 Vladislavs Tatarincevs | Vladislav Tatarincev 10 April 2025 15:44:07 If you are using Domino Managed Replica, you should be aware, that HCL Notes clients are impacted by 13 Dec bug. HCL Clients start to pull whole mailfile again and again. Which in my case was several terrabytes of data. But since I use CYMON monitoring I was able to notice this anomaly quite fast. CYMON info is here, probably the best monitoring for HCL Domino. https://www.cyone.eu/CYMON HCL Notes fix exists for Notes 14. While version 12 is also affected. HCL Technote attached: Mail Managed replica (MMR) are replicating mails from the beginning of the documents https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118714 Safe administration and have a good monitoring tool always at your service. V. Vladislav Tatarincev 13 November 2024 08:51:37
Domino products offer a wealth of statistical data that play a crucial role in predicting and preventing issues in production environments. As a mature product, Domino has been delivering these valuable insights for many years, helping to maintain high-quality service for clients.
What Do These Statistics Tell Us?
Looking at the code 200 histogram, we see that 96% of requests are fulfilled in under 2 seconds, with the majority processed in under 1 second. But what does this mean for our server's current state?
Without knowing the uptime—whether it's been 10 minutes or 2 weeks—this data is limited.
High response times could have occurred just now, or they might be skewed by a user with slow internet in a remote location week ago.
How Do We Know if the Server is Healthy Right Now?
Simply waiting and watching isn’t effective. We need a “wait and compare” approach. For example, in the image, only the 000-001 statistic has increased, giving us confidence that response times are stable. However, manually checking for changes isn’t practical.
This is Where CYMON from CYONE Steps In!
CYMON www.cyone.eu/cymon simplifies monitoring by automatically calculating deltas over time, showing trends without the need for manual comparison. This dynamic view of server health makes it easy to spot issues immediately.
CYMON monitoring has also alerting on SMS, Telegram, email or even MS Teams(Forgive me). Based on Zabbix www.zabbix.com CYMON can be installed under <5 min. Providing valuable insights immediately.
Isn’t that great? There are more than 1000 important statistics checked in realtime, calculating right values for you. CYMON can monitor also NSF applications, View Open Times,
This one histogram is top of the iceberg. It is important to monitor also histogram how quickly Traveler connects to Mail server. To Database where all subscriptions are stored. Also
Do I need to defragment my Database (Derby). If you are in HADR mode, then it is even more interesting.
For example MySQL be default has only 151 Connections that are allowed. If you run 8 or more HTMO/Traveler servers you will hit this limit.
In CYMON we see immediately how quickly we can connect to MySQL (1), how much time it takes to lookup users subscribed folders/last sync times (2). On PieChart 2 we see 100% is done under 1 second.
This will tell you instantly if RDBMS is a bottle neck. No it is not, all times are perfect. Of course now we see nice picture, while CYMON will highlight you dirty place and make your Domino SHINE!
Everything synchronised under 1 second. We also see (2) instruction what to do if Bad buckets will grow (like 005-10, or slowed buckets).
And finally we see also what type of problem we got so far during server uptime(3).
If you find this interesting in more please comment, I have a lot of cool stuff about Traveler and Domino monitoring as such.
P.S. Thank you Martin from (http://www.sidra400.com), fixed CSS, it is better now. Vladislav Tatarincev 13 November 2024 08:45:02 New version of 14.5 and 14.0 FP2 has new Notes.ini parameter which is always interesting. If it address old problem, then even better. https://ds-infolib.hcltechsw.com/ldd/fixlist.nsf/8ed1b46cfdba8957852570c90054623b/659ddc7465e1f01785258b81003d6dc3?OpenDocument If you use protection from Brute Force there is a new check box starting from V10, to block also IP address from which request is coming. In case of Direct access it works, if you are connected via Balancer or someone will try to login to Sametime, that is binded by LDAP to Domino, then Sametime IP will be blocked. So in this scenario, we all were forced to disable this feature, while there is a good idea behind. Now we have a solution, You have to add all your systems, like public WiFI IP, Sametime IP, all other known systems and enable this parameter, it will whitelist then these IP and will never block. Again this is new only for 14.0 FP2 and 14.5. Product Area: Server Technical Area: Directory Services Platform: Cross Platform SPR# MOBNCY2KBG - Server - LDAP - Added a new Notes INI - LDAP_USE_HTTP_TRUSTED_IP_LIST_FOR_LOCKOUT_EXEMPTION=1 - to allow a customer to exempt certain IP addresses to avoid the issue of all users getting locked out of LDAP requests because the IP was locked out. This INI is off by default Vladislav Tatarincev 28 October 2024 12:12:00 CYONE and HCL invite you to a thrilling cybersecurity session! Join our webinar on **HCL BigFix**—a product that’s as versatile as Domino but with even more tricks up its sleeve. BigFix is the ultimate multitasker: it patches servers and workstations, analyzes threats with impressive visuals, and forecasts which CVEs might make their way into the hacker’s playbook against your company. Plus, it’s got Power Management, Remote Control, and even a Corporate App Store for your “App-on-Demand” needs. It’s the ultimate tool—stable, powerful, and always ready. In this webinar, we’ll dive deep into BigFix’s potential. **Reserve your spot today!** Not only is it free, but you’ll get the link to our Live Stream Page (broadcasted through yet another top-notch HCL solution—HCL Sametime). **Webinar Details** 📅 Date: 31 October 2024 ⏰ Time: 16:00 GMT+2 🔗 Can’t attend live? Register anyway to receive a link to the recording. [Register here](https://update.cyone.lv/volt-apps/anon/org/app/b9fbee08-6f67-4665-851a-a56704b5be1d/launch/index.html?form=F_Registration)—hosted on HCL Domino Volt, of course! See you there for a session that’s packed with insights, tech brilliance, and a good dose of cyber wit! Vladislav Tatarincev 27 August 2024 11:39:10There is a known KB from HCL https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0037332 which describes known Semaphores.
One popular semaphore that we see frequently is not described there but I will describe it here, so you dont need to open HCL Case.
WAITING FOR SEM 0xAE0C if you see something like this, it means long RUNNING HTTP Agent.
In CYMON monitoring we have a description of known semaphores. And not only total amount for example AE0C:345 (345 times this semaphore has occurred), but also timeline when.
It is important to see if this happens during the day, or only during nice. If climb of this semaphore takes place during nightly dbmt or compact this may help to locate problem root cause.
In CYMON monitoring 6.x (which is now fully docker based) and can be run on any OS. Get your trial of Monitoring here ( www.cyone.eu/CYMON ) Monitoring has also free version, where basic Mail server statistics are monitored.
Domino Log analysis is coming in next versions of CYMON with help of Loki.
 Vladislav Tatarincev 26 August 2024 11:10:33We use LTPA Token authentication inside company for HCL Sametime 12.0.2. It was working fine. When Sametime 12.0.2FP1 arrived we upgraded our Sametime and Notes 14 clients were unable to login with LTPA. Only regular password login was working. Sametime Authentication container logs brought us the following: error: Error decoding LtpaToken2: "error:1C800064:Provider routines::bad decrypt". Trying as v1: false
[2024/08/23 13:39:41] info: ::ffff:172.22.0.8 - - We opened case and support mentioned that: in HCL Sametime 12.0.2 FP1 we disabled LTPA V1 token support by default - in favor of LTPA V2 which is more secure. The Embedded clients, especially the 'older' ones still present only the LTPA V1 tokens. In Domino SSO document, our configuration was LtpaToken and LTPAToken2. We changed format of token to "LTPAToken2 only" and did restart of Domino and this has resolved issue. It is also possible to try reenable LTPATokens1 with following parameter in sametime configuration File .env LTPA_ENABLE_V1_TOKENS=true Hope this helps someone.  Vladislav Tatarincev 19 August 2024 17:11:28 I was analysing MarvelClient database and found interesting notes.ini parameters the one user was using. There parameters are AutoCorrection parameters and they are described in https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0035122 AutoCorrect.UseReplacementTable=1: Corrects common typing errors (e.g., replaces "teh" with "the"). AutoCorrect.CapitalizeFirstWord=1: Capitalizes the first letter of every sentence. AutoCorrect.CorrectTwoInitialCapitals=1: Corrects instances of two initial capitals I tested it for a while in my environment and I find that with these parameters it is better. So I suggest to test them and deploy in production. I think they will add value for all languages, not only English. |
|