Happy Easter
by Richard Pajerski
Posted on Sunday April 09, 2023 at 12:00AM in General
And suddenly there was a great trembling of the earth, because an angel of the Lord came to the place, descending from heaven, and rolled away the stone and sat over it; his face shone like lightning, and his garments were white as snow; so that the guards trembled for fear of him, and were like dead men. (Saint Luke 28:2-4 Knox Version).
Tags: general
DOTS follow-up, SPR for applet bug
by Richard Pajerski
Posted on Wednesday February 15, 2023 at 10:27AM in Technology
Following up on my NSFDBHOOK post in December, I'm told the official word from HCL Product Management is that "HOOK and Event Management (EM) should be discontinued, as those have not been well used and tested functionality ..." I can appreciate that it's hard to justify development if there isn't much traction, but having an easily accessible Java API for these low-level Domino events (without having to write my own DSAPI plugin) would've been a really handy feature for some of my custom applications. There's always the Domino Ideas Portal for the future!
Regarding Java applets not loading in Notes, HCL is now tracking a fix under SPR #CECNCNPSCQ.
[February 28, 2023 update] Defect article for applets can be found here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102913
Securing access to MongoDB with Sametime 12 Premium
by Richard Pajerski
Posted on Tuesday February 14, 2023 at 10:58PM in Technology
Setting up a new, fully functional stand-alone Sametime 12.0.1 Premium server on Docker instance is a relatively pleasant experience and HCL has made great strides is presenting a more simplified, compelling UX for the product than what was previously offered. For example, the new interface for creating and customizing meetings gets all the important, relevant bits into a single page (a good introduction to the product can be found here).
But the thrust of this post is on securing the server itself, and more specifically the MongoDB portion where chat histories, contact lists and other details are stored. HCL supports MongoDB versions 4.2 and higher on a best effort basis and I'm using version 6.0.4 on CentOS 8 for purposes of this post. Here's what worked for me.
After installing, we configure our Sametime database using the MongoDB Shell; upon first connecting, there's no prompt for a password and we're plainly told:
"Access control is not enabled for the database. Read and write access to data and configuration is unrestricted"

According to the installation guide, port 27017 should be "permitted bidirectionally". That's understandable since a common strategy is to deploy the MongoDB server on its own host. But even with this installation which has both the MongoDB server and Sametime on the same machine, closing off external access to 27017 caused internal connectivity problems for Sametime (I could no longer create meetings and chat histories were no longer available).
So next I turned to this document on securing MongoDB. That method might work for other versions of MongoDB but it didn't work with 6.0.4 (the MongoDB server refused to start). What I found is that "keyFile" authorization is needed for this version of MongoDB when replica sets are used (which is the default for Sametime).
Create the keyfile:
openssl rand -base64 812 > /opt/st12/mongosec.key
Be sure to also run these two commands on the keyfile or Mongo won't start:
chmod 400 /opt/st12/mongosec.keychown mongod:mongod /opt/st12/mongosec.key
Edit /etc/mongod.conf to tell MongoDB where the file is and enable authorization:
security:
keyFile: /opt/st12/mongosec.key
authorization: enabled
We also need to launch the MongoDB server with "--auth". I've installed MongoDB as a service so that means editing /etc/systemd/system/multi-user.target.wants/mongod.service:
[Service]
Environment="OPTIONS=-f /etc/mongod.conf --auth"
After restarting the MongoDB service (systemctl restart mongod), I can still connect with mongosh but the warnings are gone; if I attempt to run commands, I'm told authentication is required:
To connect with a username:
mongosh mongodb://127.0.0.1:27017 -u sametimeUser
Finally, don't forget to change the default user/pass combination (sametimeUser/sametime) before going live!
Merry Christmas
by Richard Pajerski
Posted on Sunday December 25, 2022 at 12:00AM in General
And she shall bring forth a son: and thou shalt call his name JESUS. For he shall save his people from their sins. (St. Matthew 1:21; Douay-Rheims version).
Image (public domain): The Nativity by Lorenzo Lotto (1523)
Possible bug with triggered NSFDBHOOK events in DOTS (on Windows 2019)
by Richard Pajerski
Posted on Friday December 23, 2022 at 01:13PM in Technology
[February 2023 update: DOTS follow-up, SPR for applet bug]
I recently took advantage of DOTS being back in the Domino 12 server, to replace a Java agent with a scheduled DOTS tasklet and have been pleased with the results. Using tasklets is generally going to be far more efficient than using Java agents in Domino since a JVM is loaded once with the DOTS server task and remains resident in memory until the DOTS task is stopped whereas with each agent invocation a new instance of the JVM is started. There are other benefits to using tasklets over Java agents which I may take up in a future post but for the moment, I've run across an issue on a Windows 2019 server installation.
Although the deployment above uses a scheduled tasklet, I was originally hoping to use the triggered NSFDBHOOK events in order to capture some document saves in (more/less) real time. But while testing on Windows 2019, I noticed that the HOOK_EVENT_NOTE_UPDATE and HOOK_EVENT_NOTE_OPEN events were not being emitted at all or only very infrequently. I had earlier tested the same tasklet on a Domino installation on a Windows 8.1 client and the events fired more/less as expected. Aside from the OS difference, everything about the Domino installations was identical -- with one exception: the Domino program installation directory on the Windows client had no spaces but the Windows server was installed in the default C:\Program<space>Files\HCL directory. Sure enough, after reinstalling Domino on the Windows 2019 server without the space (specifically in C:\Domino), events began firing again. HCL has also reproduced this and may open an SPR.
In the meantime, after working a bit more with those NSF hook events, my impression is that they are not altogether reliable -- or at least, there doesn't appear to be a one-to-one correlation with each document save/open and a DOTS-generated event. Some document saves/opens never fire an event. The source code for the older versions of DOTS is on openntf.org here: https://stash.openntf.org/projects/DOTS/repos/dots/browse/sources but I'm not sure if this is the same code being shipped with the Domino 12 server (though I assume it's pretty close).
If I'm looking in the right place, lines 79 and 80 of the postMessage method (https://stash.openntf.org/projects/DOTS/repos/dots/browse/sources/dotsNSFHook.cpp), have:
STATUS error = MQOpen(queueName, 0, &dotsmq);
if ( error == NOERROR ){
where DOTS presumably intercepts the necessary events from an internal Domino queue. But what if there *are* errors here? Will our DOTS tasklets ever know about them? Maybe errors are unlikely here but perhaps this is the source of some missed events.
Java applets in Notes 64-bit client not loading
by Richard Pajerski
Posted on Wednesday December 21, 2022 at 07:17PM in Technology
[February 2023 update: DOTS follow-up, SPR for applet bug]
A notable aspect of this bug is that there are no error logs (that I could find) to indicate something's wrong. Nothing in the Java Debug console, the IBM_TECHNICAL_SUPPORT folder, log.nsf, etc. You will see the Java coffee cup but I think most end users will not immediately interpret it as a problem: