server will add a couple of services to both of the domino servers.

How failover works:

A cluster's ability to redirect requests from one server to another is called failover. When a user tries to access a database on a server that is unavailable or in heavy use, Domino directs the user to a replica of the database on another server in the cluster.

Changing the mail routing failover setting

To change the default mail routing failover setting, make the following change in the Configuration Settings document for every server in the cluster and every server in the domain that can route mail.

1. From the Domino Administrator or the Web Administrator, click the Configuration tab.

2. In the Task pane, expand Messaging.


3. Click Configurations.

4. Do one of the following:

From the Domino Administrator, select the Configuration document for the server or server group you want, and click Edit Configuration.

From the Web Administrator, open the Configuration document for the server or server group you want, and click Edit Server Configuration.

If you do not have a Configuration document for the server or server group you want, create one by clicking Add Configuration.

5. Click the Router/SMTP - Advanced - Controls tab.

6. In the Cluster failover field, choose one of the following:

Disabled

Enabled for last hop only (the default)

Enabled for all transfers in this domain

7. Save and close the Configuration document.

Note This setting affects delivery to a client but does not affect sending a message from a client when the mail server is unavailable. If a user sends a message when the mail server is unavailable, the delivery fails over to another server in the cluster, and the router on that server sends the message.

Fault recovery in a cluster

Fault recovery is the ability of a Domino server to clean up and restart itself after a failure. Fault recovery works well in a Domino cluster. If there is no Domino server to fail over to, fault recovery still ensures that users will have constant access to their data. Even if users fail over to another cluster server, fault recovery increases availability because the failed server becomes available again. In addition, depending on the workload balancing parameters you've set, some users will fail back to the original server when they open new databases.

If you are using an operating system cluster in conjunction with a Domino cluster, the decision about whether or not to use fault recovery depends on how you configured the operating system cluster. If you configured the operating system cluster to fail over on a hardware failure only, fault recovery works well. Fault recovery restarts Domino on its current server, and no operating system fail over occurs.

If you configured your operating system cluster to fail over on both hardware and software failures, you don't need fault recovery because the operating system cluster will restart Domino on another server in the cluster. In fact, you should disable fault recovery so you won't have Domino restarting itself while the operating system cluster is also restarting it. This can lead to problems.

By default, fault recovery is disabled. You enable it in the Server document.

1. From the Domino Administrator or the Web Administrator, click the Configuration tab.

2. In the Task pane, expand Server, and click All Server Documents.

3. In the Results pane, select the Server document you want, click Edit Server, and then click the Basics tab.

4. In the Fault Recovery section, choose "Enabled" in the "Automatically Restart Server After Fault/Crash" field.

Creating mail database replicas in a cluster during user registration from the Domino Administrator 1. Click the People & Groups tab.

2. In the Tools pane, expand People, and then click Register. 3. In the "Choose a Certifier" dialog box, choose a certifier and click OK. 4. In the Register Person -- New Entry dialog box, select Advanced, and then click the Mail tab. 5. In the Mail system field, choose Lotus Notes. 6. Click Mail Server, and choose a cluster server as the Mail server. 7. Click Mail File Replicas.


8. Select "Create mail database replica(s)." A list is displayed of servers in the same cluster as the Mail server.

9. Do one of the following:To create a replica of the mail database on all of the cluster servers, skip this step.To change the list of servers to receive a replica, use the Remove Server(s) button and the Add Server(s) button.

10. (Optional) Select "Create mail replica(s) in background." 11. Click OK, and then complete any other fields you want on the Mail tab. 12. (Optional) If you want to set up the user for roaming in a cluster, follow the procedure in the topic

"Setting up roaming in a cluster." 13. Complete the rest of the user registration the way you normally would.

Server Database Security: There are 7 types of Access levels are their in the ACL to access the Database.

Manager Designer Editor Author Reader Depositor No Access

Managerwho can create the Database is Manager to that database. Only manager can encrypt the Database.

Only Manger can Change the ACL setting. Only Manager can compact the Database. Only Manager can delete the Database

DesignerDesigner can Access the all Design Elements like Views, form...etc. Designer can create FT Index to the database (Full text Index). Designer can delete the Document if Manager give the permission.

Editor By Default Editor can Create, Read & Modified the Document. Editor can delete the Document if manager give the permission.

AuthorAuthor can Read the document if manager gives the permission. Author can delete the Document, if author is owner of that document.

Author can always read Documents.ReadersBy default readers can read the document. Readers can’t Create & can’t Update the Documents.DepositorDepositor can create the Document, but they can’t read the Document.

Mail Administration:

Domino uses the two routing protocols NRPCNotes Remote Processor Call. SMTPSimple Mail Transport Protocol

Domino uses the two types of mail Framets RTFRich Text Filed MIMEMulti purpose Internet Mail Extension.

Domino Uses the Following Mail Access Protocols POP3this is for Outlook client IMAPthis is for Netscape Client NRPCthis is for Lotus notes client HTTPthis is for Internet Explorer Client.

Domino uses the following Mail Templates Mail6.ntfthis is for the Intranet users Inotes (R5).ntf this is for the Internet users Inotes(R6).ntf this is for internet users Extended Mail.ntf this is for Outlook users

If the Server are said to be same DNN then


Servers must use Same LAN Protocols Constant LAN connection ( not dialup connection) Server must be same Domain

Message Tracking:

By Default the Message Tracking is disabling in the Configuration document. Administrator has to enable the Message Tracking.

Mail Tracker Collector Task (MTC) Reads Special Mail tracker Log files (MTC files) produced by the Router and copied then in to Mail Tracker Store Database called MTSTORE.NSF

Enabling single sign-on and basic authentication:

This procedure creates single sign-on cookies for your server that can be used successfully on other participating servers.

To enable single sign-on and basic authentication for a Web Site

Use this procedure to enable single sign-on for Domino 6 servers configured with Web Site documents.

1. In the Domino Administrator, click Configuration - Web - Internet Sites. 2. Open the Web Site document for which you want to enable single sign-on. 3. Click Domino Web Engine. 4. In Session authentication, select "Multiple Servers (SSO)." 5. In the Web SSO Configuration field, select the Web SSO Configuration for this Web Site from the

drop-down list. 6. Click Security. For both TCP and SSL authentication, enable Name & Password. 7. Save and close the Web Site document. 8. At the server console, start the HTTP process by typing:

load HTTP

If the HTTP process is already running, type:

tell HTTP restart

Note If something is wrong with the configuration, the browser will receive an Error 500 message stating that single sign-on is not configured.

To enable single sign-on and basic authentication in the Server document

Use this procedure to enable single sign-on for Domino Release 5.0x servers, or for Domino 6 servers not configured with Web Site documents.

1. Open the Server document. 2. Click Ports - Internet Ports - Web, and enable Name-and-password authentication for the Web

(HTTP/HTTPS) port. 3. Click Internet Protocols - Domino Web Engine, and select Multiple Servers (SSO) in the Session

authentication field.Note The "Idle session timeout" and "Maximum active sessions" fields will be disabled.

4. In the Web SSO Configuration field, select the Web SSO Configuration for this server from the drop-down list.5. Save and close the Server document.

New features in Lotus Domino 7.0

Lotus Domino 7.0 has been enhanced to include the following administration Tools Improved policy management Automated client installation and upgrade Linux/Mozilla Web Administration client Serviceability, including autonomic data collection Administration scriptability Rename reversion approval

Domino Domain Monitoring (DDM) provides a single location in the Domino Administrator client that you can use to view the status of multiple servers across one or more domains. To do this, DDM uses configurable probes to gather information across multiple servers. These probes check for issues involving the Directory,


SMTP, routing, replication, ACL, security, and agents. DDM then consolidates and reports that information on specially-designated collection servers in a Notes output database called the Domino Domain Monitor (DDM.NSF).

Improved policy managementPolicy-based management was introduced in Lotus Domino 6. Release 7.0 extends this functionality further by offering a new Mail policy document. With it, you can define a set of corporate information that you want to apply to your mail users. In addition, a new client policy lockdown feature lets you specify which policy settings your users can modify. Automated client installation and upgrade

Lotus Domino 7.0 includes a number of enhancements to Lotus Notes Smart Upgrade. For example, Smart Upgrade now detaches kits in the background to prevent lost time due to a non-working client. Smart Upgrade also provides failover from a shared (network) upgrade kit to another server's attached kit. In addition:

Administrators are notified via a mail-in database of the Smart Upgrade status (success, failed, or delayed) by user/machine.

In clustered environments, Smart Upgrade can switch to another member of the cluster if the first server is unavailable.

Provisioning is available for the Smart Upgrade Tracking database. Smart Upgrade governor limits the number of downloads from a single server to avoid excessive

server load.

Linux/Mozilla Web Administration client

You can run the Domino 7.0 Web Administration client from a Mozilla Web browser on a Linux system, enabling an end-to-end Linux deployment of Lotus Domino and Domino Web Access with no need for Windows in the environment.

Other Domino administration enhancementsLotus Domino 7.0 also offers the following features to make administration easier:

The ability to write the status bar history to a log file The ability to suppress the Roaming User Upgrade prompt

DB2 support and other integration enhancementsA major new feature in Lotus Domino 7.0 (one that is sure to draw a great deal of attention and interest) is its support of DB2 as a data store. In Lotus Domino 7.0, you can use both DB2 databases and Domino databases, accessing and viewing data stored in either format. Users experience no visible difference between the Domino data and the DB2 data. Nor do they need a DB2 ID or DB2 connectivity. And you can replicate a DB2 database just as you would a Notes database.

Messaging and anti-spam protection:

Lotus Domino 7.0 now features private blacklist/whitelist filters for SMTP connections and DNS whitelist filters for SMTP connections. Most spam filtering involves blacklists in which email from addresses on the list is rejected or filtered.


Figure 1. BlackList option

Starting and stopping the ISpy task

Create a TCP server event generator to verify the availability of the services on Internet ports on one or more servers. A TCP server event generator uses the ISpy task to send a probe to test whether the server is responding on a port

By default, the ISpy task monitors all enabled Internet ports (TCP services) on the server on which it is running.

You must start the ISpy task before you can create server and mail routing event generators. The ISpy task does not start automatically. Use any of these methods to start and stop the ISpy task. Because the ISpy task is case-sensitive, you must enter it exactly as shown in this table.To do this Perform this taskStart the ISpy task automatically when the server starts

Edit the ServerTasks setting in the NOTES.INI file to include runjava ISpy.

Start the ISpy task manually Enter the command load runjava ISpy at the console.

Stop the ISpy task Enter either the command tell runjava ISpy unload or tell runjava quit at the console.

Mail journaling

Mail journaling enables administrators to capture a copy of specified messages that the Router processes by the Domino system. Journaling can capture all messages handled by the Router or only messages that meet specific defined criteria. When mail journaling is enabled, Domino examines messages as they pass through MAIL.BOX and saves copies of selected messages to a Domino Mail Journaling database (MAILJRN.NSF) for later retrieval and review. Mail journaling works in conjunction with mail rules, so that you create a journaling rule to specify the criteria for which messages to journal. For example, you can journal messages sent to or from specific people, groups, or domains. Before depositing messages in the Mail Journaling database, the Router encrypts them to ensure that only authorized persons can examine them. Journaling does not disrupt the normal routing of a message. After the Router copies a message to the Mail Journaling database, it continues to dispatch the message to its intended recipient.


Domino mail journaling differs from message archiving. Journaling works dynamically, making a copy of each message as it passes through MAIL.BOX to its destination and placing the copy in the Mail Journaling database. A copy of the message is retained, even if the recipient, or an agent acting on the recipient's mail file, deletes it immediately upon delivery. Archiving is used to reduce the size of an active mail file database by deleting messages from one location and moving them to an offline database, usually in another location, for long-term storage. Archiving acts on messages that have already been delivered. Journaling is performed automatically by the server; while archiving is a manual operation, performed by end users on their own mail files. End users can search for and retrieve messages from a mail file archive, but only an authorized administrator can examine a Mail Journaling database.

There are two steps to configure journaling:

Setting up the Mail Journaling database Specifying which messages to journal

By default, mail journaling is not enabled. You enable journaling from the Configuration Settings document. To set up the Mail Journaling database, you specify where to store journaled messages and then set options for managing the security and size of the database.

After you enable journaling, Domino automatically creates the Mail Journaling database in the specified location.

To set up the Mail Journaling database

1. Make sure you already have a Configuration Settings document for the server(s) to be configured. 2. From the Domino Administrator, click the Configuration tab and expand the Messaging section. 3. Click Configurations. 4. Select the Configuration Settings document for the mail server or servers where you want to journal

mail, and click Edit Configuration. 5. Click the Router/SMTP - Advanced - Journaling tab. 6. Complete the following fields, and then click Save & Close:Specifying messages to journal

After you enable journaling, set mail rules on the Configuration Settings document to specify which messages to journal.

If you specify All documents and a message is returned as undeliverable, Domino journals the delivery failure report as well as the original message.

When Domino journals a message, it sets a journal flag on the message before transferring it to the next server on the route. This ensures that servers later in the routing path do not journal the message again. When the Router on the destination mail server delivers the message to the user's mail file it removes the journal flag so to that the user remains unaware that the message was been journaled.

On servers running the ISpy task, this task sends mail probes in the form of trace messages to test mail connectivity approximately every five minutes. Under normal use, the ISpy task automatically deletes these probes from the ISpy mail-in database and the only trace of them are entries in the Routing events view of the server log file and on the server console. However, if you enable a journaling rule on these servers and specify the condition "All documents," the Mail Journaling database will capture each trace message that the ISpy task sends. To prevent the Mail Journaling database from filling up with these entries, configure a rule exception for messages where the sender includes "ISpy."


Field DescriptionJournaling Specifies whether the server supports mail journaling. Choose one:

Enabled - Domino supports mail journaling on the servers governed by this document. To journal mail, create a server mail rule with the action "Journal this message."

Disabled - (default) Mail journaling is not supported on the servers governed by this document.Field encryption exclusion list

Specifies the names of Notes message fields that Domino does not encrypt when adding messages to the Mail Journaling database. Encrypted fields cannot be displayed in a view. List any fields you want to display in a view. By default, the following fields are not encrypted: Form, From, Principal, and PostedDate.

Note When using a mail-in database for journaling, Domino does not automatically encrypt messages added to the database. To encrypt messages in a mail-in database use the Mail-in database document to specify encryption of incoming messages.

Method Specifies the location of the Mail Journaling database. Choose one:

Copy to local database - (default) The Router copies each journaled message to a database on the local server. If it does not already exist, Domino creates a local Mail Journaling database on the server. If the Configuration Settings document applies to multiple servers, Domino creates a unique Mail Journaling database on each server.

Send to mail-in database - The Router copies each journaled message and sends it to a specified mail-in database. The specified database must already exist and must have a Mail-in database document in the Domino Directory. The mail-in database used for journaling may be on any Domino server, including the local server. Specify the mail file where journaled messages are to be sent in the Mail Destination field. When using a mail-in database for journaling, be sure to encrypt messages when adding them to the database. To encrypt messages sent to a mail-in database, enable encryption on the Administration tab of the Mail-in database document.

Database name

If you specified "Copy to local database" as the journaling method, specify the file name you want Domino to use when it creates the Mail Journaling database. The default name is MAILJRN.NSF.

Mail destination

If you specified "Send to mail-in database" as the journaling method, use this field to enter the name of the mail-in database to which the Router forwards messages to be journaled.

Click the down-arrow to select the name of the mail-in database from the Domino Directory.

Note You must create the mail-in database beforehand; Domino does not automatically create mail-in databases for journaling.

Encrypt on behalf of user

If you specified "Copy to local database" as the journaling method, enter the fully qualified Notes Name of the user whose certified public key Domino uses to encrypt messages added to the database. To ensure privacy, consider creating a special user ID for reviewing journaled messages, and protect the ID with multiple passwords.

To encrypt messages sent to a mail-in database, enable encryption on the Administration tab of the Mail-in database document.

Database Management - Method

For local Mail Journaling databases, the entry in this field specifies how Domino controls the size of the Mail Journaling database. When the database management method in effect calls for Domino to create a new Mail Journaling database, on the day that it creates the new database, it does so at approximately 12:00 AM. Choose one of the following methods:

Periodic Rollover - (default) When the current Mail journaling database reaches the age specified in the Periodicity field, Domino renames the existing Mail Journaling database and creates a new Mail Journaling database with the original name.None - Domino does not automatically control the size of the Mail Journaling database. If you do not use one of the available methods for controlling database size automatically, be sure to monitor the database size and use appropriate tools to archive the journal data.Purge/Compact - Domino deletes documents from the database after the number of days specified in the Data Retention field and then compacts the database.

Size Rollover - When the current database reaches the size specified in the Maximum size field, Domino renames the database and creates a new Mail Journaling database with the original name.

Periodicity If you specified Periodic Rollover in the preceding field, Domino displays this field for specifying the length, in days, of the rollover interval. The default value is 1 day.

Data Retention

If you specified Purge/Compact in the Database Management-Method field, Domino displays this field for specifying the time, in days, that a message remains in the Mail Journaling database before being deleted.

Maximum If you specified Size Rollover in the Database Management-Method field, Domino displays this field


size for specifying a size limit, in megabytes (MB), for the Mail journaling database. After the database reaches the specified size, Domino renames it and creates a new one.

To recover a user ID from a backup ID

The user completes these steps.

1. If you have recovery information set up for your user ID, contact your administrator to obtain the password(s) needed to recover your ID. The recovery password is randomly generated and unique to each recoverable ID file and administrator.

Note If you do not have access to your user ID file, contact your administrator, who can provide you with an encrypted backup of your user ID. Once you have the backup user ID, continue with the following steps.

2. When you first log in to Notes and the Password dialog box appears, do not enter your password. Just click OK.

3. Click "Recover Password" in the "Wrong password" dialog box.

4. Select the user ID file to recover in the "Choose ID File to Recover" dialog box.

5. Enter the password(s) given to you by your administrator(s) in the "Enter Passwords" dialog box, and repeat until you have entered all of the passwords, and you are prompted to enter a new password for your user ID.

6. Enter a new password for your user ID, and confirm the password when prompted. Note that if you do not enter a new password, you will need to recover your user ID again.

7. Replace all backups and copies of your user ID file with the newly recovered user ID file.

To obtain the ID file recovery password

For security reasons, the administrators must complete these steps from their own workstations, rather than from the same workstation. Using separate workstations prevents an unauthorized user from using a program to capture the keystrokes that the administrators enter on the same workstation. If an unauthorized user obtains an administrator's ID file and password, the unauthorized user can obtain the administrator's recovery password for all ID files. Therefore, you must protect the administrator's ID file and require that multiple administrators work together to recover any given user ID file.

1. Detach the encrypted backup of the user's ID file from the mail or mail-in database to the local hard drive.

2. If the user's ID file is damaged, send a copy of the ID file from the centralized mail or mail-in database to the user.

3. From the Domino Administrator, click the Configuration tab, and choose Certification - Extract Recovery Password.

4. Enter the password to the administrator's ID file.

5. Specify the ID file you want to recover. This is the same ID you detached in Step 1.

6. Give the user the recovery password that is displayed.

1)If any problems in the lotus notes client issues need to check , whether user ID file is working or not in the , please open the address book in the workspace , if the address book is opening without any problem, then problem with local lotus notes not in the sever .

2) For the Archive the mails user need minimum editor access required ,if user already having the editor access but still it archive setting disabled, then there is a problem in the location document , need to filed the proper details.

3) IF you want to rename the user ID file , then go to certify then you can change the rename of the ID file
