fighting for truth, justice, and a kick-butt lotus notes experience.

    Traveler 14.0.0 FP1 available and why you should update to it

    Detlev Poettgen  August 29 2024 08:53:36 AM

    HCL Traveler 14.0.0 FP1 includes a new APNS certificate and beside other fixes an important security update.


    It is recommend to upgrade your Traveler servers, because of a known security issue, which will be fixed with 14.0.0 FP1:


    HCL Traveler is susceptible to a denial of service attack through the included jsoup library. Affected are all HCL Traveler versions 14.0.0.0 and below.

    Details can be found here:
    https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114743


    Traveler 14.0.0 FP1 can be used to install a new Traveler environment or update an existing Traveler environment running Domino 11.0.x, or Domino 12.0.x without requiring a Domino 14.0 upgrade
    .

    (Although it is always recommended to keep Domino at the latest level.)


    Database Schema


    Traveler 14.0.0 FP1 does not include a database schema update.
    Database Schema Level of Traveler 14.0.0 FP 1 is  20230417.


    Updated APNS Certificate for iOS


    The download package includes an updated APNS certifiacte valid until June 21, 2025.

    For older Traveler versions, you can download and update the APNS certificate manually. Take a look at  
    https://my.hcltechsw.com/downloads/domino/traveler/14.0 where you can find a Traveler_APNS_Prod.zip file.

    New Features


    Fix List

    KB0115444
    Tell traveler dbmaint run command results in system exception error message


    KB0115512
    Traveler server status should change if http is not running


    KB0115443
    Free time can be off by 15 or 30 minutes when the invitee has a meeting with an unusual start time


    KB0114855
    Mail missing signed attachment


    KB0112441
    All day events appearing on the wrong date on iOS native Calendar


    KB0114743
    Security update


    Details:

    https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110147


      Apple - Deaktivierung der Aktivierungssperre via Apple Business Manager

      Detlev Poettgen  June 25 2024 09:32:26 AM

      Apple hat gestern bereits die neue Funktion im Apple Business Manager aktiviert, um für Geräte die Aktivierungssperre deaktivieren zu können.

      Darüber werden sich viele unsere Kunden freuen!

       Image:Apple - Deaktivierung der Aktivierungssperre via Apple Business Manager

      Es gibt immer wieder Probleme mit zurückgegeben Geräten, welche die Aktivierungssperre aktiviert haben und diese nicht mehr deaktiviert werden kann.

      Bisher blieb hier meistens nur der Weg über den Apple Support, um eine Aktivierungssperre zurücksetzen zu lassen.

      Für Geräte die noch im Apple Business Manager als DEP Geräte (Device Enrollment Program) registriert sind, ist es jetzt möglich den Status der Sperre anzeigen zu lassen und auch die Sperre wieder zu deaktivieren.

      Hierbei ist es egal, ob das Gerät sich noch im MDM befindet oder nicht.
      Solange das Gerät noch dem Apple Business Manager der Firma zugeordnet ist, kann die Aktivierungssperre deaktiviert werden.

      Ein wichtiger Grund mehr endlich alle Apple Firmengeräte in das DEP aufzunehmen!





      HCL Traveler 14.0 released

      Detlev Poettgen  Dezember 8 2023 09:11:18 AM
      HCL Traveler 14.0 is a feature release, that includes new features and bug fixes for the Traveler server.

      Traveler 14.0 can be used to install a new Traveler environment or update an existing Traveler environment running Domino 9.0.1.x, or Domino 12.0.x without requiring a Domino upgrade
      .

      (Although it is always recommended to keep Domino at the latest level.)


      Database Schema


      Traveler 14.0 does include a database schema update to Database Schema Level 20230417.


      Updated APNS Certificate for iOS


      The download package includes an updated APNS certifiacte valid until November 14, 2024.

      For older Traveler versions, you can download and update the APNS certificate manually. Take a look at  
      https://my.hcltechsw.com/downloads/domino/traveler/14.0 where you can find a Traveler_APNS_Prod.zip file.

      New Features


      Clear the sync anchors for a device from the Traveler home page

      If enabled by the administrator, the Traveler home page provides a set of commands that the user can execute for the user or the user's devices.
      New to this release is the option to clear the sync anchors for a user's device(s). This is a light weight option to trigger a device to resync the data (mail, calendar, etc).

      Verifying the Traveler mail file replica list

      Traveler maintains a list of mail file replicas in the Traveler database.
      This list is dynamically built from the information in the cluster directory and, in the case that the mail file algorithm requires mail files to be local (e.g. NTS_MAIL_SERVERS_ALGORITHM=LOCALONLY), mail files detected on the traveler servers.
      A new form of the Bind command, verifyLocalOnly has been added to verify the accuracy of the list of replicas for a user (or all users) and ensure that users are bound to a traveler server with a mail file replica.

      Security improvements to the Traveler home page

      Inline CSS styles and JavaScript were removed from the Traveler home page to support a more secure Content-Security-Policy header.
      Environments with an existing Content-Security-Policy header set for the Traveler home page should remove the 'unsafe-inline' values of the style-src and script-src policy directives and set them to 'self' instead.

      Fix List

      KB0103688

      Smart Forward/Reply: Rich Text mail attachment for Forward/Reply without attachments has image and broken content
       

      KB0104294
      Unable to deselect devices in Device Security view in web-based administration (lotustraveler.nsf)

      KB0104467
      User locale based values such as date formats may be incorrect if the HTTP Accept-Language header name is not exactly Accept-Language

      KB0106643
      Message with non existent product name in Czech

      KB0107519
      Traveler replica information is missing or incorrect; bind verifyLocalOnly enhancements

      KB0108246
      Smart Reply or Smart Forward to a mail with Content-Disposition header on the original mail causes SMTP error

      KB0105587

      Do not assume a Traveler server has a local mail replica if the Traveler server is unreachable


      Details:
      https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103462


      Zeit zu handeln - macOS 12.5.1, iOS 15.6.1 und iPadOS 15.6.1 verfügbar

      Detlev Poettgen  August 19 2022 08:42:55 AM
      Apple hat am Mittwochabend kurzfristig Updates für iPhone, iPad und Mac veröffentlicht.
      Grund sind zwei Sicherheitslücken, zu denen dem Konzern laut eigenen Angaben Berichte über aktive Exploits vorliegen.

      Die neuen Versionen sind iOS 15.6.1 und iPadOS 15.6.1 für iPhone und iPad sowie macOS Monterey 12.5.1 für den Mac.

      Image:Zeit zu handeln  - macOS 12.5.1, iOS 15.6.1 und iPadOS 15.6.1 verfügbar

      Apple hat inzwischen auch Updates für ältere macOS Versionen bereitgestellt.

      Über die mit den Updates geschlossene Lücke, kann über eine manipulierte Website (beziehungsweise ein schlicht in WebKit ausgeführter manipulierter Web-Inhalt) beliebiger Code ausführen. Mit welchen Rechten das geht, führt Apple nicht aus.

      Apple empfiehlt eine baldige Installation!


      Da bereits einige unserer Kunden mich darauf angesprochen, möchte hier auch nochmal auf diesem Wege informieren und auffordern die vorhandenen iOS und macOS Geräte asap zu aktualisieren.

      Weitere Informationen:


      https://www.heise.de/news/Aktive-Exploits-macOS-12-5-1-iOS-15-6-1-und-iPadOS-15-6-1-verfuegbar-7223549.html

      DAOS problems after update to Domino 12.0.1 IF1 with reproducible server crash

      Detlev Poettgen  Februar 15 2022 03:06:38 PM

      Preliminary:




      Based on the experience below, when using DAOS on Domino Server 12.0.1 IF1, I cannot currently recommend and would wait until this is resolved before updating to Domino 12.0.1.

      We have a support case open with HCL on this and hope this can be resolved quickly.

      Update 2022-02-16:
      HCL already looked into it and offered us via the Case a new hotfix  (HF24). So if you already run into the same issue, you should open a Support Case and request the hotfix, too.

      Update 2022-02-22:
      HCL published a new Technote today:
      https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096771

      HCL developers are actively working on these issues. Our Performance team was able to reproduce these issues under a heavy workload and is in the process of testing our fixes under that workload.


      If you are encountering any of these issues or something similar, please open a Support ticket to have your issue analyzed and escalated. (Include console logs and NSD if applicable.) If your issue is determined to be one of the issues that HCL has tested and verified, Support can provide a hotfix to you.


      HCL will produce a 12.0.1 IF2 release containing the fixes as soon as possible.



      Update 2022-03-05:
      HCL published a new 12.0.1 IF2, which contains four DAOS fixes.


      DCKTCARNVR        Fixed an issue where error may result in long held locks on daoscat.nsf during replication
      SPPPCAMM6Y        Fixed an issue where there were multiple locks on daoscat.nsf

      HPRHCASE7N        Fixed Domino crashes related to DAOS

      BSPRCBQLLJ        Fixed deadlock and performance issues related to DAOS


      We are planing to try IF2 during this week to see if our issue is solved with the IF2 too.


      Update 2022-04-13:
      The update of the Domino servers to Domino v12.0.1 IF2 was successfull and without any DAOS issues.
      So if you are planning to upgrade to Domino v12.0.1 you should install IF2.
      If you are already running 12.0.1 you should install IF2, too.

      On last hint and leason learned: If you will need to rebuild the DAOS catalog because it's corrupted or missing, you should execute the command offline. Not from the console, when the server is up and running.



      So what happened?


      After a successfull update installation from v11 to Domino v12.0.1 and Interimsfix 1 (Hotfix 11), the first restart was normal.
      But after about 30 minutes "Long Held Lock Dump" appears and a while later the server was unresponsive for users.


      On the server console we saw many messages like this:

      [22C4:0142-27D8] LkMgr BEGIN Long Held Lock Dump ------------------
      [22C4:0142-27D8] Lock(Mode=X  * LockID(CONTLONGKEY DB=f:\Domino\data\daoscat.nsf RRV=14545618 len=48 hKey=0xC0190341 SkipLastDWORD)) Waiters countNonIntentLocks = 1 countIntentLocks = 0, queuLength = 2
      [22C4:0142-27D8]    Req(Status=Granted Mode=X Class=Manual Nest=0 Cnt=1 0000
      [22C4:0142-27D8]        Tran=0 Func=N/A x\ehashr6.c:899 [27C8:0002-000000000000275C])



      After restarting and checking the daos status, we observed that the the daos status is out of sync. After this we submitted a load daosmgr resync.
      But the resync didn't come to an end and the server was unresponsive again, showing these messages:

      semaphore invalid or not allocated


      Notes client were no longer able to connect to the server and even the Server Console was not able to send console commands any more.

      After all we decided in our situation to downgrad back to 11.0.1FP4, rebuildt the daoscatalog and no more errors occured.


      The same behavior occurred on a second large mail server as well. And led to the fact that this server was also no longer available for clients and could only be terminated hard via nsd -kill.


      The problem should be solved with 12.0.1 IF1, but unfortunately it is not:


      https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095401

      Just say thank you - HCL Ambassador Nomination 2022 is open until 31 Oct

      Detlev Poettgen  Oktober 29 2021 07:41:01 AM

      The HCL Ambassador award is an important and nice thank you from HCL to recognize deserving members of the community.
      We all benefit from blog posts, tweets or talks. It is important to remember that some of the bloggers and speakers at the various events do this voluntarily (mostly in their free time) and are happy to share their knowledge with others.


      The HCL Ambassadors nominations are open on October 1 (End – 31 October)

      Take a few minutes to fill out the online nomination form - it does not hurt

      https://hclsw.co/ambassador-nomination

      You can nominate yourself or someone else.

      If you want to nominate ME, I would be happy. Permission is hereby explicitly granted. 
      Thanks in advance.

      I have now "say thank you" three times and have nominated three members of the HCL Notes / Domino community that I hold in high esteem to be HCL Ambassadors.

      More about the HCL Ambassador Program can be found here:

      https://www.hcltechsw.com/about/hcl-ambassadors

      HCL SafeLinx Administrator - Display Issues

      Detlev Poettgen  September 6 2021 01:16:41 PM
      If you are using the HCL SafeLinx Administrator client on Windows, you may be will  see some display issues.

      Here is an example:


      Image:HCL SafeLinx Administrator - Display Issues

      Selection lists are not displayed correctly and option selection is not possible.


      The reason for this is easy to find and to solve:

      SafeLInx Administrator running on Windows requires a Java Open JDK version 8!  


      Like mentioned in the documentation:
      https://help.hcltechsw.com/safelinx/1.2/adminguide/installing_the_gatekeeper.html


      If a newer version like Java OpenJDK v16 is installed, you are hit by the issue.


      So install JDK v8 and it will be fixed.


      Image:HCL SafeLinx Administrator - Display Issues

      Download URL of the JDK v8:

      https://adoptopenjdk.net/releases.html?variant=openjdk8&jvmVariant=hotspot


      HCL SafeLinx 1.2.0 IF1 released

      Detlev Poettgen  August 10 2021 08:22:22 AM

      HCL released a fix for HCL Safelinx this week.

      The build number is SafeLinx 1.2.0.1 (IF1)

      Beside fixes there are a few new features included, like:

      - MySQL on Windows support.
      - Enable Windows SAML HTTP authentication
      - Add redirect function to Nomad for / and /nomad paths to send to /nomad/index.html.


      Included fixes:


      SAFE-799:
      MySQL on Windows support.


      SAFE-820:
      Add charset=utf-8 for json responses to fix character issues.


      SAFE-821:
      Nomad, parsing of CORS Origin header token may fail causing transaction failures.


      SAFE-822:
      Hidden option to disable CORS origin validation.


      SAFE-823:
      Nomad specific login screen translations missing in Linux pkg.


      SAFE-841:
      Crash in client-less processing code when Locale or Accept-Lang is not set.


      SAFE-844:
      SafeLinx Server Shutdown after Administrator window close and the Server Process start/stop not working from Administrator.


      SAFE-851:
      Buffer overrun in javascript rewrite function for client-less access with URL rewriting enabled.


      SAFE-857:
      Issue with converting the users home mailserver to canonical format when it contains multiple instances of the same attribute.


      SAFE-865:
      Default to a domino server in the app server list if no home mail server is defined for a Nomad user.


      SAFE-867:
      Remove expired ltpatokens from Cookie when multiple exist and SL can decode them. Block 3rd party token generation and set when SafeLinx is using token as SID.


      SAFE-873:
      When creating userConfig.json, if the user CN value has an attr with 2 or less characters, conversion to canonical format will fail leaving an invalid userCN in the json.


      SAFE-886:
      Ltpa config that users OtherID with X.500 notation transform fails when verifying username in unknown user scenario.


      SAFE-887:
      Performance issue when LtpaToken configured to use Other ID from directory record. Non indexed searches can lead to delays in transaction processing.


      SAFE-885:
      Add Server-Worker-Allowed to Nomad static file downloads.


      SAFE-913:
      Add redirect function to Nomad for / and /nomad paths to send to /nomad/index.html.


      SAFE-918:
      Server fails to start after reboot. Old autorestart scripts causing exit when used with systemd.


      SAFE-935:
      Default HTTP certificate file missing from Windows install.


      SAFE-936:
      Server startup fails if HTTP certificate file is missing.


      SAFE-937:
      Remove MFA-id check from nomad standard_login.html form.


      SAFE-939:
      Enable Windows SAML HTTP authentication


      Details can be found here:

      https://support.hcltechsw.com/csm?id=kb_article_view&sys_kb_id=f047e5dd876170105440c9d8cebb3573

      HCL Traveler 12.0.0 Fixpack 1 released

      Detlev Poettgen  August 10 2021 07:48:49 AM
      HCL Traveler 12.0.0 Fix Pack 1 with Build Level 12.0.0.1 Build 202107200153 includes four fixes for the Traveler server.

      New Features:

      As far as I know Fixpack 1 does not include any new features.
      A list of new Traveler v12.0 features of the major release can be found here:

      https://help.hcltechsw.com/traveler/12.0.0/whats_new_1200.html

      Included Fixes:


      KB0092150

      attachment file name changed when using SmartForward/SmartReply of the HCL Verse for Android / iOS

      https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0092150

      KB0091495

      HCL Traveler server 12.0.0 repeated crashes upon receipt of a SmartForward/SmartReply request of the HCL Verse for Android / iOS app.

      https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0091495

      KB0092130

      Error connecting to FCM (Google Firebase Cloud Messaging) servers via proxy        

      https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0092130

      KB0092147
             
      long delay of syncing emails to mobile devices if mail file path contains uppercase non-ASCII characters
      If a user's mail file path contains an uppercase non-ASCII character, like Č or Š (for example, mailŠ/tom3.nsf), changes to the mail file are synced to the user's mobile devices only once per day
      .
      https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0092147


      Hints:

      Note for customers that manage their database schema: Traveler 12.0.0 Fix Pack1 does not include a database schema update.

      However prior releases did include database schema updates (for example: Traveler 11.0.0 did include a schema update).  Depending upon what level of Traveler server you are upgrading from, there may be a database schema update required.

      Traveler 12.0.0 Fix Pack 1 can be used to install a new Traveler environment or update an existing Traveler environment running Domino 9.0.1.x, Domino 10.0.x, Domino 11.0.x or Domino 12.0.0.x without requiring a Domino upgrade. It is always recommended to keep Domino at the latest level.  If updating Domino to 12.0, a minimum of Traveler 12.0 is required.

      More Details:
      https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0092047


      Issue: Traveler not starting after installation of Domino 11.0.1 FP3

      Detlev Poettgen  April 12 2021 11:57:07 AM
      If you are running Traveler on Linux and you plan to updrade to Domino 11.0.1 FP3, you should read this HCL Support document:

      Traveler task does not start after installing Domino 11.0.1FP3 on Linux systems


      Applies to


      HCL Traveler 11.0.1


      Observed Behavior


      If you have a Linux-based Traveler server running Domino 11.0.1, and you upgrade Domino to 11.0.1FP3, the Traveler task will not start.  Manually loading the Traveler task fails with an error message:


      > load traveler

      /opt/hcl/domino/notes/latest/linux/traveler: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

       
      Expected Behavior


      Upgrading to the Domino fixpack level should not affect Traveler.


      Workarounds


      The Traveler binaries for Linux were built in a way that requires the libssl.so.1.1 and libcrypto.so.1.1 files to exist in the Domino install directory.  
      To address a conflict between the Domino libs for ssl and crypto and standard Linux system libs of the same name (e.g., in the /lib64 directory), Domino 11.0.1FP3 renamed the files to libssl-domino.so.1.1 and libcrypto-domino.so.1.1.  
      Therefore, to resolve the Traveler requirement, while logged in as the root user, create symlinks in the Domino install directory with the names required by Traveler that link to the newly renamed files:


      [root@travdevcen02 notesdata]# cd /opt/hcl/domino/notes/latest/linux/

      [root@travdevcen02 linux]# ls -la libssl* libcrypto*

      -rwxr-xr-x. 1 root root 3366648 Mar 9 00:09 libcrypto-domino.so.1.1

      -rwxr-xr-x. 1 root root 687856 Mar 9 00:09 libssl-domino.so.1.1

      -rwxr-xr-x. 1 root root 937304 Mar 21 2020 libsslplus.so


      [root@travdevcen02 linux]#
      ln -s libssl-domino.so.1.1 libssl.so.1.1
      [root@travdevcen02 linux]#
      ln -s libcrypto-domino.so.1.1 libcrypto.so.1.1

      [root@travdevcen02 linux]# ls -la libssl* libcrypto*

      -rwxr-xr-x. 1 root root 3366648 Mar 9 00:09 libcrypto-domino.so.1.1

      lrwxrwxrwx. 1 root root 23 Mar 10 09:45 libcrypto.so.1.1 -> libcrypto-domino.so.1.1

      -rwxr-xr-x. 1 root root 687856 Mar 9 00:09 libssl-domino.so.1.1

      -rwxr-xr-x. 1 root root 937304 Mar 21 2020 libsslplus.so

      lrwxrwxrwx. 1 root root 20 Mar 10 09:45 libssl.so.1.1 -> libssl-domino.so.1.1

      [root@travdevcen02 linux]#


      Then, load traveler will work.


      Defect Status


      Designated


      Designated/Resolved version


      12.0


      Problem Resolution


      We will change the way the Traveler binaries for Linux are built, so the named libs are not required to exist in the Domino install directory.


      https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0088665



      Treffpunkte

      Archive