Tag Archives: Domino

Time to update your Domino environment

Today Google released Chrome 48 and has deprecated RC4 as encryption protocol because it’s broken.
This means that if you have an older version of Domino that doesn’t support some other encryption protocol for https.

Domino 9.0.1 FP4 or FP5 will give you the support you need to use updated protocols.

And I really hope Google would implement the Swedish error page for everybody ūüôā


And if you need help contact me.

iNotes, IBM Traveler, IBM Verse, Win 10 Mail

We have all been living with the Mailbox in the IBM Notes client but because I work with lots of different clients I rarely use my own id. Therefore my main mail client has been iNotes / IPhone mail thru Traveler / Verse iPhone app. But when I upgraded my machine to Windows 10 and the Traveler server to the latest version I found that it works great to use the Traveler mail with the Windows 10 built in mail and calendar client.
Yes it’s a bit limited, mostly that you can only have one email open at a time. You can’t use Outlook because that client is blocked on the Traveler server, probably because some advanced communication that the Outlook client uses. Hopefully they will release that support at IBM Connect this month.
So if you haven’t tried it yet and have a Traveler version that supports the Verse client you can try it you self. Feel free to make a comment on you experience and use of other clients against the Domino server.


IBM Domino and Java problem with old applets

All the old Java applets that is YES in some old apps not yet converted used got another problem today on Domino 9 and 9.01. They are now blocked by Oracle because the code signing certificate is outdated, it seams like when they where updated to work with Java 1.7 45 the person who resigned them did that with an old certificate and now that cert is outdated and has been so for 1 month. If IBM or you want to keep track on when your code or SSL certs expires QNova Systems contract management system works really great for this purpose and many more things, contact me if you want to know more. An interesting thing will also to see if the new code cert created with SHA-2, because I don’t think you can get one with SHA-1 anymore and this will make Java 1.6 outdated because it doesn’t have support for SHA-2.

I’ll keep you updated on this matter.screen392

News from IBM ConnectED15

Some of the news from IBM Connect

IBM releases early access to IBM Verse.

IBM Verse will come an an Domino solution for on premise deployment later this year

The Domino HTTP engine will get more updates that the previous released updates with SHA2 and TLS 1.0

It will get new HTTP security options as TLS 1.2, PFS and AEAD



the IBM HTTP server addon released with Domino 9 will be deprecated

screen105The NSF Datastore will get updates that we have all wanted for a long time.

View Indexes outside of the database and with this and DAOS we are breaking the 64GB nsf database maximum finally.

Live view updates is a server task that will pull and update view indexes with a interval of your choice this update is already in 9.0.1 FP3


XPages will receive support for encryption and signatures

New backend classes for XPages, Lotuscript and Java agents

There are plans for future upgrades to update java in Domino to 1.7 or 1.8



XPages support in Bluemix, see Niclas article 

Availability for this great new functionality is Q2 2015, price has not been announced yet.

This is the news I have captured, if I missed something please comment

Part 2 of Partial Refresh in Notes Forms

I couldn’t actually accept myself defeated in the battle to get partial refresh into old school Notes applications. And after a second look at my code I found a way, so I rewrote the javascript library to be a javascript object class so all calls are made inside the class. So now partial refresh of the entire form tag is the standard way of refresh but you can also narrow the refresh to everything inside a div or a table sell if you want to. And Serverside refreshes from a QuerySave agent also works.

So what you need to do is to add the AjaxCall scriptlibrary to your database.

Call the function PartialDomino.onloadAjax() in your onload event

Now all refresh events on the form will be handles as partial refresh.

If you want to also add clicks from a button, give the button a id and add that id using PartialDomino.addPartialRefreshId(“refresh”,””)

The next time the button is clicked a partial refresh is done.

If you would have added a second id to the function, only the element with that id will be replaced after the refresh.

Download the database and see the working example



Holiday Hack: Get some XPage power in old Notes apps

UPDATE: Post with fully working example with serverside redirects working

One of the great things with XPages is the partial refresh that help you to update information inside the page without a full reload of the page. Well that is not possible with older notes applications because it does a full roundtrip to the server each time we change something. But we can update the screen without the users notice it with ajax. What I did was create a copy of the main js function that Domino uses _doClick and replace that with my own copy of that function in onload.

function onloadAjax(){




I store the original function within _doClickNew that is the great thing in this case with javascript. Everything is an object including functions and I can place myself before the original function. My function will now be called when something happens on the Domino form. There is two types of events on a old school Domino form. There is a refresh post and a full post, the script detects if you are trying to do a refresh post and convert that into a ajax request. You can also add entries to an Javascript array¬†PartialRefreshArray by pushing new entries PartialRefreshArray.push(“mybutton”) if you then add a button to the form with the id mybutton it will also be ajax refreshed.

But there are some down sides to this functionality, we can’t use server side redirects. When the form is posted the referer is used when returning data, and because we have ajax refreshed the form the url isn’t updated correctly if we have created the document using the following url


What we need to do is to create the document before we open it the first time and load the document using


If that is used the code can imitate partial refresh, but remember no server side redirects can be used, webquerysave agent runs but not the redirect, so if you want to move away from the form you need to use client side JS.

I’ve created a simple database to show the functionality that you can download here¬†


Conclusion, the partial refresh behaviour can be added but then you need to hack any redirects done using agents and you need to pre create the document and have a scheduled agent to delete the forms not saved.

This is only an hack example not any production code, and may stop working if IBM changes anything.


Setting up a sFTP server to be used with an existing Domino SSL certificate

With the new way of creating SSL certs for Domino a new opportunity occurred to me and actually it worked great. Because we create the certificates using OpenSSL the generated Key and certificate can actually be used on the same server to setup a FTPS server. Saidly because the Domino FTP server on OpenNTF.org¬†doesn’t support FTPS I had to use the FileZilla server¬†the setup was super simple.

Run the setup

go into settings and enable FTP over SSL select your .Key file and your certificate file that you got back from your certifier. Also check the other option to force all connections to the server to be FTPS.

FileZilla Server Settings

And now you have a FTPS server that can deliver external content to you Domino server. The last thing you need to setup is the users and groups that should be able to connect to the server.

Update: Paul Farris commented that this is an SSL based FTP server not an SSH based so the real name should be FTPS not sFTP.

Maximum file upload size in Domino all the places to edit

If you ever wanted to increase the file upload size in Domino you have probably seen that there are several places to update depending on the configuration. I was increasing this on a server this week and missed one of the places and couldn’t understand where I missed, Per-Henrik Lausten pointed me what I missed. So I though I would write a post about this I might help someone else, or help me the next time I forget.

Open up the Server document and go to the “Internet Protocols” tab and the “HTTP” tab








At the bottom right corner, to the “HTTP Protocol Limits” Section









And change the “Maximum size of request” to the size you want to increase to

Now move to the basic tab and check if the server is using “Internet Sites”










If your server doesn’t load from “Internet sites” you need to open the “Internet protocols” tab again

and follow the same instruction as in “Internet Site” document.

in other case close the server document and open up the view “Server\Internet Sites”











Open up the corresponding Internet Sites that you want to change or open all of them and change if you want the same size on everybody. On the “Domino Web Engine” tab



















On the “POST Data” section change the Max post size to the new maximum file size you want to have.

If you are using an old Domino application you are done now. After reloading the HTTP task on the server.

But if you application is an XPage application there is another place you need to control the file size, and that is in Application Configurations and xsp.properties file in you database and the File Upload Option.

Or if you want to add it globally add it to the xsp.properties file in the Domino\Data\Properties folder in xsp.properties.






If you want to increase the size for iNotes there is a third place that you might need to increase and that is in the Servers\Configurations document for the server. Click on the “iNotes” tab and update the “Mamimum attachment size” and save the document. Restart the http task on the server to make the changes get affect.













If you got any problems some Domino configuration or got help from this post, make a comment.

Long live Domino just give us SHA-2 and TLS 1.3 support NOW!!

Setup a Free Git server with Domino Credentials in a few minutes

Today I’m going to show you hav to setup you own internal Free Git server in five minutes

Make sure that you have java version 7 installed in you windows server. JRE or JDK any version works. If you don’t have one goto java.com and install the a java jre.

Goto the java download page scroll down to the bottom of the page and download the JCE


Open up the downloaded zip file and copy the 2 selected files

To the folder lib\security below your java installation folder in my case it was

C:\Program Files\Java\jre7\lib\security you might need to replace existing files nothing to worry about.

This is needed to be able to create the certificates later.

Next step is to  gitblit.com wher your download the Go Git Blit Server for Windows or if you are using Linux or Macosx use that version.


Unzip the zip file in the root to a folder called gitblit or a suitable sub folder, if you change the folder you might need to change url:s in the .cmd files.

Configure GitBlit

We are now going to configure gitblit to use LDAP as authentication method

Open up the file gitblit.properties in the data folder, search for the keyword realm.userService edit this line so the line should look like this realm.userService = com.gitblit.LdapUserService

Setup the connection to the LDAP server

realm.ldap.server=ldap://localhost¬†change the row if your LDAP server isn’t on localhost remember if you want to connect to a domino server and it’s hosted on a windows machine that has AD LDAP on it you need to change the port for the Domino LDAP service.

The syntax if you want to change ip or port is like this ldap://

You also need to change the login user to be able to use the domino LDAP Service

realm.ldap.username = LDAP Manager

realm.ldap.password = your password

To a Domino user and password

Clear the accountBase so it will search all Nodes


Change the accountPattern to

realm.ldap.accountPattern = (&(objectClass=person)(cn=${username}))

Empty the groupBase to search all nodes for groupsrealm.ldap.groupBase =

And the groupMemberPattern to find groups

realm.ldap.groupMemberPattern = (&(objectClass=group)(member=${dn}))

realm.ldap.admins can be edited to add a admin group from LDAP

change the row realm.ldap.email from email to mail

And the row realm.ldap.uid also to mail

Important last step, search the file for localhost and remove that otherwise gitblit will only operate on localhost and you can access it from another machine

Save the file

Generate SSL Certificate

In the Gitblit folder in my case c:\GitBlit there is a cmd file called authority.cmd (if you have another url you might need to modify the file)

start authority.cmd add the information about your certificate

Write the password for your keystore, write gitblit if you don’t want that password you need to edit the gitblit config file so the password match.

The keystore is generated and the cert admin is opened

Close the Window

Start the Git Blit Server using the gitblit.cmd the server will now start in the window.

Your Git server should be up and running now. Let’s access it thru a browser.

Write https://servername or ipadress or localhost and end the adress with :8443

but if you want to use http instead you need to edit the gitblit.properties and change the row

server.httpPort =0 to have the port for the http server i.e. server.httpPort = 8080

The GitBlit interface will load.

Try to login using your Domino credentials

When you have logged in, logout again and login using the standard admin user

username: admin password: admin

and assign yourself as an administrator and change the password of the default admin

Login with your user again

Now your ready to create your first repository

Next step is to connect your git client to the repository. Some clients like sourcetree needs a special setup to accept ssl that is created using a self cert. But that is for the next post.

HTTP Server is waiting for threads to finish: the wait is over part 2

If you did read my post yesterday about how to break long running requests on the Domino server if not you can find it here The wait is over part 1
ven Hasselbach commented that this didn’t work for him and yes he is probably right because I suspect that Sven was trying a long running XPage and yes you can’t break them using Restart Task Http¬†but I have a solution/workaround¬†but that requires you to implement a failsafe into your long running code.
If you add this inside your long running loop


And create an Admin Failsafe XPage with a “Break it All” button with the code


And a second button called “Reset”¬†with the code


To bring back the application to a normal state.

If you then open up the “Failsafe” XPage if your code has gone wild and click the button you can quit the code that has gone wild.