12 November 2014 10:17:17
A great news for Apple Enterprise customers in Germany and Switzerland!
As part of ADP (Apple Deployment Program) for business and education, DEP (Device Enrollment Program) streamlines mass iOS and OS X device deployments for IT staff and end users, readying the hardware for centralized setup and mobile device management (MDM) automatically. For example, DEP can be used to create multiple administration accounts, configure MDM servers for device handling and assign user profiles out of the box. One tentpole feature is "zero-touch configuration," which immediately configures account settings, apps, settings and more when a user first activates their device.
In addition to third-party purchase support, DEP is now available in Australia, Belgium, Canada, Denmark, Finland, France, Germany, Greece, Hong Kong, Ireland, Italy, Japan, Luxembourg, Mexico, Netherlands, New Zealand, Norway, Singapore, Spain, Sweden, Switzerland, Taiwan, Turkey, United Arab Emirates, UK, and the U.S.
More information about DEP and how to setup your account can be done here:
7 November 2014 17:03:59
Admins start your engines: IBM released tonight a new Interims Fix for IBM Notes Traveler. Please update as soon as possible to this new release, because the last two Interim Fixes 5 & 6 for 9.0.1 were no good ones.
The new Interims Fix will fix the attachment handling issues introduced with IF5 & IF6. More details can be found
9.0.1 IF7 includes this Fixes:
|APAR # ||Component ||Abstract |
|LO81598 ||Server ||Silent install error if trying to set External URL on Linux. |
|LO81918 ||Server ||Slow native memory leak in Traveler server. |
|LO81954 ||Server ||Signed Phone Message document may not sync to mobile device. |
|LO81960 ||Server ||Traveler auto log feature may generate lots of SystemDump files during a database outage scenario. |
|LO81985 ||Android ||Attachment download fails on Android device if file name contains white space characters. |
|LO82032 ||Server ||User may see duplicate calendar events when user does not have delete access to own mail db. |
|LO82084 ||Server ||Traveler Bind debug command may not be persist after restart of the server. |
|LO82085 ||Server ||Unable to sync attachments with plus sign in file name. |
|LO82103 ||Server ||Refresh Traveler server translation for messages sent to mobile device. |
|LO82109 ||Server ||iOS8: Unable to delete some instances of repeating even from mobile device. |
|LO82133 ||Server ||Unable to sync folder that has underscore character in the folder name. |
|LO82136 ||Server ||Error syncing attachments: Entry not found in index. |
|LO82137 ||Server ||Apple Push Notification Services (APNS) Certificates may show as expired. |
|LO82150 ||Android ||Unable to register device if server is slow to respond to registration request. |
|LO82183 ||Server ||iOS8: Out of Office reply message may not be saved. |
|LO82214 ||Server ||Red server status message for long running DS thread for when the thread is idle. |
|LO82233 ||Android ||Some attachments can not be viewed or shared on Android device. |
|LO82251 ||Server ||Allow NTTrack field to store entire device ID if desired. |
|LO82282 ||Server ||Unable to forward some attachments from mobile device. |
|LO82292 ||Server ||Room information may disappear from device Calendar when updating a repeating event from mobile device. |
|LO82366 ||Server ||Traveler Web Administration application may fail to load after upgrading Domino server. |
|LO82399 ||Server ||Update notice sent from device may show as an update request in Notes client. |
|LO82405 ||Server ||Some attachments can not be sync'd to mobile device. |
|LO82411 ||Server ||Work around for Calendar notice that continue reports as updated. |
|LO82423 ||Server ||Use TLS instead of SSLv3 for server to server communication. |
|LO82432 ||Server ||Android client could get stuck in banned state when trying to register. |
|LO82553 ||Server ||Draft or Sent item with exclude from view tag does not sync to mobile device. |
|LO82635 ||Android ||Warn user when connecting over unsecured protocol and require manual step to enable.|
Following IFs are available: 8.5.3 UP2 IF8, 9.0.0.x IF8 and 9.0.1 IF7
The downloads can be found
4 November 2014 09:20:14
IBM has released interim fixes for IBM Notes and Domino 8.5.x and for 9.0.x tonight that address the POODLE SSL3/TLS1.0 and SHA-2 issues.
You can find the common description here which include reference links for the downloads.
This document describes the usage of the keyring file in that context.
Looking for further information? Go here.
If you are using SSL on your servers the installation is recommended! But I would wait to install it on production systems for a few days, after we all will have received some feedbacks. It it not always good to be the first one ;-)
Thanks to IBM and specially to Dave Kern, who did a great job in a very short time!
The security team at IBM had been already working on TLS and SHA-2 support before POODLE came up, but had to change their plans (which was 9.0.2 as the target release), because of the short term move to diable SSL 3.0 in browsers and other software.
Dave, thank you very much to make this possible!
PS: Hope TLS v1.2 will be available soon, too.
Added Download Links:
25 Oktober 2014 11:44:26
Today IBM released a new IBM Mobile Connect Fix. You should install this fix to get "POODLE safe".
With this fix the external facing connections will have SSLv3 disabled by default. The internal connections (from IMC to back-end) can still use SSL 3, so that your internal Domino/Traveler Servers can still be accessed using SSL 3. When IBM released the "POODLE Fix" for Domino, too, you should and can switch off SSL 3 for the internal connections.
You will have to update your Connection Manager and please check if your Gatekeeper is already running the latest Gatekeeper release (188.8.131.52 from March 2014).
Check out Technote SWG2188204 for more details:
Get the downloads via Fix Central:
21 Oktober 2014 18:17:36
Today IBM published two Technotes, in which IBM announced two new Interims Fixes.
The first one will bring native SHA-2 support to Domino for HTTP, SMTP, IMAP, POP3 and LDAP.
The other one will take care for the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack issue:
IBM intends to release Domino server Interim Fixes over the next several weeks that implement TLS 1.0 with TLS_FALLBACK_SCSV for HTTP to mitigate against POODLE. Implementing TLS 1.0 will allow browsers to still connect to Domino after they have been changed to address the POODLE attack, and Domino will protect against browsers that have been compromised by POODLE.
The POODLE Fix will be available in the next few days for 8.5.3 and 9.0.x. The SHA-2 fix will be available in the next few weeks for Domino 9.0.x only.
Many thanks to Dave Kern for make this possible!
Technote for (POODLE )TLS: http://www-01.ibm.com/support/docview.wss?uid=swg21687167
Technote for SHA-2: http://www.ibm.com/support/docview.wss?uid=swg21418982
17 Oktober 2014 14:35:55
Apple hat gestern Mac OS 10.10 (Yosemite) freigegeben.
Die IBM hat heute eine spezielle Version des IBM Notes Clients (9.0.1 Slipstream) veröffentlicht, da der IBM Installer von 9.0.1 Yosemite nicht richtig erkennt:
"IBM Notes 9.0.1 Social Edition can't be installed on this computer. This can only be installed on Mac OS X 10.6 or above. Current OS Version is too low."
Der sogenannte Slipstream Client ermöglicht die Neuinstallation eines Notes Clients unter Yosemite.
Falls vor dem Update auf Yosemite bereits ein Notes Client auf dem Mac installiert war, ist keine Neuinstallation notwendig. Es sollte allerdings entweder vor oder direkt nach dem Yosemite-Update der Notes Client auf 9.0.1 FP2 aktualisiert werden.
Generell muß nach dem Yosemite Update die Java Runtime neu installiert werden:
Step 1: Install the legacy Java SE 6 runtime from Apple: http://support.apple.com/kb/DL1572
Step 2: Download and install the Mac IBM Notes 9.0.1 slipstream,
which will be released by end of day on Thursday, October 16, 2014
Step 3: Install Notes 9.0.1 Fix Pack 2 or higher
Partnumbers des IBM Notes 9.0.1 Slipstream Clients:
|IBM Notes 9.0.1 Mac English || |
|IBM Notes 9.0.1 Mac Simplified Chinese and Traditional Chinese || |
|IBM Notes 9.0.1 Mac Japanese and Korean || |
|IBM Notes 9.0.1 Mac French, Brazilian Portuguese and Spanish || |
|IBM Notes 9.0.1 Mac Italian and German || |
|IBM Notes 9.0.1 Mac Danish and Dutch || |
|IBM Notes 9.0.1 Mac Finnish, Norwegian and Swedish || |
|IBM Notes 9.0.1 Mac Polish and Russian || |
|IBM Notes 9.0.1 Mac Portuguese and Turkish || |
Siehe auch IBM Technote:
2 Oktober 2014 20:13:36
Today IBM released a new Interims Fix for IBM Mobile Connect 184.108.40.206.
From the APAR list, which can be found here:
List of APAR fixes for IBM Mobile Connect 220.127.116.11
|IV61919 ||Memory leak, http access services error path handler for badly formatted method requests. || |
|IV62062 ||Gatekeeper shows empty mobile device container in the System - Users |
|IV62408 ||HTTP Access Services, add configuration option for maintaining session affinity to back end server after initial assignment. || |
|IV63410 ||HTTP Access Services, SSL disabled. On redirects and rewrites, use the service URL as configured, dont change protocols or add the service port. || |
|IV63934 ||HTTP Access Services, new function. Allow LTPA tokens generated by |
third parties to be accepted by IMC. Default behavior is to reject and force a new login.
|IV64821 ||Upgrading to a new Windows Connection Manager build is unsuccessfull even though the installer reported success. Symptoms seen are GK will not launch after an upgrade and/or the IMC build version did not change. || |
26 September 2014 14:28:09
After installing Notes Traveler 9.0.1 IF6 attachments with '+' in the name are not able to synch to the device. There is no work around for the issue. Will need to apply this APAR.
Is available in hot fix APAR LO82085 "Attachments with '+" in the name are not able to synch to device", is now available in hot fix 901_IF6_20140924_1713_Server.
via IBM Technote: https://www-304.ibm.com/support/entdocview.wss?uid=swg1LO82085&myns=swglotus&mynp=OCSSYRPW&mync=R Update 07.11.2014:
Today IBM published a new Interim Fix! Details can be found
19 September 2014 11:46:21
Yesterday and today customers contacted me, that there are some issues regarding IBM Notes Traveler and iOS8/Android after upgrading to Traveler 9.0.1 IF6.
It looks like Attachements with special characters like Space, '+' or '&' in the file name can not be loaded by the Device
and the CPU load on the Traveler server is unnormal high.
You will see this log entries:
[0100:0017-08F0] 19.09.2014 10:20:37 Notes Traveler: SEVERE Frank Tester
Action(0)=Stream, userCN=CN=Frank Tester/O=Company, deviceId=CN=Frank Tester/O=Company, database=mail/dev.nsf,
server=CN=LNTEST01/O=Company, refid=mac mde.pdf@4022208FD320E3A3C1257D58002C42C7,
hookId=null, file_sz=-1, file_name=null, contentType=null
[0100:0017-08F0] 19.09.2014 10:20:38 Notes Traveler: SEVERE Frank Tester[3T94T2HKBL2PDDGT6JB2R8QIVC]
Internal Error: Debug Data: Could not find file attachment w/ UNID=4022208FD320E3A3C1257D58002C42C7
Error(404)=Entry not found in index
The original file name is: mac+mde.pdf
We opened PMRs and are waiting for a response from IBM.
Will post an update here.
Update 26.09.2014 I:
Got feedback from IBM:
"We have PMRs open and some APARs in the works for the attachments already. People should continue to open PMRs ... It will be at least a few weeks, but probably mid-October ...."
So- If you have issues, open a PMR, please. You will get a Hotfix.
Update 26.09.2014 II:
IBM published an official Technote. You can get a special hotfix via PMR by request!
https://www-304.ibm.com/support/entdocview.wss?uid=swg1LO82085&myns=swglotus&mynp=OCSSYRPW&mync=R Update 07.11.2014 III:
Today IBM published a new Interim Fix! Details can be found
15 September 2014 20:08:37
As I posted this morning (Details
here), IBM released a new Interims Fix for Traveler. This Interim Fix for 9.0.1 / 18.104.22.168 / 8.53 UP2 will prepare Traveler for iOS8 and it is important that you update your servers as soon as possible. Apple will release iOS8 in two days and there are some issues that will be get fixed with this IF.
The reason is simple:
The iOS integrated native Apple Mail App, which is used via ActiveSync by Traveler, is submiting up to now a unique Device ID to the ActiveSync Server. Traveler is using this Device ID together with the User name to "define" and "find" the Device record in Traveler. The IBM Companion and IBM Todo App are using this Device ID for matching the Traveler Device with the App installed on these device.
This Device ID can be viewed by the User on the Device under Settings / General / Info / Device ID and it is the ID that is printed on the back of any iPhone or iPad.
A Device ID looks like this: F4KJQ456F19J
Submitted via ActiveSync it looks like this: ApplF4KJQ456F19J
The Device ID is device specific and can be used to track a Device. That's the reason why Apple decided last year with iOS7 to define a new so called EASDeviceIdentifier, which will be a random generated number, which should be used in a future release instead of the Device ID. This EAS Identifier will only be used for ActiveSync and cannot be viewed by the user.
Starting last week with the iOS8 Gold Master release the iOS ActiveSync client is sending the EAS Identifier and no longer the Device ID to the Traveler server.
The EAS Identifier is looking like this: KUSTI1BCOD06VCNOF10EQGNV2G
IBM had to do some fixes on the server backend and the related Companion and ToDo App to handle this new EAS Identifier.
So what will happen when you update your already configured iOS device from 7 to 8?
What I could already test: Nothing - because Apple takes care, that when under iOS 7 there had been already a Traveler profile; the EAS Identifier was set equal to the Device ID. So all will be fine.
But when you setup a new iOS 8 device without restoring a backup, Apple will create a new EAS Identifier and will use it from then on. Without updating to the new Interims Fix Companion and the ToDo App will no longer work and you will find an additional Device document in your Traveler inventory, which you may be have to approve.
If you are using a MDM solution like our midpoints mobile.profiler, you will be able to query, collect and view the EAS Identifier together with other device information.
To sum it: To prevent any trouble - update to the Interims Fix until iOS 8 will be in the wild in your environment.
IBM published so far this information:
With Apple changing the iOS8 DeviceId to no longer start with
"Appl", some Companion and To Do flows are not functioning
properly as the device is not longer recognized as an iOS8
device in the Companion and To Do flows with the new DeviceId.
This causes issues in handling prevent copy mails, attachments
being limited to the max admin setting when they should not be,
out of office not being recognized as supported, and possibly
other issues. This change will fix the recognition of iOS8 with
the new DeviceId such that the existing functions work as they