HCL Domino TOTP/2FA – Implementation, Best Practices and Pitfalls – Webinar

My colleague Martin Leyrer and I will be hosting a webinar “HCL Domino TOTP/2FA – Implementation, Best Practices and Pitfalls”. The session will start on September the 15th, at 4 PM CEST. So, if you are interested in TOTP/2FA Implementation using HCL Domino natively, make sure to register and join our Webinar:

Registration Form

We will be delighted to have your presence!

HCL Domino – Contact Sync Issues

Recently, we came across some issues with contact synchronization between mobile devices using HCL Traveler, mail databases of HCL Notes users, and address books of the HCL Notes Roaming users.

To be exact, these are two separate problems which are described in the following Knowledge Base articles:

KB0099431

KB0097255

You might have the issues mentioned in the KB articles above, but haven’t noticed them yet, as the HCL Notes and HCL Traveler users will only have problems with synchronizing certain contacts “across the board”, namely those which are created on HCL Traveler devices. The issue will become more apparent with the users having more than one mobile device activated on HCL Traveler, as the contacts created on one of the devices will not sync to the other and vice versa.

There is a workaround for both issues, as stated in the KB articles mentioned above, which is to add the “AccessContacts” role to the owner of the mail database as well as to the roaming address book database, assuming the same user is also a roaming user. You can either do this manually or via LotusScript code provided by Domino Development, which you can find in the following Knowledge Base article:

KB0099761

Many thanks to the HCL Traveler team for confirming the issue and developing the workaround so quickly, as well as to the HCL Domino Development team for writing the code to implement the workaround.

New Fixes for HCL Notes 12.0.1 German Template

As of yesterday, a new version of HCL Notes 12.0.1 German mail template is available, which incorporates the fixes for the following SPRs:

SPR  # PDARCBQ86U >>  DOMI: MSTeams meeting is not getting updated with new URL when user opens the accepted reschedule invite

SPR  # PDARCC68MC >>  DOMI: Reschedule meeting notice displays the old url for MSTeams meeting when chair accepts the counter

You can find the new version of the HCL Notes 12.0.1 German mail template in the KB0097354 article.

Hope this helps! 🙂

Engage 2022 – Domino TOTP/2FA – Best Practices and Pitfalls

It’s hard to describe how well the Engage conference is organized and how fabulous the event is. Engage is the place where many good people gather, who gave me the opportunity to learn from them, and over the years many of them became my friends. Therefore, it is something special for me to present at Engage, and for that, I am thankful and honored.

My colleague and dear friend Martin Leyrer and I talked about Domino and TOTP, below you can take a look at the slides we have used:

We have also recorded our session, sorry for the bad audio. You can take a look at the recording below:

Here it comes! HCL Domino & Notes v12 Beta 3

Today Luis Guirigay, Barry Rosen and Thomas Hampel showed us the HCL Domino & Notes Beta 3 of the Version 12. Guess what!? It is available on the HCL Flexnet site for download as of now! 🙂

Where to download the v12 Beta.

I will give my best to list the most important takeaways from the today’s webinar in the following.

This is the last of the planed Beta releases before the global launch of the HCL Domino and Notes Version 12.

Timeline and Components of the HCL Domino and Notes v12.

The latest beta release is available in the following languages:

HCL Domino v12 supported languages.

As of HCL Domino version 12, additional Linux server distributions are supported.

Additional Linux Platforms.

HCL Notes 64-Bit Basic Client for Windows is available for download, a release of HCL Notes 64-Bit Standard Windows Client is planned in the future.

HCL Notes 64 Bit Client Beta.

I was especially excited as I have seen the following slide:

The Active Directory Password sync looked perfect and polished in a Demo. It takes less than 5 seconds to sync a user’s password, since it was changed in Active Directory, to Domino.

The Backup Solution also looks great, the whole backup and restore process can be controlled inside one new Domino Database. In a Demo, the restore process certainly looked fast and easy, Thomas restored some deleted Mails and Folders with ease.

New Domino Backup and Restore Database.

The backup and restore process should now be possible with most backup software vendors.

Architecture of the HCL Domino v12 backup/restore solution.

There are also some news about licensing, the CCB/CCX Licenses can now be tracked easily inside Domino, no matter how complicated your environment is.

HCL Domino & Notes Entitlement Tracker Demo.

HCL Nomad Web will also be publicly available with HCL Domino and Notes v12.

If you would like to participate in the Beta program, you can do so, HCL is open about it and they will welcome any feedback. You will need to register for an Account and afterwards you will be able to access the beta forum.

And last but not least, make space in your calendar for the HCL Domino and Sametime Launch Event on June the 7th.

Happy Testing! 🙂

HCL Domino – Directory Assistance – Access to Active Directory via LDAPs

In order to re-configure the existing HCL Domino Directory Assistance document for accessing the user data over encrypted LDAP connection or LDAPs you have to do the following:

  1. Create a Domino keyring file for the source Domino server.

Generally there are many good guides on the internet for doing this, personally, I like the following articles:

Generating a keyring file with a third party CA SHA-2 cert using OpenSSL and KYRTool on a Windows workstation
Generating a keyring file with a self-signed SHA-2 cert using OpenSSL and kyrtool

Personally, I advise you to always use an official certificate, any well known third party CA or Let’s Encrypt certificates, which by the way are free, will do. This will save you some pain in the long run.

2. Add the personal certificate and/or CA certificate to the Domino keyring file of the Active Directory server you want to access.

You can do this in the same manner as adding the Domino root or personal certificate in the guides mentioned above. If possible, I would always add the personal and the root certificate of the AD target server, just to be sure that the trust will be established successfully. Just make sure to set a reminder to change the certificates mentioned before they expire. 🙂

3. Add the newly created Domino keyring file to the Domino Server document

Copy the Domino keyring file, including the stash file (.sth) to the Domino Data folder and reference it in the Domino server document.

4. Import the root and personal certificate of the Active Directory server to the Domino Directory

Export the Active Directory root and personal certificates as “.cert”, Base-64 encoded, and import them to the Domino Directory.

5. Activate encryption in the Domino Directory Assistance document.

Set the “Channel encryption” to “SSL”, I advise you to set the other settings to be “less restrictive”, you can fine tune those after you made sure that basics are working.

Do not worry if clicking the “Verify” button returns an error. I think that there is a bug in the Domino 11 DA Template. I was always getting the following error “Connection to host ‘<hostname>:636’ failed”.

6. Restart the Domino Server and verify.

After the Domino Server restart you can verify that the Microsoft Active Directory user data can be accessed via HCL Domino Directory Assistance by issuing the command “show xdir“, the result should be something like the following:

This is everything you have to do to access the user data over encrypted LDAP connection using HCL Domino Directory Assistance. I hope this helps.

Domino, Designer and Notes v12 Roadmap

During the first day of the virtual HCL Factory Tour we were able to see the roadmap for Domino, Designer and Notes v12. HCL continues to innovate and sets the bar high in regard to product quality. The new release of Domino, version 12, is coming in Q2 of 2021.

HCL Domino Roadmap

HCL Domino v12 release is going to focus on the following three key points.

Basically it focuses on Volt, new possibilities in regard to infrastructure and better overall experience by delivering a new web based client. Rather than that, at a glance the v12 will deliver the following new features:

HCL Domino v12 Features

The version 12 of Domino will be supported on more Linux platforms than the previous release.

New Linux Platforms in HCL Domino v12

AstraLinux support seems to be very important on the Russian market. As mentioned earlier in the course of the HCL Digital Week, the backup process will be redesigned so it could be implemented easily by any third party solution. All major cloud vendors will also be supported.

New backup and cloud possibilities

From the security aspect, the usage of Let’s Encrypt certificates as well as 2FA will be possible out of the box.

With Domino v12, we will get a new client. I am especially excited about that. This may solve many issues that we currently have in terms of support with Windows Terminal clients for example.

HCL Domino v12 will also deliver some new capabilities for HCL Verse on-Premises, currently the focus lies on the following features.

HCL Verse on-Premises – Top priorities

After the delivery of HCL Nomad web client, HCL aims to deliver an all integrated user experience for the desktop clients. I can’t wait to get this, the users would benefit greatly from a UI which connects the HCL collaboration products.

Integrated user experience

HCL Notes client will also get updated and get some long awaited features. The UI (including workspace) will be improved to increase efficiency. Alternate “From” will be introduced, so we can switch on the fly from which mail account an e-mail should be sent or which signature should be used. The Performance of the client will be improved as well. A very welcome addition will also be the inclusion of Language packs as part of the basic installation so there will be no need to install them separately. The Notes Client will also get a new branding and very own icon! 🙂

As expected, the new release of the Notes Designer will focus on mobile devices.

HCL Notes Designer v12

HCL continues to rapidly improve and develop the Domino platform by focusing on its strengths. I am sure that the HCL is going in the right direction!

HCL Domino v12 Preview – HCL Digital Week

Today, as a part of the HCL Digital Week, we had an opportunity to take a glimpse into the future and the v12 version of HCL Domino. In the following I will write a brief summary of the session, along with a few thoughts of my own.

In terms of upgrading to the v12 release, we got to see a live demo of the update from v9 to v12 of Domino. It took only about 5 to 10 Minutes to successfully upgrade the Domino server to the version 12. Business as usual. 🙂

It looks like the emphasis of the new version will not be on the traditional Notes client, as of now, it does not look like the HCL Notes 12 will get a major overhaul from the previous version. Although, we got to see the “Type Ahead Search” feature, which is a welcome addition!

On the other hand, we will get a new web based client, HCL Nomad Web client. Which gets me extremely excited because this client has the full functionality of the traditional Notes client. HCL Nomad Web client will run on all most popular Browsers (Firefox, Chrome, Safari…) and will be supported on Windows, Linux and macOS!

HCL Nomad Web Client – Supported Platforms

Here are some screenshots from the new HCL Nomad Web Client:

HCL Nomad Web client can be installed by opening a URL in a web browser, the whole installation takes about a minute (although this is dependable on your network bandwidth). The access, to the installation page, can be secured via two-factor authentication (2FA).

HCL Nomad Web client installation

This brings us to other cool features which will come with HCL Domino v12, FaceID and other biometric means of authentication will be supported in HCL Nomad mobile client.

HCL Nomad Mobile client

It will be possible to integrate HCL Domino Applications in Microsoft Teams, as long as the Domino Applications can be opened in web.

HCL Verse on-Premises will be fully supported in a web browser on mobile devices.

On the other hand, on desktop, HCL is working on a fully integrated user experience, this is something I can’t wait to get. Things like Verse on-Premises and Sametime Meetings integration. It will be possible to access a Sametime Meeting from a mobile device, by scanning a QR-Code from Verse on-Premises Client.

There was a lot of talk today about cloud and containerization and HCL Domino v12 session was no exception, Domino v12 will run on most major cloud platforms, HCL also guarantees that your backup solution will support Domino v12. The whole backup process will be reinvented so it could be easily supported by all backup software vendors.

Cloud and Backup

Which brings us to the “Cloud Native” journey. When installing HCL Domino v12, a “one click install” will be possible by using a JSON configuration file. In terms of ease of deployment and automation, this means a great deal.

HCL Domino’s Cloud Native Journey

A few new security features will also be implemented. As mentioned, 2FA and biometric authentication on mobile devices will be supported out of the box as well as the whole process of obtaining and using the Let’s Encrypt SSL certificates. Active Directory Password Sync will also be available in the next release, one password for AD, HCL Notes and Domino Web Access, finally! 🙂

HCL Notes Designer v12 is going to allow easier development of responsive applications, here we have a clear focus on developing and modernizing applications for mobile devices.

HCL Domino Volt is going to be enhanced even more, a more simplified web administration page will be delivered as well as connectors for third party solutions.

HCL Domino Volt and Domino v12

Domino v12 will be available in 2021 in Q2 until then we can participate in HCL Nomad Web Beta!

HCL Nomad Web Beta

HCL Domino v12 will bring a lot of new highly requested features, I can’t wait for it to come, the orientation is clearly on mobile and cloud, as well as building a secure and highly functional backend for the rapid low- and pro-code development.