fighting for truth, justice, and a kick-butt lotus notes experience.

HCL Traveler v11.0.2 released including MySQL support for Traveler HA Pools

 18 November 2020 13:46:44
Traveler 11.0.2 with Build Level 11.0.2.0 Build 202010261910_30 includes fixes for the Traveler server and two new features.

The big news: Traveler 11.0.2 will support MySQL for building Traveler HA Pools (Cluster) as one more option besides IBM DB2 or Microsoft SQL Server.

New Features:


Support for MySQL
Traveler 11.0.2 supports MySQL database for Traveler High Availability mode. MySQL versions 8.0.20 and higher of MySQL Community, Standard, and Enterprise editions are supported.  Traveler servers configured to use MySQL must be running Domino 11.0.0 or higher.

Support of Room Reservations with EAS 16.x Apple Calendar

Traveler 11.0.2 supports updating Room reservations for meetings modified from the Apple calendar.
The Apple device must be using the Microsoft Exchange ActiveSync 16.0 or later protocol (EAS 16.x).
Rescheduling or cancelling a meeting from the device will now reschedule or cancel a related room reservation in the Domino Rooms and Resources Database.
See 'Apple Limitations and restrictions' for support limitations

Updated APNS Certificates
Traveler 11.0.2 includes updated APNS Certificates that replace the certificates shipped with Traveler 11.0.1.  These new certificates expire November 7, 2021.


Database Schema
Traveler 11.0.2 does not include a database schema update, but a new Database Index:

This index was added to prevent duplicate entries in the ts_field_name table.
On the first Traveler startup on 11.0.2 a table repair action will be run to fix and remove duplicate entries if they exist and then add the index. 
However, if you manage your schema manually, you will need to do the following process to add the index:

        1        Run the VerifyIndexes.sql script
        2        If the index IDX_TS_FIELD_NAME_FN fails to be applied because of UNIQUE constraint errors, start traveler to have the table repair action run.
        3        Stop Domino and run the VerifyIndexes.sql again

Included Fixes


KB0082616
Server may exhaust Java memory in environments starved of memory

KB0084142
Apple native Mail app unable to send mails if the user does not have an internet address

KB0084445
HCL Traveler server might end abnormally with Out Of Memory conditions ghosting unprocessed many multi-instance meeting notices for a repeating meeting

KB0084375        
Attachments missing when syncing MIME email that is not multipart

KB0084048        
Error at writing MIME stream, Output Buffer Overflow when NTS_MIME_STREAM_FROM_DEVICE=true

https://support.hcltechsw.com/csm?id=kb_article_view&sys_kb_id=2459a5261b3b9c98beab64e6ec4bcba6


HCL SafeLinx 1.1 released added Support for HCL Nomad and Domino Entitlement

 4 September 2020 15:48:33
WOW! Yesterday HCL finally released the new version 1.1 of HCL Safelinx, which I have been waiting for for a long time.

Image:HCL SafeLinx 1.1 released added Support for HCL Nomad and Domino Entitlement

Among other new features, the new version offers support for HCL Nomad with and the nice gift that the client-less reverse proxy component of SafeLinx can be used FREE of charge as part of the Domino Entitlement for CCB customers.


For all Notes Domino Complete Collaboration Customers, SafeLinx v1.1 is now available as a free entitlement and will be listed under supporting programs. (SafeLinx is available as a standalone to non-Notes-Domino Complete Collaboration customers.) CCB customers can use SafeLinx’s server component without the need for an additional VPN client to securely access their Domino apps from mobile.


SafeLinx acts as a secure reverse proxy that works seamlessly out-of-the-box with Traveler, iNotes, Verse, Sametime, Connections, and now Nomad, too.

SafeLinx is used for central authentication, load balancing and failover.It is usually operated in the DMZ and tunnels HTTP traffic to the internal Traveler or Domino systems.


The special new feature of the Nomad integration is, that the Nomad app only establishes HTTPS connections with SafeLinx and the SafeLinx Traffic Handler performs the protocol conversion to the NRPC protocol on TCP port 1352.
So SafeLinx works as a secure preconfigured  Websocket Proxy for NRPC.
And yes, it will work perfectly together with idVault.
This finally enables the secure use of Nomad without the need for an existing VPN infrastructure and without having to use Domino Passthrough access.
SafeLinx will be an important part for the upcoming Nomad Web solution.


I will post more details about SafeLinx here in the near future and will also hold a 1 hour session next week at the #dnug47online Administration II event.


https://dnug.de/dnug47online-administration-ii-hcl-safelinx-first-steps/


SafeLinx is not new by the way. In IBM's day there was IBM Mobile Connect (IMC), which we introduced and supported for many of our customers to access clustered iNotes or Traveler environments. I set up my first IMC environment in 2009 at a large customer, who still runs it successfully today. IBM unfortunately discontinued IMC four years ago and took it out of active sales.
HCL has now brought IMC back to life and expanded it, which makes me very happy, because IMC was a really great solution. Many of our customers love it and continue to run IMC despite IBM's discontinuation and are now looking forward to connecting SafeLinx to Nomad as well as Traveler.  

And a special thank to the SafeLinx Team at HCL - You guys are rock stars!


Details about the SafeLinx release can be found here:

 

https://blog.hcltechsw.com/domino/new-release-hcl-safelinx-1-1-secure-vpn-services-for-cloud-or-on-premise/

    HCL Traveler 11.0.1 FP1 aka 11.0.1.1 released with fix for calendar notice routing when Traveler is in additional Domain

     2 Juni 2020 17:59:29
    Traveler 11.0.1 Fix Pack 1 with Build Level 11.0.1.1 Build 202005211639_30 includes fixes for the Traveler server and two new features.

    New Features:

    Support for Microsoft SQL Server 2019

    Traveler 11.0.1 Fix Pack 1 has been validated with Microsoft SQL Server 2019 as the Traveler server database when running in high availability mode.  

    Changes in calendar notice routing

    A side effect of the server support for Exchange ActiveSync (EAS) 16.1 introduced with Traveler 11.0.0 is that meeting notices from the Apple calendar application on these devices are sent using the Traveler server's mail.box. Routing failures can occur if the Traveler server is not configured to route mail to and from the mail servers. Meeting notices from the HCL Verse client on Apple devices are not impacted as these notices are still routed via the mail server mail.box. In configurations where customer wants to avoid routing these notices though the Traveler server then in this fixpack there is a new notes.ini setting NTS_AS_SEND_NOTICES_FROM_MAIL_SERVER that can be used to route the notices via the user's mail server mail.box. Note that this setting does not apply to notices sent from HCL Verse mobile clients.

    Included Fixes:

    TRAV-4582        Traveler warning Unexpected tag in Options: Class

     
    Details:

    Exchange ActiveSync 14.0 moved the Class XML element for GetItemEstimate commands from being a child of Collection to a child of Options which is a child of Collection. Traveler was not looking for Class as a child of Options and was logging a warning indicating an unknown child of Options was detected on the GetItemEstimate request. Traveler now expects Class to be a child of Options and no longer logs an incorrect warning. Traveler does not use the Class value, so there is no functional change - only no longer incorrectly logging the warning.


    TRAV-4519        Display name of groups with / on their names

     
    Details:

    Display names for email addresses have been compacted by Traveler to the content before the first forward slash to save user interface space on the devices. However, some customers have asked that the full display name be used, so new notes.ini's have been added to give customers more display name options.

    NTS_ADDRESSCACHE_ENCODING_DISPLAY_NAME_COMPACT controls the display name for addresses that are not internet addresses and need to be encoded as described in "Address encoding for Microsoft Exchange ActiveSync devices" of the Traveler documentation. The default is true which means the display name is the content up to the first forward slash.

    NTS_ADDRESSCACHE_DISPLAY_NAME_COMPACT controls the display name for all other (not encoded) addresses. The default is true which means the display name is the content up to the first forward slash.


    TRAV-4372        Provide an option to avoid routing meeting notices via the Traveler server's mail.box when making changes from the Apple iOS or iPadOS Calendar application

     
    Details:

    Invitations and other meeting notices will be routed via the Traveler server's mail.box when the meeting chair creates or updates the meeting from an Apple iOS or iPadOS Calendar application on a device syncing with Microsoft Exchange ActiveSync 16.0 or 16.1. This is the default behavior for HCL Traveler version 11.0 and later (note that there was no change in meeting notice routing from HCL Verse mobile clients). Failure to have routing and connection documents configured on the HCL Traveler server to/from the mail servers can prevent meeting notices from being received by the chair and/or invitees of the meeting.  To avoid routing these notices through the HCL Traveler server, the notes.ini setting NTS_AS_SEND_NOTICES_FROM_MAIL_SERVER can be set to True to route the notices via the user's mail server mail.box. Product documentation will be updated with this new setting.


    Hints:
    Note for customers that manage their database schema: Traveler 11.0.1 Fix Pack1 does not include a database schema update.
    Traveler 11.0.1 FP1 Database Schema Level: 20190922
    However prior releases did include database schema updates (for example: Traveler 11.0.0 did include a schema update).  Depending upon what level of Traveler server you are upgrading from, there may be a database schema update required.


    Traveler 11.0.1 Fix Pack 1 can be used to install a new Traveler environment or update an existing Traveler environment running Domino 9.0.1.x, Domino 10.0.x, or Domino 11.0.x without requiring a Domino upgrade. It is always recommended to keep Domino at the latest level.  If updating Domino to 11.0.1.x, a minimum of Traveler 11.0.1 is required.


    More Details:
    https://support.hcltechsw.com/csm?id=kb_article_view&sys_kb_id=e5c7a0671b7858500dabfe6fdc4bcb47


    LE4D & Domino 11.0.1 on Windows issue - Problem importing certificates into keyring

     14 April 2020 10:35:58
    Due to an issue with the JVM installed with Domino V11.0.1, Let's Encrypt 4 Domino a.k.a LE4D throws an error, when the tool tries to import the new / renewed certificate into the Domino keyring file.
    It's only an issue when running the Domino server on Windows.


    The agent calls the kyrtool and passes the required parameters to the tool.


    On the Domino V11.0.1 console, you will see an error


    13.04.2020 06:48:52 Agent error: java.io.IOException: Cannot run program "cmd.exe": Malformed argument has embedded quote: "d:\domino\kyrtool.exe" create -k "d:\domino\data\eknori_staging.kyr"

    13.04.2020 06:48:52 Agent error: at java.lang.ProcessBuilder.start(ProcessBuilder.java:1048)

    13.04.2020 06:48:52 Agent error: at java.lang.Runtime.exec(Runtime.java:621)

    13.04.2020 06:48:52 Agent error: at java.lang.Runtime.exec(Runtime.java:486)

    13.04.2020 06:48:52 Agent error: at de.midpoints.le4d.tools.CommandProcessor.executeCommand(CommandProcessor.java:11)

    13.04.2020 06:48:52 Agent error: at de.midpoints.le4d.manager.Le4dManager.runKyrTool(Le4dManager.java:623)

    13.04.2020 06:48:52 Agent error: at de.midpoints.le4d.manager.Le4dManager.run(Le4dManager.java:205)

    13.04.2020 06:48:52 Agent error: at de.midpoints.MPStarter.NotesMain(MPStarter.java:16)

    13.04.2020 06:48:52 Agent error: at lotus.domino.AgentBase.runNotes(Unknown Source)

    13.04.2020 06:48:52 Agent error: at lotus.domino.NotesThread.run(Unknown Source)

    13.04.2020 06:48:52 Agent error: Caused by:



    The problem is not in the LE4D code itself, because it runs on Domino V9.0.1FP10 and also on Domino V10.x and also on Domino V11.

    It seemed to stop working after upgrading the server to V11.0.1, because of an update to a newer JVM version (>1.8.0_231-b11).


    HCL already published a Technote about the issue:


    https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0078230

    To fix the error in Domino V11.0.1 do the following


    If not already in place, create a new text file javaOptions.txt in the Domino DataDirectory


    Add the following line to the javaOptions.txt file ( If you already have a javaOptions file, append the new entry to the existing lines in the file)


    -Djdk.lang.Process.allowAmbiguousCommands=true


    Save javaOptions.txt


    Add the following line to the server notes.ini


    JAVAOPTIONSFILE=D:
    \YourDominoDataDir\javaoptions.txt


    Hint: Add the fullpath to the javaoptions.txt, otherwise the file will not be used. On Windows use a Backslash.

    Restart the server


    When you now run the LE4D tool, everything should work!


    We will update the LE4D documentation in the next few days.


    HCL Traveler 11.0.1 released with support for Cross Domain ID-Vault

     31 März 2020 18:38:49
    HCL Traveler 11.0.1 is a feature release that includes new features and bug fixes for the Traveler server.

    Traveler 11.0.1 can be used to install a new Traveler environment or update an existing Traveler environment running Domino 9.0.1.x, Domino 10.0.x, or Domino 11.0.x without requiring a Domino upgrade
    .

    (Although it is always recommended to keep Domino at the latest level.)


    Database Schema


    Traveler 11.0.1 does include a database schema update.


    New Features

    Support for Microsoft SQL Server 2017
    Traveler 11.0.1.0 has been validated with Microsoft SQL Server 2017 as the Traveler server database when running in high availability mode.  

    Updated APNS Certificates
    Traveler 11.0.1 includes updated APNS Certificates that replace the certificates shipped with Traveler 10.0.1.2.  These new certificates expire February 13, 2021.

    Support for cross-domain ID vault
    When working with encrypted mail, Traveler now supports retrieval of a user's Notes ID file from an ID vault that is in a different Domino domain than the Traveler server.
    More details can be found here: https://help.hcltechsw.com/traveler/11.0.0/Plan_Domino_domains.html

    Fix List


    TRAV-4441 Traveler server shows thousands of errors are logged in the Domino console

    When Traveler encounters problems accessing the UnreadTable for a user or users, a large number of severe errors are logged to the console.  This fix reduces the severe logging for UnreadTable access errors.

    TRAV-4383 Server crashes since upgrading to Traveler 11.0

    After upgrading to Traveler 11.0, servers started crashing with LSXBE: ****** Out of Backend Memory ******* errors in the console. Fix addresses memory leak associated with these crashes.

    TRAV-4348 APNS push notifications working only for HCL Verse for iOS

    Starting with Traveler 11.0.0, applications other than Verse for iOS that use APNS notifications (Verse for Citrix, To Do, MaaS360 and Third Party registered applications such as Virtual Solutions SecurePIM client) were having those notifications rejected by the Apple APNS servers with the rejection reason of "DeviceTokenNotForTopic". This fix corrects the topic to be correct for all applications using APNS notifications.

    TRAV-4331 Traveler server reporting red status due to native memory usage on Microsoft Windows Servers

    The Traveler server method of calculating native (C) memory usage in the Windows environment was incorrectly leading to Traveler reporting a red status for native memory usage.  Traveler has changed to use the Traveler process memory instead of total system virtual memory for C memory usage calculations on Windows servers.

    TRAV-4314 Add Outlook (IMSMO) client safety that sets push flags if SyncML gets to 50 messages

    To protect itself from stack overflow issues, the IMSMO client will stop the sync after 50 SyncML messages to then start a new sync. There are some cases where the client does not start a new sync but does connect to push on the server. The push flags are already cleared based on the sync (as they should be), so the client does not sync again until some other data is changed such as receiving a new email. This changes the server to set the push flags for the IMSMO client if the sync reaches the 50th SyncML message so that if the client does not sync again but does connect to push, push will cause the needed sync to be started.

    TRAV-4307 After an upgrade to Traveler 11.0.0.0, when running with the Derby database, some devices were missing contacts/calendar/email

    When running Traveler server with the Derby database, a re-sync of a user's device with a large number of customer folders may take too long for the folder sync request.  This can prevent the user's calendar, mail, and contacts from syncing to the device. A database indexing hint was added to reduce sync times. This problem can occur in versions including and prior to Traveler 11.0.0.0.

     TRAV-4239 Mail sent appears to sender to be 1 hour off

    Changed the way the Traveler server checks for daylight savings time support on startup in order to prevent a problem with the Casablanca and El Aaiun time zones logging severe errors about a mismatch in DST support.

     TRAV-3733 Update APNS p12 files that expire in June 2020

    Traveler 11.0.1.0 includes updated APNS Certificates that replace the certificates shipped with Traveler 10.0.1.2.  These new certificates expire February 13, 2021.

    TRAV-2984 Traveler reports red status due to severe message flood from EventContainer.maintainSeqNumbers

    Reduced the log level of a frequent error caused by processing events with corrupted sequence numbers.


    Details:
    https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0076377


      Running the Sametime 11 Proxy as a Windows Service

       12 März 2020 13:50:56
      The new HCL Sametime 11 Proxy server is based on the Tomcat Runtime and is really great:

      simple to install
            Just extract the installation package to the target directory and you are done

      simple to configure
           Execute the install.bat from a command line and answer a few questions (location of the Community and Mongo Database server)

      easy to start
           Open a command line and execute the startup.bat

      But if you are on Windows, you would like to run the Proxy as a Windows Service.
      Because starting the Proxy from a command line will stop the Proxy, when you log off.

      At the moment it is not possible to run the Proxy as a Windows service.
      The reason is the leightweigt stripped down Tomcat package delivered by HCL, which does not include a service.bat oder tomcatxx.exe file.
      This files will be used to register Tomcat as a Windows service.

      HCL already published a Knowledge Base article about this issue; https://hclpnpsupport.hcltech.com/csm?id=kb_article&sysparm_article=KB0074805

      There is a workaround until HCL will provide an update for the Proxy, which is already scheduled.

      You can use the Windows Task Scheduler to start the Tomcat server automatically on system start. The Tomcat / Sametime Proxy will not run as service, but will be automatically start after a reboot and will run in the background.

      To do that:

      Open the Windows Task Scheduler on your Windows Server

      1. Create a new Simple Task

      2. Name of the new Task:  Autostart Sametime Proxy

      Image:Running the Sametime 11 Proxy as a Windows Service

      3. Trigger: On System Start

      Image:Running the Sametime 11 Proxy as a Windows Service

      4. Action: Execute a Program

      Image:Running the Sametime 11 Proxy as a Windows Service

      5. Program/Script:  cmd
          Arguments: /c C:\HCL\SametimeProxy\bin\startup.bat
       Image:Running the Sametime 11 Proxy as a Windows Service

      6. Click next and save the new task.
          On the summary page, set the option to open the properties of the new task.

      Image:Running the Sametime 11 Proxy as a Windows Service

      7. View the properties of the created task and change the Security options
          - Change Start As to the system account.


      Image:Running the Sametime 11 Proxy as a Windows Service

      To do that: Click the "Change User or Group" button

      Make sure "From this location" is set to the local machine name (to change click "Locations" button and select the local computer name)
      Type "SYSTEM" in the text box and press ok .
      Under "When running the task, use the following user account:" you should see "NT AUTHORITY\SYSTEM".

      Image:Running the Sametime 11 Proxy as a Windows Service

      Set the option: Start with highest privileges
      Set the option: Configure for "Windows Server 2012" or "Windows Server 2016"


      Finally add a new system environment variable CATALINA_HOME pointing to the Sametime Proxy install directory.

      Image:Running the Sametime 11 Proxy as a Windows Service

      That's it. Reboot your machine and the Proxy should start automatically.

      When opening the Task Manager, you should see a JAVA.EXE running.




       


      Traveler 11 and ActiveSync 16.1 - What to expect after upgrade with iOS devices using Apple native apps

       12 Februar 2020 09:21:33
      After some discussions with the HCL Traveler team regarding seen issues after upgrading to Traveler 11 with iOS devices using the Apple native mail app, HCL published an detailed article.

      The article describes, what happens in the background on the device, when the Traveler 11 Server is started after the update and from then on uses version 16.1 for iOS devices instead of the previous ActiveSync 14 version.


      Introduction

      This article applies to devices syncing with the iOS Mail, Calendar, and Contacts apps only. The HCL Verse app on iOS is not affected by this change.

      Sync changes in Traveler 11

      Traveler 11.0.0 enables support for Microsoft Exchange ActiveSync (EAS) 16.1, the latest version of the protocol used to sync data to the Apple iOS Mail, Calendar, and Contacts apps. All supported versions of iOS already support EAS 16.1, so iOS devices will automatically use it after sending an HTTP Options request to get the protocol versions from the server. In order for an existing profile to switch to EAS 16.1, the device must then send an EAS Settings request to the server. Devices send these requests periodically already, but there is no way to know when exactly it will happen - sometimes only minutes after the server is upgraded, but it can be days later. We found that restarting the device usually causes the app to send the needed requests, making that a more reliable path of trying to get an existing account to upgrade to the new protocol version.
       
      Explanation

      Known upgrade scenarios

      1. Immediate or eventual upgrade of Mail, Calendar, and Contacts:

      The device will continue to use the previous version of the protocol (14.1) until eventually sending Options and Settings requests. Once the device receives the server response, it removes calendar and contacts data from the device storage and performs a folder sync, followed by resyncing of calendar and contacts to repopulate the data. In this scenario, mail does not get resynced to the device but begins syncing with EAS 16.1 at the same time as the other data types.

      Note:
      We have identified an issue affecting Traveler environments using Derby with users that have many folders (>500). These users may not be able to complete a folder sync due to the device restarting the sync before the sync is finished. If this problem occurs during upgrade to EAS 16.1, the user will be missing calendar and contacts data on the device, as well as any new mail changes since the folder sync started. This problem is not specific to Traveler
      11 or EAS 16.1, but is noticeable due to the upgrade to 16.1 triggering the folder sync. This issue will be fixed in Traveler 11.0.1 and a hotfix can be requested by opening a support ticket and referencing issue TRAV-4307.

      2. Immediate or eventual upgrade of Mail only, resulting in a partial upgrade scenario:

      We have seen cases where the device sends the Options request but only uses the new protocol level for mail. No data types resync in this case, and the device will later upgrade to 16.1 after sending a Settings request (see
      scenario 1).

      3. Restarting the device to trigger an upgrade of Mail, Calendar, and Contacts:

      Instead of waiting for the device to send the Options and Settings requests, a restart usually triggers them instead. This scenario is the same result as scenario 1, but the timing is immediately after the device is restarted.

      4. Immediate or eventual upgrade causing Mail to resync:

      In some cases, we have had reports of a user's mail resyncing to their device upon upgrade to EAS 16.1. It is not known yet what causes the device to request a resync of mail (in addition to calendar and contacts).

      Limitations
      Once a device begins using the new protocol version, the user cannot sync with a Traveler server that does not support EAS 16.1 (such as Traveler 10.0.1).

      Support of the new protocol level can be disabled on the server by adding NTS_AS_PROTOCOL_VERSIONS=2.5,12.0,12.1,14.0,14.1 to each Traveler server's notes.ini file. Devices which have already upgraded to using the new protocol may be left unable to sync until they are reconfigured or reset by an administrator. Disabling support of EAS 16.1 is not recommended for the following reasons:

              •        Some device-side problems have been fixed by Apple for EAS 16.1 only.
              •        Apple may not provide support for problems experienced using a device syncing with EAS 14.1.
              •        Current features such as drafts sync and viewing attachments on calendar entries are only available for devices syncing with EAS 16.1.
              •        Other features planned for future Traveler releases will only be available for devices syncing with EAS 16.1.

      Troubleshooting

      If you receive a report of one or more devices that are not upgrading as expected, avoid downgrading Traveler to a previous version or issuing a reset for all devices. Problems occurring during this upgrade scenario are not usually resolved by resyncing the data, and the reset adds unnecessary transactions to both the server load and the logs that support may need to review.

       Troubleshooting steps:

              1        Ask the user to turn the affected device off and back on again.
              2        If step 1 does not resolve the issue, ask the user to soft reset the device (see https://support.apple.com/guide/iphone/force-restart-iphone-iph8903c3ee6/ios).
              3        If step 2 still does not resolve the issue, ask the user to toggle Calendar and Contacts off and back on from their Traveler account under Passwords & Accounts in the Settings app.
              4        If the issue is still occurring, add the user to the finest level logging list by issuing the tell traveler log adduser finest <User Name> command to the Traveler server.
              5        Open a case with our support teams.
              6        Remove the user from finest logging after the issue is resolved with the tell traveler log removeuser <User Name> command.



      via: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0075083



       

      Traveler 11 HTTP-2 Push changes in detail - Review before updating

       5 Februar 2020 10:06:24
      During the first HCL Traveler 11 updates, Daniel Nashed and I stumbled upon a possible problem, that Apple APNS notifications no longer work after the Traveler 11 update.

      To cut a long story short: BEFORE updating, check your firewall rules / forward proxy configurations for OUTGOING connections.


      Daniel and I have both posted a joint blog post here - both on his and mine blog:


      Beginning with Traveler 11 the new push API is used -- >
      https://developer.apple.com/news/?id=11042019a
      This is the new recommended push service from Apple which every service should use.
      The older API will be available until November 2020!

      There is no change needed to change to the new API and Traveler uses the new push API by default.

      But your infrastructure also needs to be ready for this change!


      If you want to disable the new API and have to go back to the "legacy API", because you can't change your infrastructure right now, there is just one notes.ini parameter that you need to set:


      NTS_PUSH_APNS_HTTP2=false


      But you should only use this as a very temporary solution and switch to the new push API as soon as you can.


      The statement in release documentation is quite short and doesn't go into the details of what this might mean for your environment. Let me explain the changes in detail:



      New Protocol HTTP/2


      If you are behind a proxy, you have to check if your proxy supports the  HTTP/2 protocol!  You might run into connectivity issues.



      Port change from 2197 to 443


      The new port used is the standard HTTPS port 443 instead of  the APNS "legacy" port 2197.

      You have to check your firewall if the port is open! Usually network admins are more happy with the standard port 443 but it might not be open in your environment by default!


      The new HTTP/2 Push services is also available on port 2197 on the new servers to allow a more smooth migration.

      There are NTS parameters you could use to change the default port 443 to the old legacy port if you really need to.


      There are specific settings for each different push service and they look like this:


      Example for the Verse app: NTS_PUSH_APNS_APPLE_VERSE_IBM_PRODUCTION_SERVER_PORT


      If you don't set the parameter explicitly the NTS_PUSH_APNS_HTTP2 will take care of changing the port to 443 for all push Apple services.

      So this is more a work-around which you should only use for example if it takes time to change your firewall.



      Change from gateway.push.apple.com to api.push.apple.com


      Also the target servers have changed. Before Apple used gateway.push.apple.com and switched to api.push.apple.com
      Usually there isn't any change needed in your infrastructure. I checked which servers are currently behind the DNS entries and they are coming from the same netblock at Apple (see references below).


      Conclusion


      You really have to check your environment to see if you are prepared for new APNS HTTP/2 API.

      Not having the right prerequisites isn't a reason to not update to Traveler 11. You could use the legacy API for a couple of weeks or some of the settings above might help you to get it working for your environment.

      If your environment uses APNS Push, you have to migrate your environment to Traveler 11
      before November 2020!



      References:



      Developer Information for APNS


      https://developer.apple.com/documentation/usernotifications/setting_up_a_remote_notification_server/sending_notification_requests_to_apns/

      Current DNS Settings
      :


      gateway.push-apple.com.akadns.net

      Aliases: gateway.push.apple.com

      17.188.142.26
      17.188.140.27
      17.188.128.157
      17.188.132.21
      17.188.130.28
      17.188.133.27
      17.188.136.22
      17.188.138.21


      api.push-apple.com.akadns.net

      Aliases: api.push.apple.com

      17.188.161.182
      17.188.161.11
      17.188.161.203
      17.188.160.13
      17.188.164.15
      17.188.162.16
      17.188.163.207
      17.188.161.13


      Whois Extract for Apple Net-Block


      NetRange:       17.0.0.0 - 17.255.255.255
      CIDR:           17.0.0.0/8
      NetName:        APPLE-WWNET
      Organization:   Apple Inc. (APPLEC-1-Z)

      Bye-Bye IBM iKeyman - welcome Java keytool

       16 Januar 2020 13:14:04
      It seems that HCL has removed the old IBM iKeyman tool from the Notes Domino 11 installation packages.

      iKeyman can be used to make changes in Java Keystore files. For example to add a trusted root certificate to the cacerts.


      For HCL it makes sense to remove the IBM legacy files and tools. With the installed JVM, the standard Java keytool is installed, which can also be used to edit the keystore files.


      The keytool is located in the Domino program directory in the subfolder JVM/BIN. It is available for Linux and Windows.


      Here is an example to add another Trusted Root CA - here a DigiCertGlobalRoot - to the cacerts file with the keytool:



      /opt/ibm/domino/notes/latest/linux/jvm/bin/keytool -import -trustcacerts -keystore /opt/ibm/domino/notes/latest/linux/jvm/lib/security/cacerts -storepass changeit -alias DigiCertGlobalRootG2 -import -file /tmp/DigiCertGlobalRootG2.pem



      For the keytool syntax and more examples, check out:
      https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html


      Issue with HCL Verse for Android and Traveler 11

       14 Januar 2020 09:43:10
      If you are planing to upgrade to HCL Traveler 11 and you are using Android devices:

      Please wait until an updated app of HCL Verse for Android will be available via Google Play Store. It's planned to be released tomorrow Wed Jan 15th.


      A question was asked on the HCL support forum ( https://bit.ly/3a2hiWt ) because after upgrading Traveler to V11 just calendar entries have not been synced to Android devices.
      The cause has been located and will be fixed like mentioned as answer:

      We have determined the cause of this issue and have a fix for it in the HCL Verse Android Google Play Store beta slot. We are beginning the production deployment of the fix via the Google PlayStore at this time which should complete by Wed Jan 15th. This issue can affect Verse Android client apps with versions from 10.0.11->10.0.13 and is fixed in the 11.0.0 version (202001092238) of the app.

      If a single user is experiencing this issue, the simplest solution is to have them open the Verse App on their device and click the overflow menu in the upper right hand corner of the UI and select Tools->Replace Data and select “Mail and Calendar”. Once the Replace Data is complete, the issue will be resolved. For larger sets of users the suggestion above using “traveler reset” can be used.


      via Rainer Brandl  
      https://brandlrainer.info/2020/01/13/verse-app-10-0-13-0-on-android-is-not-syncing-calendar-entries-after-upgrade-to-traveler-11/

      Archive