Domino 9.0.1 FP9/FP10 installer and issue with “new” Perl

Just run to stupid issue…

Good old FP installer for Domino on x86 Linux fails just after “Installer is initializing. It may take a few minutes, please, wait.” message.

Luckily, there is nuish.err file with enough data to look for solution.

linux-gtrt:/install/fp9/linux64/domino # cat nuish.err
Can't use 'defined(@array)' (Maybe you should just omit the defined()?) at /install/fp9/linux64/domino/tools/lib/NIC.pm line 80.
Compilation failed in require at /install/fp9/linux64/domino/tools/lib/CdPath.pl line 80.

Quick search on the Internet shows that in new versions of Perl (my home box has perl 5, version 26, subversion 1 (v5.26.1)) don’t like defined(@array).

Solution was quick hack. Just remove deprecated call in referenced file (CdPath.pl @ line 80) and installer went trough 😎

Looks like some thing that will be met in future at all *NIX environments…

Time to contact HCL guys 😉

defined
old code
defined2
new code

Feel free to comment if you have details or some better solution.

Advertisements

Trigger Happy and power of community

At some project we are working right now, we run to something that looked like show stopper, no real technical help from developer, no log messages and files… and I remembered that it might be possible to answer to requirements with Trigger Happy opensource project now maintained by Ulrich Krause.

Quick test in one old setup and look to latest version were disappointment, it was not possible to monitor ACL changes.

I made feature request, 2 days ago, and in less than 24 hours, Ulrich published new version, with new feature 🙂

Quick debug later + new release today  and Trigger Happy now can monitor ACL of one or all Domino applications on server!

th

Once again, Lotus/Notes/Domino/ICS/YellowBleeding  community proved how great it is  💛

P.S: we somehow made initial project to work, but now everybody has great solution for IBM Domino database Content, Design and ACL monitoring 🙂

Misty morning and accidental find – Domino+AD SSO in Chrome

Just run to something that didn’t know…. Good old Kerberos SSO for Domino http/web works with Google Chrome

Old IBM documentation is mentioning only Internet Explorer and Mozilla Firefox, but , Chrome for some time now can login with NTLM/Kerberos, but in the beginning using it required some command line parameters (or check out this).

Thing that looks new is that those command line parameter are not needed anymore. Properly set Internet Explorer (Internet Options – Windows) is enough for SSO to work. To quote site I already linked:

Note: The latest version of Chrome uses existing Internet Explorer settings. Older version of Chrome require additional configurations (see below).

I made test with Chrome v63 and v64. Looks good 🙂

Let’s Encrypt 4 Domino and one tip :)

Since August of 2017, great guys from midpoints GmbH provide simple solution to (automatically) get valid and modern SSL/TLS certificates from Let’s Encrypt project to your Domino server…

Fill in request form on their site, get your copy of Domino Application, read First Steps PDF that you’ll get with template and live happily ever after 😎

Tip 1:

In latest setup, I run to one issue, that is often met by LE users (regardless which web server do they use) is that web server has to be reachable from Internet to TCP port 80. It’s not so unusual to have this port cut on firewall and you might have to work with your network team to solve this.

This issue is not so obvious in server logs, you’ll get error message like this one:

HTTP JVM: org.shredzone.acme4j.exception.AcmeException: Failed to pass the challenge for domain mail.domain.tld, ... Giving up.

acme4j error (library that is used internally in LE4D) can be traced to docs and/or code.

Domino JVM8 and MS SQL

Since Domino 9.0.1FP8, JVM8 is engine that runs Domino and you should know few things about it regardless if you develop or administer Domino apps.

First of all, change is big, but compatibility for previous code is there, as expected and most of things should work without changes. For all our applications (dozens of them), upgrade was simple and straight forward as it is for almost 30 years 😎

One of few thing that was “issue” is (as expected) list of security improvements that affect integration. “Issue” is in quotes, since technology progress and security improvements are basic components of IT.

If you use JDBC to communicate with MS SQL, and everything was working fine with JVM6, that could easily be just happy circumstance that both SQL and JVM are using log ago insecure protocols… If you don’t have option to fix MS SQL side of integration (that should be real solution), it is possible to configure JVM to use security options that are not default…

Java settings are in java.security file (<Domino Program Dir>/jvm/lib/security/java.security) and issue that hit few times was need to enable legacy protocols, like described in Microsoft’s Option-3

Take some time, review java.security, you’ll need it sooner or later 😎

P.S: Check out this stackoverflow question for example of this issue and some more details.

KYWS – Know your web server ;)

Domino HTTP is probably your default front to customers, it’s good to know what are you doing with it 🙂

Just a short reminder, we have few commands you can tell to http:

tell

And, if you want to really, really restart task use restart task http. Only this option will restart process on OS level, break outgoing TCP connections, release all memory, etc.

If you just want to reconfigure web server (eg. you added new Site document, Rule, Headers) – you are fine with tell http refresh, it’s faster, and it keeps users online.

Most of time, most of admins are just using tell http restart, but also, most of time, it’s not best option and/or solution.