Today Luis Guirigay, Barry Rosen and Thomas Hampel showed us the HCL Domino & Notes Beta 3 of the Version 12. Guess what!? It is available on the HCL Flexnet site for download as of now! 🙂
I will give my best to list the most important takeaways from the today’s webinar in the following.
This is the last of the planed Beta releases before the global launch of the HCL Domino and Notes Version 12.
The latest beta release is available in the following languages:
As of HCL Domino version 12, additional Linux server distributions are supported.
HCL Notes 64-Bit Basic Client for Windows is available for download, a release of HCL Notes 64-Bit Standard Windows Client is planned in the future.
I was especially excited as I have seen the following slide:
The Active Directory Password sync looked perfect and polished in a Demo. It takes less than 5 seconds to sync a user’s password, since it was changed in Active Directory, to Domino.
The Backup Solution also looks great, the whole backup and restore process can be controlled inside one new Domino Database. In a Demo, the restore process certainly looked fast and easy, Thomas restored some deleted Mails and Folders with ease.
The backup and restore process should now be possible with most backup software vendors.
There are also some news about licensing, the CCB/CCX Licenses can now be tracked easily inside Domino, no matter how complicated your environment is.
HCL Nomad Web will also be publicly available with HCL Domino and Notes v12.
In order to re-configure the existing HCL Domino Directory Assistance document for accessing the user data over encrypted LDAP connection or LDAPs you have to do the following:
Create a Domino keyring file for the source Domino server.
Generally there are many good guides on the internet for doing this, personally, I like the following articles:
Personally, I advise you to always use an official certificate, any well known third party CA or Let’s Encrypt certificates, which by the way are free, will do. This will save you some pain in the long run.
2. Add the personal certificate and/or CA certificate to the Domino keyring file of the Active Directory serveryou want to access.
You can do this in the same manner as adding the Domino root or personal certificate in the guides mentioned above. If possible, I would always add the personal and the root certificate of the AD target server, just to be sure that the trust will be established successfully. Just make sure to set a reminder to change the certificates mentioned before they expire. 🙂
3. Add the newly created Domino keyring file to the Domino Server document
Copy the Domino keyring file, including the stash file (.sth) to the Domino Data folder and reference it in the Domino server document.
4. Import the root and personal certificate of the Active Directory server to the Domino Directory
Export the Active Directory root and personal certificates as “.cert”, Base-64 encoded, and import them to the Domino Directory.
5. Activate encryption in the Domino Directory Assistance document.
Set the “Channel encryption” to “SSL”, I advise you to set the other settings to be “less restrictive”, you can fine tune those after you made sure that basics are working.
Do not worry if clicking the “Verify” button returns an error. I think that there is a bug in the Domino 11 DA Template. I was always getting the following error “Connection to host ‘<hostname>:636’ failed”.
6. Restart the Domino Server and verify.
After the Domino Server restart you can verify that the Microsoft Active Directory user data can be accessed via HCL Domino Directory Assistance by issuing the command “show xdir“, the result should be something like the following:
This is everything you have to do to access the user data over encrypted LDAP connection using HCL Domino Directory Assistance. I hope this helps.
If you are using ADFS with Domino as a Single Sign-On solution, and you get a call from a friendly user telling you that Single Sign-On stopped working, check if you are seeing the following error on the HCL Domino server console:
SECCheckAndParseSAMLResponse> VerifyAssertionSignature : Document has been modified or corrupted since signed! (signature)
If that is the case, check the expiration date of the “Token-decrypting” and “Token-signing” certificate on the ADFS Server. The easiest way to do that is using the ADFS Management Snap-in or ADFS Management Console.
If the secondary “Token-decrypting” and “Token-signing” is going to expire in two weeks or fewer and the ADFS certificate rollover has started, than you have to reimport the FederationMetadata.xml into your HCL Domino servers. Just download the new “FederationMetadata.xml” file according to the official documentation and re-import it into the existing IdP Configuration documents (you may have more than one).
After importing the new “FederationMetadata.xml” file, just refresh the HTTP configuration and restart the HTTP Task on the Domino Server. You can do that using the “tell http refresh” and “tell http restart” commands respectively. That should be it, your SSO solution should be back in business.
As Patrick Schneider mentioned, in the comment section of this post, you can increase the lifetime of the signing and decrypting certificates:
During the first day of the virtual HCL Factory Tour we were able to see the roadmap for Domino, Designer and Notes v12. HCL continues to innovate and sets the bar high in regard to product quality. The new release of Domino, version 12, is coming in Q2 of 2021.
HCL Domino v12 release is going to focus on the following three key points.
Basically it focuses on Volt, new possibilities in regard to infrastructure and better overall experience by delivering a new web based client. Rather than that, at a glance the v12 will deliver the following new features:
The version 12 of Domino will be supported on more Linux platforms than the previous release.
AstraLinux support seems to be very important on the Russian market. As mentioned earlier in the course of the HCL Digital Week, the backup process will be redesigned so it could be implemented easily by any third party solution. All major cloud vendors will also be supported.
From the security aspect, the usage of Let’s Encrypt certificates as well as 2FA will be possible out of the box.
With Domino v12, we will get a new client. I am especially excited about that. This may solve many issues that we currently have in terms of support with Windows Terminal clients for example.
HCL Domino v12 will also deliver some new capabilities for HCL Verse on-Premises, currently the focus lies on the following features.
After the delivery of HCL Nomad web client, HCL aims to deliver an all integrated user experience for the desktop clients. I can’t wait to get this, the users would benefit greatly from a UI which connects the HCL collaboration products.
HCL Notes client will also get updated and get some long awaited features. The UI (including workspace) will be improved to increase efficiency. Alternate “From” will be introduced, so we can switch on the fly from which mail account an e-mail should be sent or which signature should be used. The Performance of the client will be improved as well. A very welcome addition will also be the inclusion of Language packs as part of the basic installation so there will be no need to install them separately. The Notes Client will also get a new branding and very own icon! 🙂
As expected, the new release of the Notes Designer will focus on mobile devices.
HCL continues to rapidly improve and develop the Domino platform by focusing on its strengths. I am sure that the HCL is going in the right direction!
Today, as a part of the HCL Digital Week, we had an opportunity to take a glimpse into the future and the v12 version of HCL Domino. In the following I will write a brief summary of the session, along with a few thoughts of my own.
In terms of upgrading to the v12 release, we got to see a live demo of the update from v9 to v12 of Domino. It took only about 5 to 10 Minutes to successfully upgrade the Domino server to the version 12. Business as usual. 🙂
It looks like the emphasis of the new version will not be on the traditional Notes client, as of now, it does not look like the HCL Notes 12 will get a major overhaul from the previous version. Although, we got to see the “Type Ahead Search” feature, which is a welcome addition!
On the other hand, we will get a new web based client, HCL Nomad Web client. Which gets me extremely excited because this client has the full functionality of the traditional Notes client. HCL Nomad Web client will run on all most popular Browsers (Firefox, Chrome, Safari…) and will be supported on Windows, Linux and macOS!
Here are some screenshots from the new HCL Nomad Web Client:
HCL Nomad Web client can be installed by opening a URL in a web browser, the whole installation takes about a minute (although this is dependable on your network bandwidth). The access, to the installation page, can be secured via two-factor authentication (2FA).
This brings us to other cool features which will come with HCL Domino v12, FaceID and other biometric means of authentication will be supported in HCL Nomad mobile client.
It will be possible to integrate HCL Domino Applications in Microsoft Teams, as long as the Domino Applications can be opened in web.
HCL Verse on-Premises will be fully supported in a web browser on mobile devices.
On the other hand, on desktop, HCL is working on a fully integrated user experience, this is something I can’t wait to get. Things like Verse on-Premises and Sametime Meetings integration. It will be possible to access a Sametime Meeting from a mobile device, by scanning a QR-Code from Verse on-Premises Client.
There was a lot of talk today about cloud and containerization and HCL Domino v12 session was no exception, Domino v12 will run on most major cloud platforms, HCL also guarantees that your backup solution will support Domino v12. The whole backup process will be reinvented so it could be easily supported by all backup software vendors.
Which brings us to the “Cloud Native” journey. When installing HCL Domino v12, a “one click install” will be possible by using a JSON configuration file. In terms of ease of deployment and automation, this means a great deal.
A few new security features will also be implemented. As mentioned, 2FA and biometric authentication on mobile devices will be supported out of the box as well as the whole process of obtaining and using the Let’s Encrypt SSL certificates. Active Directory Password Sync will also be available in the next release, one password for AD, HCL Notes and Domino Web Access, finally! 🙂
HCL Notes Designer v12 is going to allow easier development of responsive applications, here we have a clear focus on developing and modernizing applications for mobile devices.
HCL Domino Volt is going to be enhanced even more, a more simplified web administration page will be delivered as well as connectors for third party solutions.
Domino v12 will be available in 2021 in Q2 until then we can participate in HCL Nomad Web Beta!
HCL Domino v12 will bring a lot of new highly requested features, I can’t wait for it to come, the orientation is clearly on mobile and cloud, as well as building a secure and highly functional backend for the rapid low- and pro-code development.
I came across an HCL Domino environment with HCL Sametime where the Sametime embedded clients were logging in via LTPA but with a different authentication server than the Sametime Community server.
As you can imagine, this was important to keep in mind during a Sametime migration. The Domino server used for authenticating Sametime clients is also hosting multiple websites and using multiple LTPA tokens, so the question was, which LTPA token is actually used for authenticating the Sametime clients.
After some searching I asked a good friend, Herwig W. Schauer, and he knew the answer. The LTPA token used for authenticatication of Sametime embedded clients is the default LTPA token, which is found inside the “($WebSSOConfigs)” hidden view of the Domino directory.
To access this view, hold “CTRL” and “Shift” keys while opening the “names.nsf” database. I hope this saves someone some time. 🙂
Recently I was installing an HCL Sametime 11 environment from scratch. I always tend to implement a single LTPA Token across the Domino, Sametime and/or Connections environment. It is also a very good idea to use only the LTPA Token version 2, as it is more secure, but this also means that the LTPA Token has to be created by a WebSphere server.
Usually this is not a problem, because most of my customers have HCL Connections or an older version of Sametime already deployed, which means that they are also using WebSphere Application Server Network Deployment.
But this customer only had Domino, and a new installation of the WAS Network Deployment Server, solely to create a new LTPA Token and scrap it afterwards would take me too much time.
My friend Herwig W. Schauer gave me tip that the same could be done with WebSphere Liberty server, which is a lot faster.
Just download the latest version of WebSphere Application Liberty Server, which is free, from the IBM Website, I used the ZIP Install Package for Windows OS.
Just extract the downloaded package to the directory of your choice and open the “server.xml” file, which can be found under “<was_liberty_package>\wlp\usr\servers\defaultServer”, in text editor. At the line number 17, inside the “<ltpa>” tag, edit the “keyFileName” and “keysPassword” parameter, as shown in the screenshot below:
Afterwards, just start the WAS Liberty by executing the “server.bat” script.
Just as in the screenshot below:
As soon as you get the server fired up, a new LTPA token will be generated in “<was_liberty_package>\wlp\usr\servers\defaultServer” directory, with the name and password you specified in the “server.xml” file.
That’s it, you can take the newly generated LTPA token and import it to Domino.
I am proud and honored that I was allowed to present this year at Engage in Arnhem. To be frank, I still can’t believe it. 🙂 I held a 25-Minute Session about implementing certificate based authentication for HCL Notes Traveler authentication. If anyone is interested, the Slides is embedded below:
I also took a video of my presentation, I wanted to make sure I didn’t miss any errors I have made, so that I can improve my overall presentation skills. Apart from the viewing angle, the video has not turned out to bad. 🙂
Make sure to register for the “How to Make Domino Deployment and Monitoring Radically Easier” Webinar taking place tomorrow at 3:00 PM – 4:00 PM CET.
Join this session to learn how to create a controlled, efficient Domino deployment (regardless of where you want your servers) powered by Panopta, our new partner. You’ll learn how to get complete visibility of your Domino servers’ key health metrics in easy to use dashboards, ensure the right person is notified in case of any health or performance issues, and solve problems with automated remediation instead of manual intervention. And, with much of the configuration done out of the box, you’ll learn how to get this all up and running quickly!
How to Make Domino Deployment and Monitoring Radically Easier – Registration form
If you are running Domino 10.0.1 Servers with German Language Pack and trying to implement SAML authentication mechanism, make sure to switch to the English version of the IdP Catalog database.
Or else you could run into the problem with creating the Service Provider Certificate by using the “Create SP Certificate” button in the “IdP Configuration” document, this action will create the certificate, but it will not create the “ServiceProvider.xml” file. When doing so, I got the following error:
Agent message: CreateIdPXML error 91 (Object variable not set) line 19 Please pass this error message to your notes admin
We had this issue in two customer environments, using Domino Version 10.0.1 to 10.0.1 FP3.