fighting for truth, justice, and a kick-butt lotus notes experience.


Detlev Poettgen


Apple Device Enrollment Program DEP now available in Germany

 12 November 2014 10:17:17
A great news for Apple Enterprise customers in Germany and Switzerland!

Image:Apple Device Enrollment Program DEP now available in Germany

As part of ADP (Apple Deployment Program) for business and education, DEP (Device Enrollment Program) streamlines mass iOS and OS X device deployments for IT staff and end users, readying the hardware for centralized setup and mobile device management (MDM) automatically. For example, DEP can be used to create multiple administration accounts, configure MDM servers for device handling and assign user profiles out of the box. One tentpole feature is "zero-touch configuration," which immediately configures account settings, apps, settings and more when a user first activates their device.  

In addition to third-party purchase support, DEP is now available in Australia, Belgium, Canada, Denmark, Finland, France, Germany, Greece, Hong Kong, Ireland, Italy, Japan, Luxembourg, Mexico, Netherlands, New Zealand, Norway, Singapore, Spain, Sweden, Switzerland, Taiwan, Turkey, United Arab Emirates, UK, and the U.S.

More information about DEP and how to setup your account can be done here:

New Interims Fix 9.0.1 IF7 for IBM Notes Traveler available

 7 November 2014 17:03:59
Admins start your engines: IBM released tonight a new Interims Fix for IBM Notes Traveler. Please update as soon as possible to this new release, because the last two Interim Fixes 5 & 6 for 9.0.1 were no good ones.

The new Interims Fix will fix the attachment handling issues introduced with IF5 & IF6. More details can be found here.

9.0.1 IF7 includes this Fixes:
APAR # Component Abstract
LO81598 Server Silent install error if trying to set External URL on Linux.
LO81918 Server Slow native memory leak in Traveler server.
LO81954 Server Signed Phone Message document may not sync to mobile device.
LO81960 Server Traveler auto log feature may generate lots of SystemDump files during a database outage scenario.
LO81985 Android Attachment download fails on Android device if file name contains white space characters.
LO82032 Server User may see duplicate calendar events when user does not have delete access to own mail db.
LO82084 Server Traveler Bind debug command may not be persist after restart of the server.
LO82085 Server Unable to sync attachments with plus sign in file name.
LO82103 Server Refresh Traveler server translation for messages sent to mobile device.
LO82109 Server iOS8: Unable to delete some instances of repeating even from mobile device.
LO82133 Server Unable to sync folder that has underscore character in the folder name.
LO82136 Server Error syncing attachments: Entry not found in index.
LO82137 Server Apple Push Notification Services (APNS) Certificates may show as expired.
LO82150 Android Unable to register device if server is slow to respond to registration request.
LO82183 Server iOS8: Out of Office reply message may not be saved.
LO82214 Server Red server status message for long running DS thread for when the thread is idle.
LO82233 Android Some attachments can not be viewed or shared on Android device.
LO82251 Server Allow NTTrack field to store entire device ID if desired.
LO82282 Server Unable to forward some attachments from mobile device.
LO82292 Server Room information may disappear from device Calendar when updating a repeating event from mobile device.
LO82366 Server Traveler Web Administration application may fail to load after upgrading Domino server.
LO82399 Server Update notice sent from device may show as an update request in Notes client.
LO82405 Server Some attachments can not be sync'd to mobile device.
LO82411 Server Work around for Calendar notice that continue reports as updated.
LO82423 Server Use TLS instead of SSLv3 for server to server communication.
LO82432 Server Android client could get stuck in banned state when trying to register.
LO82553 Server Draft or Sent item with exclude from view tag does not sync to mobile device.
LO82635 Android Warn user when connecting over unsecured protocol and require manual step to enable.

Following IFs are available: 8.5.3 UP2 IF8, 9.0.0.x IF8 and 9.0.1 IF7

The downloads can be found here.

Fixes for IBM Notes and Domino regarding POODLE and SHA-2 available

 4 November 2014 09:20:14
IBM has released interim fixes for IBM Notes and Domino 8.5.x and for 9.0.x tonight that address the POODLE SSL3/TLS1.0 and SHA-2 issues.
You can find the common description here which include reference links for the downloads.
This document describes the usage of the keyring file in that context.
Looking for further information? Go here.

If you are using SSL on your servers the installation is recommended! But I would wait to install it on production systems for a few days, after we all will have received some feedbacks. It it not always good to be the first one ;-)

Thanks to IBM and specially to Dave Kern,  who did a great job in a very short time!
The security team at IBM had been already working on TLS and SHA-2 support before POODLE came up, but had to change their plans (which was 9.0.2 as the target release), because of the short term move to diable SSL 3.0 in browsers and other software.

Dave, thank you very much to make this possible!

PS: Hope TLS v1.2 will be available soon, too.


Added Download Links:


IBM Mobile Connect - New Interims Fix available to get POODLE safe

 25 Oktober 2014 11:44:26
Today IBM released a new IBM Mobile Connect Fix. You should install this fix to get "POODLE safe".

With this fix the external facing connections will have SSLv3 disabled by default. The internal connections (from IMC to back-end) can still use SSL 3, so that your internal Domino/Traveler Servers can still be accessed using SSL 3. When IBM released the "POODLE Fix" for Domino, too, you should and can switch off SSL 3 for the internal connections.    

You will have to update your Connection Manager and please check if your Gatekeeper is already running the latest Gatekeeper release ( from March 2014).

Check out Technote SWG2188204 for more details: here

Get the downloads via Fix Central: here

    IBM Technote regarding POODLE and SHA-2 - We have a fix for it

     21 Oktober 2014 18:17:36
    Today IBM published two Technotes, in which IBM announced two new Interims Fixes.

    The first one will bring native SHA-2 support to Domino for HTTP, SMTP, IMAP, POP3 and LDAP.
    The other one will take care for the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack issue:

    IBM intends to release Domino server Interim Fixes over the next several weeks that implement TLS 1.0 with TLS_FALLBACK_SCSV for HTTP to mitigate against POODLE. Implementing TLS 1.0 will allow browsers to still connect to Domino after they have been changed to address the POODLE attack, and Domino will protect against browsers that have been compromised by POODLE.

    The POODLE Fix will be available in the next few days for 8.5.3 and 9.0.x. The SHA-2 fix will be available in the next few weeks for Domino 9.0.x only.

    Many thanks to Dave Kern for make this possible!

    Details here:

    Technote for (POODLE )TLS:
    Technote for SHA-2:

    Mac OS 10.10 - Yosemite running Notes 9.0.1

     17 Oktober 2014 14:35:55
    Apple hat gestern Mac OS 10.10 (Yosemite) freigegeben.

    Die IBM hat heute eine spezielle Version des IBM Notes Clients (9.0.1 Slipstream) veröffentlicht, da der IBM Installer von 9.0.1 Yosemite nicht richtig erkennt:

    "IBM Notes 9.0.1 Social Edition can't be installed on this computer. This can only be installed on Mac OS X 10.6 or above. Current OS Version is too low."

    Der sogenannte Slipstream Client ermöglicht die Neuinstallation eines Notes Clients unter Yosemite.

    Falls vor dem Update auf Yosemite bereits ein Notes Client auf dem Mac installiert war, ist keine Neuinstallation notwendig. Es sollte allerdings entweder vor oder direkt nach dem Yosemite-Update der Notes Client auf 9.0.1 FP2 aktualisiert werden.

    Generell muß nach dem Yosemite Update die Java Runtime neu installiert werden:


    Step 1: Install the legacy Java SE 6 runtime from Apple:
    Step 2:
    Download and install the Mac IBM Notes 9.0.1 slipstream,
                which will be released by end of day on Thursday, October 16, 2014  
    Step 3
    : Install Notes 9.0.1 Fix Pack 2 or higher

    Partnumbers des IBM Notes 9.0.1 Slipstream Clients:
    IBM Notes 9.0.1 Mac English
    IBM Notes 9.0.1 Mac Simplified Chinese and Traditional Chinese
    IBM Notes 9.0.1 Mac Japanese and Korean  
    IBM Notes 9.0.1 Mac French, Brazilian Portuguese and Spanish
    IBM Notes 9.0.1 Mac Italian and German
    IBM Notes 9.0.1 Mac Danish and Dutch
    IBM Notes 9.0.1 Mac Finnish, Norwegian and Swedish
    IBM Notes 9.0.1 Mac Polish and Russian
    IBM Notes 9.0.1 Mac Portuguese and Turkish


    Siehe auch IBM Technote: 21682510

    IBM Mobile Connect - Fix for available

     2 Oktober 2014 20:13:36
    Today IBM released a new Interims Fix for IBM Mobile Connect

    From the APAR list, which can be found here: List of APAR fixes for IBM Mobile Connect
    IV61919 Memory leak, http access services error path handler for badly formatted method requests.
    IV62062 Gatekeeper shows empty mobile device container in the System - Users
    IV62408 HTTP Access Services, add configuration option for maintaining session affinity to back end server after initial assignment.
    IV63410 HTTP Access Services, SSL disabled. On redirects and rewrites, use the service URL as configured, dont change protocols or add the service port.
    IV63934 HTTP Access Services, new function. Allow LTPA tokens generated by
    third parties to be accepted by IMC. Default behavior is to reject and force a new login.
    IV64821 Upgrading to a new Windows Connection Manager build is unsuccessfull even though the installer reported success. Symptoms seen are GK will not launch after an upgrade and/or the IMC build version did not change.

    IBM Notes Traveler 9.0.1 IF6: Technote - Attachments containing PLUS sign in file name not synced

     26 September 2014 14:28:09
    After installing Notes Traveler 9.0.1 IF6 attachments with '+' in the name are not able to synch to the device. There is no work around for the issue.  Will need to apply this APAR.

    Is available in hot fix APAR LO82085 "Attachments with '+" in the name are not able to synch to device", is now available in hot fix 901_IF6_20140924_1713_Server.

    via IBM Technote:

    Update 07.11.2014:

    Today IBM published a new Interim Fix! Details can be found here

    Issues regarding Attachment Handling for IBM Notes Traveler 9.0.1 IF6

     19 September 2014 11:46:21
    Yesterday and today customers contacted me, that there are some issues regarding IBM Notes Traveler and iOS8/Android after upgrading to Traveler 9.0.1 IF6.

    It looks like Attachements with special characters like Space, '+' or '&' in the file name can not be loaded by the Device
    and the CPU load on the Traveler server is unnormal high.

    You will see this log entries:

    [0100:0017-08F0] 19.09.2014 10:20:37 Notes Traveler: SEVERE Frank Tester
    Action(0)=Stream, userCN=CN=Frank Tester/O=Company, deviceId=CN=Frank Tester/O=Company, database=mail/dev.nsf,
    server=CN=LNTEST01/O=Company, refid=mac mde.pdf@4022208FD320E3A3C1257D58002C42C7,
    hookId=null, file_sz=-1, file_name=null, contentType=null

    [0100:0017-08F0] 19.09.2014 10:20:38 Notes Traveler: SEVERE Frank Tester[3T94T2HKBL2PDDGT6JB2R8QIVC]
    Internal Error: Debug Data: Could not find file attachment w/ UNID=4022208FD320E3A3C1257D58002C42C7
    Error(404)=Entry not found in index

    The original file name is: mac+mde.pdf

    We opened PMRs and are waiting for a response from IBM.
    Will post an update here.

    Update 26.09.2014 I:

    Got feedback from IBM:

    "We have PMRs open and some APARs in the works for the attachments already.  People should continue to open PMRs   ...  It will be at least a few weeks, but probably mid-October ...."

    So-  If you have issues, open a PMR, please. You will get a Hotfix.

    Update 26.09.2014 II:

    IBM published an official Technote. You can get a special hotfix via PMR by request!

    Update 07.11.2014 III:

    Today IBM published a new Interim Fix! Details can be found here

    Traveler & iOS 8 - Why should you have to update your servers?

     15 September 2014 20:08:37
    As I posted this morning (Details  here), IBM released a new Interims Fix for Traveler. This Interim Fix for 9.0.1 / / 8.53 UP2 will prepare Traveler for iOS8 and it is important that you update your servers as soon as possible. Apple will release iOS8 in two days and there are some issues that will be get fixed with this IF.

    The reason is simple:

    The iOS integrated native Apple Mail App, which is used via ActiveSync by Traveler, is submiting up to now a unique Device ID to the ActiveSync Server. Traveler is using this Device ID together with the User name to "define" and "find" the Device record in Traveler. The IBM Companion and IBM Todo App are using this Device ID for matching the Traveler Device with the App installed on these device.
    This Device ID can be viewed by the User on the Device under Settings / General / Info / Device ID and it is the ID that is printed on the back of any iPhone or iPad.

    A Device ID looks like this:
    Submitted via ActiveSync it looks like this: ApplF4KJQ456F19J

    The Device ID is device specific and can be used to track a Device. That's the reason why Apple decided last year with iOS7 to define a new so called EASDeviceIdentifier, which will be a random generated number, which should be used in a future release instead of the Device ID. This EAS Identifier will only be used for ActiveSync and cannot be viewed by the user.

    Starting last week with the iOS8 Gold Master release the iOS ActiveSync client is sending the EAS Identifier and no longer the Device ID to the Traveler server.  

    The EAS Identifier is looking like this: KUSTI1BCOD06VCNOF10EQGNV2G

    IBM had to do some fixes on the server backend and the related Companion and ToDo App to handle this new EAS Identifier.

    So what will happen when you update your already configured iOS device from 7 to 8?

    What I could already test: Nothing - because Apple takes care, that when under iOS 7 there had been already a Traveler profile; the EAS Identifier was set equal to the Device ID. So all will be fine.

    But when you setup a new iOS 8 device without restoring a backup, Apple will create a new EAS Identifier and will use it from then on. Without updating to the new Interims Fix Companion and the ToDo App will no longer work and you will find an additional Device document in your Traveler inventory, which you may be have to approve.

    If you are using a MDM solution like our midpoints mobile.profiler, you will be able to query, collect and view the EAS Identifier together with other device information.  

    To sum it: To prevent any trouble - update to the Interims Fix until iOS 8 will be in the wild in your environment.

    IBM published so far this information:

    With Apple changing the iOS8 DeviceId to no longer start with

    "Appl", some Companion and To Do flows are not functioning

    properly as the device is not longer recognized as an iOS8

    device in the Companion and To Do flows with the new DeviceId.

    This causes issues in handling prevent copy mails, attachments

    being limited to the max admin setting when they should not be,

    out of office not being recognized as supported, and possibly

    other issues.  This change will fix the recognition of iOS8 with

    the new DeviceId such that the existing functions work as they

    did before.