fighting for truth, justice, and a kick-butt lotus notes experience.

 
alt

Detlev Poettgen

 

Wait with your upgrade to Traveler 9.0.1.3 if you are OS is Windows

 3 April 2015 20:29:50
It looks like there is an issue, when you upgrade your Traveler Server running on Windows 2008 R2 to the latest 9.0.1.3 Release.

After the upgrade your Traveler Server may crash and restart every few minutes.

One of our customers called me today and other members of the community reported this issue, too.
At the moment it looks like only system are hit, which are been upgraded from Windows 2008 R2 & Traveler 9.0.1 HF241. Other hot fix levels may be in-scope, but unreported and uncertain currently.

So you should wait with your update until this is resolved.

IBM support is already looking at it and we are waiting for a response.

Update 08.04.2015:  Today IBM published an APAR Document:
here


Error description


The customer is seeing repeating crashes of IBM Traveler
9.0.1.3. These repeating crashes happen on mime documents that
has an invalid or missing RFC822 header name.

The workaround is to add the notes.ini parameter until this APAR
is applied

    NTS_MIME_NATIVE_PROCESSING=false

Local fix


The workaround is to add the notes.ini parameter until this APAR
is applied

    NTS_MIME_NATIVE_PROCESSING=false

Temporary fix


A Hot Fix is available for this for IBM Traveler 9.0.1.3 upon request.  
This fix will also be included in IBM Traveler 9.0.1.4 with target delivery at end of April 2015 and any future release beyond 9.0.1.4.


So as a conclusion - I would wait with further Traveler updates until end of April, when the fix 9.0.1.4 will be available.
If you had already updated your system, check with tell traveler config the setting NTS_MIME_NATIVE_PROCESSING.
 

    Traveler 9.0.1.3 available bringing IBM Verse App - Google Cloud Messaging - Busytime Lookup - Trash-Sync

     1 April 2015 10:37:23
    Today IBM released the new version 9.0.1.3 of IBM Notes Traveler.

    It is not a only a fix but more a feature release.

    The new features are:

    IBM Verse for iOS client support

    If you are part of the IBM Verse for Apple iOS program, you can connect the IBM Verse app to this version of the IBM Traveler server. There are some differences in functionality when the IBM Verse app connects to this on premises version of IBM Traveler versus when it connects to Connections Cloud.

    More details in a few days in an additional post, when the Verse App will be available.

    Trash folder syncing

    Support for the syncing of the Trash folder is now available in the client. However, it is dependent on the IBM Traveler server also providing this support. When the client is running against a server that supports Trash, a Trash folder will appear in IBM Traveler Mail. Deleted items will appear in the Trash folder and may be restored or permanently deleted from the Trash folder.

    Invitee status

    As the meeting organizer or chairperson, you now can see the response status for the attendees of your meeting on your mobile device.

    Google Cloud Messaging support for IBM Traveler for Android clients

    This version of the IBM Traveler server can now use Google Cloud Messaging (GCM) for real time push notifications to keep your Mail, Calendar, Contact and To Do data on your IBM Traveler for Android clients up to date.

    Using GCM can greatly improve the battery life of Android devices using IBM Traveler, as IBM Traveler no longer needs to stay constantly connected via HTTP to the IBM Traveler server for push notifications.

    To use GCM - you must enable the Traveler server to initiate outbound HTTPS connections to the Google GCM Gateway on your firewall.

    So I would recommend to upgrade your servers to this new release because of the new features and the longer fixlist.

    Details Whats New: here

    Fixlist: here

    Download via Fix Central here



    What are IBM’s plans surrounding IBM HTTP Server (IHS) support in Domino?

     13 März 2015 16:50:47
    A simple question and a simple answer.  It's official dead.

    Question

    What are IBM's plans surrounding IBM HTTP Server (IHS) support in Domino?

    Answer

    IBM plans to remove support for IBM HTTP Server (IHS) in a future Domino maintenance release now that native Domino TLS functionality has been added to the product. IBM HTTP Server proved a good solution for Domino customers who needed better security functionality over the native Domino HTTP protocol on a Windows server platform. However, that solution is limited in scope since it covers only HTTPS and Windows.

    With native implementation of TLS 1.0, as detailed in technote 1687167, Domino support of IBM HTTP Server is no longer needed. The native implementation is better since it covers all platforms and a broader set of protocols beyond HTTP.



    via IBM Technote: http://www-01.ibm.com/support/docview.wss?uid=swg21697303&myns=swglotus&mynp=OCSSKTMJ&mync=R&cm_sp=swglotus-_-OCSSKTMJ-_-R


    IBM Verse - How it works

     17 Februar 2015 11:33:41
    Eine 8-Minuten Demo von IBM Verse.

    Sehr gut auf Deutsch kommentiert von Michael Würdemann von der IBM.
    Wer wissen möchte wie Verse funktioniert und wie man mit Verse arbeiten kann, findet hier eine kompakte Zusammenstellung der wichtigsten Funktionen:





    Prohibit Outlook for iOS and Android to use Traveler

     1 Februar 2015 13:47:25
    Last week Microsoft released an Outlook app for iOS and Android. The App itself is beautiful and we can see some good ideas IBM will ship with IBM Verse, too.

    But from the enterprise security perspective the Microsoft Outlook app is a total nightmare. Microsoft is storing the user credentials on their own servers and is caching all transferred Mails on their servers. A Microsoft server reads, caches and monitors your mail file and transfers the data to the device. I think this is a no go! Details can be found here: Warning – Microsofts Outlook App for iOS breaks your company security

    You as an administrator may not want, that your users can use the Outlook app against your enterprise IBM Notes Traveler system.

    So how can you block the Outlook App?

    Traveler provides the possibility to control, which client types can access your Traveler server. This is based on the HTTP User Agent and the transferred OS-Type, which the client application sends with every HTTP request.

    The User Agent of the MS Outlook app or better the Microsoft server monitoring your mail file is: Outlook-iOS-Android

    You can control the allowed User Agents by notes.ini. If you are using IBM Notes Traveler 9.0.1 this User Agents will be allowed by default:

    NTS_USER_AGENT_ALLOWED_ANDROID = true
    NTS_USER_AGENT_ALLOWED_APPLE = true
    NTS_USER_AGENT_ALLOWED_BB = true
    NTS_USER_AGENT_ALLOWED_NOKIA = true
    NTS_USER_AGENT_ALLOWED_OUTLOOK = true
    NTS_USER_AGENT_ALLOWED_WINPC = true
    NTS_USER_AGENT_ALLOWED_WINPHONE = true
    NTS_USER_AGENT_ALLOWED_WINTABLET_RT = true
    NTS_USER_AGENT_ALLOWED_WM = true  
    NTS_USER_AGENT_ALLOWED_REGEX = .*

    If you don’t find these entries in your notes.ini, then you are using the default settings.
    You can check your current settings with the console command tell traveler config

    The easiest solution would be to set


    NTS_USER_AGENT_ALLOWED_REGEX =^((?!Outlook-iOS-Android).)*$


    This would prevent devices or better apps using the Outlook-iOS-Android User Agent, but allows all the others.

    After adding or changing your notes.ini entries you will have to restart your Traveler server.

    That's it!

    For your information:
    To set NTS_USER_AGENT_ALLOWED_OUTLOOK to "false" will not work in this case, because the User-Agent "Outlook-iOS-Android" contains "Android" and will handle it as an Android device and not as an Outlook device.
    So the only way, will be to define a matching Regex via NTS_USER_AGENT_ALLOWED_REGEX and block the User Agent there.

    But you should have one in mind. Using the NTS_USER_AGENT settings will block the not matching devices and no data will be transferred to the device. But you will mab be find a Device Document in your LotusTraveler.nsf, which will look like the entry for my Test 2 Account:


    Image:Prohibit Outlook for iOS and Android to use Traveler

    If you query the user status via Domino Console: tell traveler user Test 2 Account
    You may see a device like this one:

    Image:Prohibit Outlook for iOS and Android to use Traveler

    If you are running a Reverse Proxy or HTTP Gateway in front of your Traveler system, you can and should try to block the User Agent already there, too.

    Or use our product midpoints traveler.rules which accomplishes the same (and more).

    Updated version of this post -  03.02.3015: Correcting NTS_USER_AGENT settings. Thanks to Robert S. Sielken from IBM pointing me to an error in the first version of this post.

     

    Warning – Microsofts Outlook app for iOS connected to Traveler breaks your company security

     29 Januar 2015 20:01:49
    If you are using IBM Notes Traveler or Microsoft Exchange and you are accessing the ActiveSync servers directly using Username and Password for authentication - please, read the following and act! Today customers already reached me seeing the App on their devices. If you have any questions, please contact our support team or me.

    via René Winkelmeyer (midpoints):

    https://blog.winkelmeyer.com/2015/01/warning-microsofts-outlook-app-for-ios-breaks-your-company-security/



    Microsoft has released their iOS for Outlook today. And it will break your companies security for mobile PIM access in multiple ways! No matter if you’re a Microsoft Exchange or IBM Notes Traveler customer.

    I cannot believe that Microsoft has done what they’ve done. Even as a non-Microsoft guy I would have expected that they obey the rules of common company security rules.


    File sharing capabilities


    The app has built-in connectors to OneDrive, Dropbox and Google Drive. That means a user can setup his personal account within the app and share all mail attachments using those services. Or use files from those services within his company mail account. That’s a data security nightmare.

    It doesn’t matter if you’re using a containerized solution like the Apple built-in separation of managed and unmanaged apps. The same applies to every other container. The communication is app-internal and you cannot control that.


    Shared Exchange ActiveSync ID and device type


    It gets even more worse. Each ActiveSync client normally has a unique ID for data synchronization. That allows administrators to distinguish a users devices. Microsofts Outlook iOS apps doesn’t work that way. The app shares the same ID across all devices of a user. And it seems like one device!

    That means: If a user installs the Outlook app on his iPhone and on his iPad it’s seen as one device. There’s no way to distinguish if it’s an iPad or an iPhone. Nada. Niente. Using device approval on Traveler won’t help. It connects as “one device” – and you cannot control that. That’s a security nightmare.


    Microsoft has your credentials


    Now to the worst part: Microsoft will get and store your mail account credentials in the cloud if you use the iOS Outlook app.

    When I setup the app I’ve been asked if I want to receive push notifications. As a “regular” user I accepted (click, click, OK). As an iOS developer I was wondering why the app wants to send me push notifications. Push notifications are normally triggered by a remote server. So I ran a quick test:

    I stopped the app (removed it from the list of active devices).
    I sent myself from another account a test mail.
    I immediately received a push notification about new mail.
    That could not be true. Either Microsoft was doing some magic iOS stuff that I’m not aware of. Or they are using a central service, using my credentials, to monitor my ActiveSync account. So time for another test:

    I put all my devices in airplane mode. So there could be no communication.
    I opened the access_log of my Apache server (which sits in front of my Traveler server).
    There it was!

    54.148.96.196 – – [29/Jan/2015:16:19:50 +0100] “POST /traveler/Microsoft-Server-ActiveSync?User=mysupermail%40winkelmeyer.com&DeviceId=123123123123&DeviceType=Outlook&Cmd=Sync HTTP/1.1″ 200 25 “-” “Outlook-iOS-Android/1.0″


    What I saw was breathtaking. A frequent scanning from an AWS IP to my mail account. Means Microsoft stores my personal credentials and server data (luckily I’ve used my private test account and not my company account) somewhere in the cloud! They haven’t asked me. They just scan. So they have in theory full access to my PIM data.


    Block them – NOW


    The only advice I can give you at this stage is: block the app from accessing your companies mail servers. And inform your users that they shouldn’t use the app.

    If you have a reverse proxy in front of your IBM Notes Traveler (or Exchange) server you can use a partial check on the HTTP User-Agent and block everything that contains “Outlook-iOS-Android”.

    If you don’t have reverse proxy in front of IBM Notes Traveler you can use the Traveler settings to disallow this device type (i. e. using the notes.ini parameter “NTS_USER_AGENT_ALLOWED_REGEX”). You’ll find a detailed documentation how to handle this in the IBM Knowledge Center.

    Or use our product midpoints traveler.rules which accomplishes the same (and more).


    Update


    It’s even worse (thanks @shadowBJ21 for pointing me to that). For those who don’t now: Microsoft has bought Acompli some time ago and “re-branded” their app to this new Outlook app.

    https://www.acompli.com/privacy-policy/

    Last Updated: January 28, 2015

    “We provide a service that indexes and accelerates delivery of your email to your device. That means that our service retrieves your incoming and outgoing email messages and securely pushes them to the app on your device.Similarly, the service retrieves the calendar data and address book contacts associated with your email account and securely pushes those to the app on your device. Those messages, calendar events, and contacts, along with their associated metadata, may be temporarily stored and indexed securely both in our servers and locally on the app on your device. If your emails have attachments and you request to open them in our app, the service retrieves them from the mail server, securely stores them temporarily on our servers, and delivers them to the app.”

    ”If you decide to sign up to use the service, you will need to create an account. That requires that you provide the email address(es) that you want to access with our service. Some email accounts (ones that use Microsoft Exchange, for example) also require that you provide your email login credentials, including your username, password, server URL, and server domain. Other accounts (Google Gmail accounts, for example) use the OAuth authorization mechanism which does not require us to access or store your password.”

    IBM ConnectED Comes To You - Westfalen

     23 Januar 2015 16:09:59
    Erfahren Sie alles Wichtige aus Orlando kompakt in der von mir mitorganisierten IBM ConnectED Comes To You | Westfalen

    Termin: 18.02.2015

    Start / Ende: 12:30 - 18:00
    Ort: Bielefeld
    Kosten: kostenfrei


    Für die Veranstaltung konnten wir als Referenten original Sprecher und Teilnehmer der ConnectED gewinnen, die ungefiltert Ihre Erfahrungen und Eindrücke schildern und gemeinsam mit Ihnen die aktuellen Themen diskutieren.

    Wir stellen die wichtigsten News und interessanten Themen rund um IBM Verse (Mail Next), IBM Domino, IBM Connections, IBM Notes Traveler, Mobile, Development und Cloud kompakt in fünf Sessions vor.

    Die Teilnahme an der Veranstaltung an sich ist kostenfrei und wird durch Sponsoren getragen. Keine Angst - es handelt sich bei der Veranstaltung ausdrücklich um keine Produktvertriebsveranstaltung, sondern Fokus ist die Vorstellung und gemeinsame Diskussion der News von der diesjährigen IBM ConnectED.

    Die Veranstaltung ist ins Leben gerufen worden von der OpenUserGroup | Westfalen und wird organisiert von Detlev Pöttgen (midpoints GmbH).
    Nach Abschluß der offiziellen Veranstaltung besteht die Möglichkeit zum gemeinsamen Essen im üblichen Rahmen des 8. OpenUserGroup | Westfalen Stammtisches.

    Ich würde mich auf jeden Fall freuen, Sie am 18.02. auf der IBM ConnectED Comes To You | Westfalen begrüßen zu dürfen.

    Details, Agenda und Anmeldung zur IBM ConnectED Comes To You | Westfalen: hier

    IBM Domino 9.0.1 FP3 released

     21 Januar 2015 21:48:15
    Today IBM released IBM Notes/Domino 9.0.1 Fixpack 3.
    The fix list is long and contains beside other important ones the two Poodle Interims fixes and the JVM patch.

    The Fixlist can be found here

    Go to Fix Central to download it here

    Eight years ago today - reinvent the phone

     9 Januar 2015 21:19:51
    "A widescreen iPod with touch controls. A revolutionary mobile phone. A breakthrough internet communications device. An iPod. A phone. And an internet communicator. An iPod. A phone. Are you getting it?"

    Steve Jobs, Jan 9, 2007

    I can still remember watching the keynote eight years ago. A mobile revolution started and changed all of our lives.

    Finally the day was the initial trigger to start my own business.





    Execute local Fixup Compact on Notes Mac Client

     1 Januar 2015 11:49:40
    How do you execute a local Fixup or Compact on Mac OS X running an IBM Notes client?

    Because there is no ncompact or nfixup executable on Apple Mac OS X, you will have to do it a bit different.

    I do not use it often, but I always have to search for it...

    - Open a Terminal Window


    - Switch to the Notes App Directory:


      cd /Applications/IBM\ Notes.app/Contents/MacOS

    -
    Set the environment variable DYLD_LIBRARY_PATH:    

      export DYLD_LIBRARY_PATH="/Applications/IBM Notes.app/Contents/MacOS"

    - Switch to the Support subfolder:


           cd Support

    - Execute NotesFixup or NotesCompact:


       ./NotesCompact

    (with out options you will do a compact for all databases in your Lotus Notes Data directory
    /Users/YourUsername/Library/Application Support/Lotus Notes Data/ )

       ./NotesCompact mail/your-replica.nsf -c

    (or with options for a special database)