SlideShare a Scribd company logo

Fixing Domino Server Sickness

Gabriella Davis, profile picture
Gabriella Davis

The document is a comprehensive guide on troubleshooting and optimizing server performance, particularly for Domino servers. It discusses common issues like server sickness caused by vulnerabilities, aging configurations, and user habits, along with tools and best practices for monitoring and maintaining server health. Additionally, it emphasizes the importance of proactive management and configuration tuning to ensure ongoing server reliability and efficiency.

Technology
1 of 65
Downloaded 111 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#engageug Fixing Server Sickness Gabriella Davis Technical Director The Turtle Partnership !1
#engageug Fixing Your Server • What causes server sickness • Tools to spot sickness • Getting Your Server Back to Full Health
 !2
#engageug Server Sickness • The problem with Domino • How does a server get sick? • Vulnerabilities • Aging Configurations • Bad Habits !3
#engageug Server Sickness • The problem with Domino • How does a server get sick? • Vulnerabilities • Aging Configurations • Bad Habits • Developers Gone Wild !4
#engageug The Problem With Domino • “My Server Is Running Fine” • Server Stability • Often despite our best efforts • Tasks that just run • even without being properly configured !5
#engageug Vulnerabilities • Start with the OS • patch levels • unnecessary processes with exposed ports • disk and data security
 • Then the hardware • It’s all about disk performance • Using a SAN? Is the SAN configured for Domino? • Transaction logs configured?
 !6
#engageug Vulnerabilities • Security • ACLs • -Default- and Anonymous • LocalDomainServers • HTTP vs HTTPs • LDAP • DIIOP • Sametime !7
#engageug Aging Configurations • What can give you problems over time • Database sizes • More users • More tasks and features !8
#engageug Bad Habits • What are your users doing? • what features are they using • how are they using them • are they creating repeating 10yr appointments for instance • are they copying themselves on emails • Password quality for HTTP passwords !9
#engageug Giving Developers Power • Allowing development to dictate replication and agent scheduling • The curse of not production tested XPages code • Demands for “LDAP” or “DIIOP” for an application to work !10
#engageug Tools to Spot Sickness • Understanding Priorities • DDM Probes and Event Analysis !11
#engageug Tools to Spot Sickness • Understanding Priorities • DDM Probes and Event Analysis • Statistics • Catalog.nsf • QoS - new with Domino 9 • Enhanced Fault Reporting - new with Domino 9 !12
#engageug Understanding Priorities • Server role • What do you want from your server • What are statistics telling you • Warning Levels • Is it safe to ignore ‘Warning (Low)’ and focus on ‘Fatal’ or ‘Failure’ !13
#engageug Bringing Problems to You • Event Handlers, Event Generators, Statistics, Fault Reports and DDM Probes - where to start • Setting Statistic Thresholds • Choosing and configuring probes • Reviewing Faults • Setting up QoS behaviour !14
#engageug Bringing Problems To You • Why we set up collection hierarchies for DDM • and how • Daily and Weekly DDM reviews • What to look out for !15
#engageug Probes for Mail Servers • Security - Weekly • Directory Performance • Critical mail routes • Mail ‘Slack’ !16
#engageug Probes for Application Servers • Agent run times • agent cpu usage • Security and Web Configuration !17
#engageug Probes for Struggling Servers • OS level • disk performance (beware of reported SAN problems) • memory • network !18
#engageug What to look for • Fatal problems • Persistent Warnings • Peak activity behaviour • uptick in problems at 9am, 1pm etc • Repetitive low level ‘annoyances’ !19
#engageug Catalog.nsf • Not every database is immediately visible but they are all there (just hidden with selection formulae) • It’s a good place to start looking for multiple replica • It’s a good place to find ACL issues • Replicates around your domain and updates overnight !20
#engageug QoS - Quality of Service • Monitor server health and performance • Monitors application behavior, stability and hangs • Restarts Domino if it thinks there are memory issues or an application is hung • Shuts down Domino if a clean shutdown doesn’t happen and the server hangs • Controlled via notes.ini settings and dcontroller.ini • Requires Domino to be running under the Java Controller • nserver -jc !21
#engageug QoS Configuration • Starting Domino under Java Controller should create a dcontroller.ini file • QOS_Enable=1 • In Notes.Ini • QOS_ProbeInterval (defaults to 1 min) • QOS_ProbeTimeout (defaults to 5 mins) • QOS_ShutDown_Timeout • QOS_Apps_Timeout • QOS_Shutdown_Timeout !22
#engageug QOS - Potential Problems • QOS doesn’t support passwords on server ids , the restart will pause at the password entry screen • QOS timeouts being too low • Don’t enable QOS on servers without transaction logging !23
#engageug Enhanced Fault Reporting • Fault Reporting Database -lndfr.nsf • Expanded to include a by Disposition view • all faults when analyzed have a disposition value that categorises as • Problem • Possible Problem (possibly actionable ) • Possible Problem (likely NOT actionable ) • Informational • Unknown (investigate) !24
#engageug Possible Problem - Actionable • Out Of Memory: Represents a crash in which the Java virtual machine (JVM) ran out of a memory resource such as heap space. • Launched Notes multiple times: Indicates that the user quickly launched multiple instances of the Notes client • Possible hang: Indicates that the Notes client was manually terminated while it appeared to be doing useful work. • User Kill: Indicates that the user manually terminated the client while it appeared to be waiting for input or network timeout !25
#engageug Back to Full Health • Getting Control • Mail , Databases and ECLs • SMTP • Agent Scheduling • Directories • Adminp • LDAP • Tasks and Internet Site Documents • Domino Configuration Tuner !26
#engageug Back to Full Health • Getting Control • Mail , Databases and ECLs • SMTP • Agent Scheduling • Directories • Adminp • LDAP • Tasks and Internet Site Documents • Domino Configuration Tuner !27
#engageug Getting Control - Mail and Databases • Setting ACLs at directory level (Editor) • Lock down ECLs via Policies • Introducing quotas alongside server based archiving • Consider archiving files to a dedicated server • Upgrade to 8 and enable OOO router instead of agents • Disable forwarding rules set up by users • Use message tracking and mail rules very sparingly • Disable on the fly searching of non indexed databases !28
#engageug Database Management Tools • DBMT Server Command • runs copy-style compact operations • purges deletion stubs • expires soft deleted entries • updates views • reorganizes folders • merges full-text indexes • updates unread lists • ensures that critical views are created for failover • Replaces Updall • Load updall - nodbmt tells updall to run but not perform the functions that DMBT already does !29
#engageug DBMT Parameters • -compactThreads • -updallThreads • -ftiThreads • -timeLimit refers to compact timeout for DBMT • -range starttime stoptime • compactNdays (run Compact every x days) • ftiNdays (run FT Index every x days) • force d (day Sunday =1) fixup if compact fails for consecutive day !30
#engageug Getting Control - SMTP • Restrict relaying to specific ip addresses not network ranges • Beware of allowing authenticated relaying and opening up to dictionary attacks • Restrict rights to send to internal groups from internet addresses • Don’t accept mail for local part matches • Configure your server for HTML mail not plain text !31
#engageug Getting Control - SMTP (more) • Don’t allow all connecting hosts to deliver mail inbound, if you use a service restrict to those hosts • Use services / tools to spot attacks such as • persistent attempts to mass deliver within a time period • continual failures by a host to deliver to a correct address • Move responsibility for that first line of defense away from native Domino !32
#engageug Getting Control - Agent Scheduling • When are agents set to run • amgr_newmaileventdelay • amgr_newmailagentmininterval • If you’re using OOO agents how often are they scheduled • Do users have private agents running • Sh Agents [DBName] • All shared and private agents in a database • Who has rights to run agents !33
#engageug Getting Control - Directories • Avoid adding additional views to the Domino Directory • The risk of allowing local replicas with Author rights • Directory Assistance • Sh xdir !34
#engageug Getting Control - Adminp • Purge old documents • Requests awaiting approval • Tell adminp process NEW not ALL !35
#engageug Getting Control - LDAP • Allowing anonymous access to query LDAP • Authenticating LDAP queries • Extended Directory Catalog used by LDAP • Relying on DNS • Not configuring the LDAP task correctly to allow large searches with no timeouts • Maintaining schema.nsf !36
#engageug Getting Control - Tasks and Program Documents • Disable tasks you don’t need • Schedule overnight tasks so they don’t overlap • and don’t conflict with backups • Use program documents so you can review and manage easily • sh config servertasksat* • Keeping templates on every server • Using compact -B !37
#engageug Getting Control - Internet Site Documents • Web Configuration means TCPIP tasks are configured in the server document and are server wide • often enabled by default • Internet site documents require you to opt in for TCPIP services • configured by hostname !38
#engageug Domino Configuration Tuner • Domino Configuration Tuner is an analysis tool based on a set of pre-configured best practice/worst practice rules • The Rules are shipped by IBM with the Lotus installs and are updated via a public update site • Makes recommendations on configuration changes to enhance performance and security and reduce TCO !39
#engageug How does it work? • Run and installed via the Domino Configuration Tuner database • Updated by online template updates and rule updates • DCT rules and results are held in a local database and will require a restart of the client for changes to take effect • Scans • Server documents • notes.ini settings • advanced database properties • Intended to scan servers in a single domain !40
#engageug How does it work? • Creates reports on each scanned server based on the rules you select • Each report contains • Issues • recommendations for adjustments • links to supporting documentation !41
#engageug Pre-requisites • v8 Notes client (standard or basic) or administrator • dct.nsf database and dct.ntf template • servers 7.x or higher !42
#engageug Setup • DCT.NSF • StdDominoConfigTuner Template (dct.ntf) • ID must have reader access to names.nsf • ID must have ‘View Administrator’ rights • Requires no server or domain changes !43
#engageug View Administrator Rights • Server Document • Security Tab • View Administrator is a subset 
 of ‘Administrator’ rights • Think of it as ‘Show’ not ‘Tell’ rights • Sh users - YES • tell http refresh - NO !44
#engageug DCT Preferences • List of all rules • Review rule , description and supporting documentation • All rules are enabled by default for all scans • Enable and Disable rules !45
#engageug DCT Updates • Connects to the IBM site to download • must have outbound connectivity !46
#engageug DCT Updates • Click ‘check for updates’ • Connects to an external IBM site to identifies any template or rule updates !47
#engageug DCT Updates • Accept license and updates download • It’s not possible to selectively download !48
#engageug DCT Updates - Finished • “Successful” screen will notify you to restart your client • You may need to do 2 client restarts before DCT can be used !49
#engageug • First select the servers in your current domain you want to run against • The list of servers is retrieved from the domain of the home server identified in your location document • Change locations to scan a different domain Running the tuner !50
#engageug • You can manually type in the full hierarchical names of any other servers you want to scan as part of this analysis • Separate multiple server names with commas, semi colons or new lines • You can only scan servers you can reach so you need a connection document to any you list • or the server needs to be available via your passthru server in your location Running the tuner !51
#engageug Understanding the Results • Summary results • Issues by criticality !52
#engageug Understanding the Results • Summary results • Servers that failed to scan • reason why scan failed !53
#engageug Understanding the Results • Summary results • Detailed list of rules evaluated !54
#engageug Understanding the Results • View the current report • Select ‘change’ to view a different report !55
#engageug Understanding the Results • Filter results to make analysis easier • by server • by specific rules • by severity !56
#engageug Understanding the results • Categorised results of recommendations • Sorted by criticality and then by server name !57
#engageug Understanding the results • Each recommendation comes with an explanation so you can evaluate on a result by result basis if you want to make the change !58
#engageug • Each recommendation is provided with a link to a best / worst practices supporting documentation Understanding the results !59
#engageug Working with Rules • Disabling and enabling rules can be done through the ‘Preferences’ !60
#engageug Working with Rules • Selecting a rule shows the description and links to the best / worst practice documentation !61
#engageug Making Changes • Advanced Database Properties • assigned en masse via Domino Admin • notes.ini settings • assigned via the command set config xxx = x • shown via the command sh config xxx = x • Many recommendations refer to ‘some databases’ but don’t specify which ones - check which ones will be affected !62
#engageug Resources • Domino Configuration Tuner blog • http://www.bleedyellow.com/blogs/DCT/ • details and explanations of new rules published each month !63
#engageug Summary • No matter how well your servers are configured they will continue to degrade in performance over time unless you pro-actively monitor and fix • Many of the server performance issues will be seen first by your users before they filter down to you • Make reviewing your server configuration using DDM probes followed by a DCT analysis part of every server upgrade • Enable probes that are specific to the server role. Mail and Directory probes on Mail servers and Agent probes on Application servers • Use Security and Database probes configured in DDM to stay on top of any low level warnings that could cause larger problems in the future • Don’t over configure your servers to monitor everything or you’ll be looking for a needle in a haystack. Ask your servers to tell you only what you need to be aware of so immediately • Use the built in tools, DCT, Statistics, DDM, Catalog, Activity Trends to monitor your servers and gain a good understanding of what is their ‘normal’ behaviour so you can more easily spot when something goes wrong. !64
#engageug Questions !65 How to contact me: Gabriella Davis gabriella@turtlepartnership.com Twitter: gabturtle

More Related Content

PDF
60 Admin Tips
Gabriella Davis
 
PDF
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
Howard Greenberg
 
PDF
Domino Server Health - Monitoring and Managing
Gabriella Davis
 
PDF
RNUG - Dirty Secrets of the Notes Client
Christoph Adler
 
POTX
IBM Domino / IBM Notes Performance Tuning
Vladislav Tatarincev
 
PDF
Important tips on Router and SMTP mail routing
jayeshpar2006
 
PDF
Everything You Need to Know About HCL Notes 14
panagenda
 
PDF
Engage2022 - Domino Admin Tips
Gabriella Davis
 
60 Admin Tips
Gabriella Davis
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
Howard Greenberg
 
Domino Server Health - Monitoring and Managing
Gabriella Davis
 
RNUG - Dirty Secrets of the Notes Client
Christoph Adler
 
IBM Domino / IBM Notes Performance Tuning
Vladislav Tatarincev
 
Important tips on Router and SMTP mail routing
jayeshpar2006
 
Everything You Need to Know About HCL Notes 14
panagenda
 
Engage2022 - Domino Admin Tips
Gabriella Davis
 

What's hot (20)

PDF
How to use the new Domino Query Language
Tim Davis
 
PDF
How to Bring HCL Nomad Web and Domino Together Without SafeLinx
panagenda
 
PDF
RNUG - HCL Notes V11 Performance Boost
Christoph Adler
 
PDF
The View - Lotusscript coding best practices
Bill Buchan
 
PDF
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...
Christoph Adler
 
PPTX
INF107 - Integrating HCL Domino and Microsoft 365
Dylan Redfield
 
PDF
More mastering the art of indexing
Yoshinori Matsunobu
 
PDF
HCL Sametime V11 installation - tips
Ales Lichtenberg
 
PDF
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
Ales Lichtenberg
 
PDF
HCL Domino V12 - TOTP
Ales Lichtenberg
 
PDF
HTTP - The Other Face Of Domino
Gabriella Davis
 
PDF
IBM Notes Traveler Best Practices
jayeshpar2006
 
PDF
DNUG HCL Domino 11 First Look
daniel_nashed
 
PDF
June OpenNTF Webinar - Domino V12 Certification Manager
Howard Greenberg
 
PDF
Learn everything about IBM iNotes Customization
IBM Connections Developers
 
PPTX
HCL Domino V12 Key Security Features Overview
hemantnaik
 
PPTX
HCL Domino Volt Installation, Configuration & New Features
hemantnaik
 
PDF
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
DOCX
DominoMigrationProposal
Lynn Levash
 
PDF
Domino Adminblast
Gabriella Davis
 
How to use the new Domino Query Language
Tim Davis
 
How to Bring HCL Nomad Web and Domino Together Without SafeLinx
panagenda
 
RNUG - HCL Notes V11 Performance Boost
Christoph Adler
 
The View - Lotusscript coding best practices
Bill Buchan
 
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...
Christoph Adler
 
INF107 - Integrating HCL Domino and Microsoft 365
Dylan Redfield
 
More mastering the art of indexing
Yoshinori Matsunobu
 
HCL Sametime V11 installation - tips
Ales Lichtenberg
 
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
Ales Lichtenberg
 
HCL Domino V12 - TOTP
Ales Lichtenberg
 
HTTP - The Other Face Of Domino
Gabriella Davis
 
IBM Notes Traveler Best Practices
jayeshpar2006
 
DNUG HCL Domino 11 First Look
daniel_nashed
 
June OpenNTF Webinar - Domino V12 Certification Manager
Howard Greenberg
 
Learn everything about IBM iNotes Customization
IBM Connections Developers
 
HCL Domino V12 Key Security Features Overview
hemantnaik
 
HCL Domino Volt Installation, Configuration & New Features
hemantnaik
 
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
DominoMigrationProposal
Lynn Levash
 
Domino Adminblast
Gabriella Davis
 
Ad

Viewers also liked (7)

PDF
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
We4IT Group
 
PDF
Open mic on what's new in domino 9 social edition
sreeJk
 
PDF
A Technical Guide To Deploying Single Sign On
Gabriella Davis
 
PDF
Domino in the Back, Party In The Front
Gabriella Davis
 
PDF
Introducing IBM Lotus Notes and Domino 8.5
Thomas Coustenoble
 
PDF
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Gabriella Davis
 
ODP
JMP105 - "How Stuff Works" - Domino Style!
NerdGirlJess
 
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
We4IT Group
 
Open mic on what's new in domino 9 social edition
sreeJk
 
A Technical Guide To Deploying Single Sign On
Gabriella Davis
 
Domino in the Back, Party In The Front
Gabriella Davis
 
Introducing IBM Lotus Notes and Domino 8.5
Thomas Coustenoble
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Gabriella Davis
 
JMP105 - "How Stuff Works" - Domino Style!
NerdGirlJess
 
Ad

Similar to Fixing Domino Server Sickness (20)

PDF
Preventing serversickness
Gabriella Davis
 
PPTX
Domino Fitness. Time for a Health Check
Jared Roberts
 
PDF
Got Problems? Let's Do a Health Check
Luis Guirigay
 
PDF
BP103 - Got Problems? Let's Do a Health Check
Luis Guirigay
 
PDF
BP103: Got Problems ! Let's do a HealthCheck
Luis Guirigay
 
PDF
Adm07 The Health Check Extravaganza for IBM Social and Collaboration Environm...
Kim Greene
 
PDF
Only an IBM Domino Server can take this much beating and still run
Andreas Ponte
 
PDF
Engage ug 2015 saxion
Martin Meijer
 
PDF
Engage 2016 - Adm01 - Back from the Dead: When Bad Code Kills a Good Server
Bill Malchisky Jr.
 
PDF
Engage 2022: The Superpower of Integrating External APIs for Notes and Domino...
Serdar Basegmez
 
PDF
IBM Connect 2016 - 60+ in 60 - Admin Tips Power Hour
Chris Miller
 
PDF
Digital Nightmares - The Biggest Performance Killers in Your Environment
Wes Morgan
 
PDF
Adminlicious - A Guide To TCO Features In Domino v10
Gabriella Davis
 
POTX
Next Generation Monitoring for IBM Domino, Traveler, IMSMO, Verse
Vladislav Tatarincev
 
PDF
ICONUK 2016: Back From the Dead: How Bad Code Kills a Good Server
Serdar Basegmez
 
PDF
Back to the Future - Understand and Optimize your IBM Notes/Domino Infrastruc...
panagenda
 
PDF
IBM Connect 2017: Back from the Dead: When Bad Code Kills a Good Server
Serdar Basegmez
 
PDF
IBM Connect 2014 BP103: Ready, Aim, Fire: Mastering the Latest in the Adminis...
Benedek Menesi
 
PDF
ConnectED 2015 BP302: Future-Proofing Enterprise IT
Daniel Reimann
 
PDF
Tip from IBM Connect 2014: New security features in IBM Domino 8.5.x-9.x
SocialBiz UserGroup
 
Preventing serversickness
Gabriella Davis
 
Domino Fitness. Time for a Health Check
Jared Roberts
 
Got Problems? Let's Do a Health Check
Luis Guirigay
 
BP103 - Got Problems? Let's Do a Health Check
Luis Guirigay
 
BP103: Got Problems ! Let's do a HealthCheck
Luis Guirigay
 
Adm07 The Health Check Extravaganza for IBM Social and Collaboration Environm...
Kim Greene
 
Only an IBM Domino Server can take this much beating and still run
Andreas Ponte
 
Engage ug 2015 saxion
Martin Meijer
 
Engage 2016 - Adm01 - Back from the Dead: When Bad Code Kills a Good Server
Bill Malchisky Jr.
 
Engage 2022: The Superpower of Integrating External APIs for Notes and Domino...
Serdar Basegmez
 
IBM Connect 2016 - 60+ in 60 - Admin Tips Power Hour
Chris Miller
 
Digital Nightmares - The Biggest Performance Killers in Your Environment
Wes Morgan
 
Adminlicious - A Guide To TCO Features In Domino v10
Gabriella Davis
 
Next Generation Monitoring for IBM Domino, Traveler, IMSMO, Verse
Vladislav Tatarincev
 
ICONUK 2016: Back From the Dead: How Bad Code Kills a Good Server
Serdar Basegmez
 
Back to the Future - Understand and Optimize your IBM Notes/Domino Infrastruc...
panagenda
 
IBM Connect 2017: Back from the Dead: When Bad Code Kills a Good Server
Serdar Basegmez
 
IBM Connect 2014 BP103: Ready, Aim, Fire: Mastering the Latest in the Adminis...
Benedek Menesi
 
ConnectED 2015 BP302: Future-Proofing Enterprise IT
Daniel Reimann
 
Tip from IBM Connect 2014: New security features in IBM Domino 8.5.x-9.x
SocialBiz UserGroup
 

More from Gabriella Davis (20)

PDF
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
 
PDF
. Design Decisions: Developing for Mobile - The Template Experience Project
Gabriella Davis
 
PDF
Face Off Domino vs Exchange On Premises
Gabriella Davis
 
PDF
An Introduction to Configuring Domino for Docker
Gabriella Davis
 
PDF
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
PDF
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
Gabriella Davis
 
PDF
An introduction to configuring Domino for Docker
Gabriella Davis
 
PDF
How To Approach GDPR Preparation & Discovery
Gabriella Davis
 
PDF
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
PDF
Brand Yourself
Gabriella Davis
 
PDF
Home Working
Gabriella Davis
 
PDF
A Guide To Single Sign-On for IBM Collaboration Solutions
Gabriella Davis
 
PDF
The Imposter Syndrome
Gabriella Davis
 
PDF
What's New in Notes, Sametime and Verse On-Premises
Gabriella Davis
 
PDF
An Introduction To Docker
Gabriella Davis
 
PDF
An Introduction To Docker
Gabriella Davis
 
PDF
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Gabriella Davis
 
PDF
Embracing iot in the enterprise
Gabriella Davis
 
PDF
Benefits and Risks of a Single Identity - IBM Connect 2017
Gabriella Davis
 
PDF
Penumbra briefing
Gabriella Davis
 
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
 
. Design Decisions: Developing for Mobile - The Template Experience Project
Gabriella Davis
 
Face Off Domino vs Exchange On Premises
Gabriella Davis
 
An Introduction to Configuring Domino for Docker
Gabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
Gabriella Davis
 
An introduction to configuring Domino for Docker
Gabriella Davis
 
How To Approach GDPR Preparation & Discovery
Gabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
Brand Yourself
Gabriella Davis
 
Home Working
Gabriella Davis
 
A Guide To Single Sign-On for IBM Collaboration Solutions
Gabriella Davis
 
The Imposter Syndrome
Gabriella Davis
 
What's New in Notes, Sametime and Verse On-Premises
Gabriella Davis
 
An Introduction To Docker
Gabriella Davis
 
An Introduction To Docker
Gabriella Davis
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Gabriella Davis
 
Embracing iot in the enterprise
Gabriella Davis
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Gabriella Davis
 
Penumbra briefing
Gabriella Davis
 

Recently uploaded (20)

PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
KodekX | Application Modernization Development
KodekX
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Teaching material agriculture food technology
LiaRayya
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Cloud computing and distributed systems.
kkkkkhan
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 

Fixing Domino Server Sickness

  • 1. #engageug Fixing Server Sickness Gabriella Davis Technical Director The Turtle Partnership !1
  • 2. #engageug Fixing Your Server • What causes server sickness • Tools to spot sickness • Getting Your Server Back to Full Health
 !2
  • 3. #engageug Server Sickness • The problem with Domino • How does a server get sick? • Vulnerabilities • Aging Configurations • Bad Habits !3
  • 4. #engageug Server Sickness • The problem with Domino • How does a server get sick? • Vulnerabilities • Aging Configurations • Bad Habits • Developers Gone Wild !4
  • 5. #engageug The Problem With Domino • “My Server Is Running Fine” • Server Stability • Often despite our best efforts • Tasks that just run • even without being properly configured !5
  • 6. #engageug Vulnerabilities • Start with the OS • patch levels • unnecessary processes with exposed ports • disk and data security
 • Then the hardware • It’s all about disk performance • Using a SAN? Is the SAN configured for Domino? • Transaction logs configured?
 !6
  • 7. #engageug Vulnerabilities • Security • ACLs • -Default- and Anonymous • LocalDomainServers • HTTP vs HTTPs • LDAP • DIIOP • Sametime !7
  • 8. #engageug Aging Configurations • What can give you problems over time • Database sizes • More users • More tasks and features !8
  • 9. #engageug Bad Habits • What are your users doing? • what features are they using • how are they using them • are they creating repeating 10yr appointments for instance • are they copying themselves on emails • Password quality for HTTP passwords !9
  • 10. #engageug Giving Developers Power • Allowing development to dictate replication and agent scheduling • The curse of not production tested XPages code • Demands for “LDAP” or “DIIOP” for an application to work !10
  • 11. #engageug Tools to Spot Sickness • Understanding Priorities • DDM Probes and Event Analysis !11
  • 12. #engageug Tools to Spot Sickness • Understanding Priorities • DDM Probes and Event Analysis • Statistics • Catalog.nsf • QoS - new with Domino 9 • Enhanced Fault Reporting - new with Domino 9 !12
  • 13. #engageug Understanding Priorities • Server role • What do you want from your server • What are statistics telling you • Warning Levels • Is it safe to ignore ‘Warning (Low)’ and focus on ‘Fatal’ or ‘Failure’ !13
  • 14. #engageug Bringing Problems to You • Event Handlers, Event Generators, Statistics, Fault Reports and DDM Probes - where to start • Setting Statistic Thresholds • Choosing and configuring probes • Reviewing Faults • Setting up QoS behaviour !14
  • 15. #engageug Bringing Problems To You • Why we set up collection hierarchies for DDM • and how • Daily and Weekly DDM reviews • What to look out for !15
  • 16. #engageug Probes for Mail Servers • Security - Weekly • Directory Performance • Critical mail routes • Mail ‘Slack’ !16
  • 17. #engageug Probes for Application Servers • Agent run times • agent cpu usage • Security and Web Configuration !17
  • 18. #engageug Probes for Struggling Servers • OS level • disk performance (beware of reported SAN problems) • memory • network !18
  • 19. #engageug What to look for • Fatal problems • Persistent Warnings • Peak activity behaviour • uptick in problems at 9am, 1pm etc • Repetitive low level ‘annoyances’ !19
  • 20. #engageug Catalog.nsf • Not every database is immediately visible but they are all there (just hidden with selection formulae) • It’s a good place to start looking for multiple replica • It’s a good place to find ACL issues • Replicates around your domain and updates overnight !20
  • 21. #engageug QoS - Quality of Service • Monitor server health and performance • Monitors application behavior, stability and hangs • Restarts Domino if it thinks there are memory issues or an application is hung • Shuts down Domino if a clean shutdown doesn’t happen and the server hangs • Controlled via notes.ini settings and dcontroller.ini • Requires Domino to be running under the Java Controller • nserver -jc !21
  • 22. #engageug QoS Configuration • Starting Domino under Java Controller should create a dcontroller.ini file • QOS_Enable=1 • In Notes.Ini • QOS_ProbeInterval (defaults to 1 min) • QOS_ProbeTimeout (defaults to 5 mins) • QOS_ShutDown_Timeout • QOS_Apps_Timeout • QOS_Shutdown_Timeout !22
  • 23. #engageug QOS - Potential Problems • QOS doesn’t support passwords on server ids , the restart will pause at the password entry screen • QOS timeouts being too low • Don’t enable QOS on servers without transaction logging !23
  • 24. #engageug Enhanced Fault Reporting • Fault Reporting Database -lndfr.nsf • Expanded to include a by Disposition view • all faults when analyzed have a disposition value that categorises as • Problem • Possible Problem (possibly actionable ) • Possible Problem (likely NOT actionable ) • Informational • Unknown (investigate) !24
  • 25. #engageug Possible Problem - Actionable • Out Of Memory: Represents a crash in which the Java virtual machine (JVM) ran out of a memory resource such as heap space. • Launched Notes multiple times: Indicates that the user quickly launched multiple instances of the Notes client • Possible hang: Indicates that the Notes client was manually terminated while it appeared to be doing useful work. • User Kill: Indicates that the user manually terminated the client while it appeared to be waiting for input or network timeout !25
  • 26. #engageug Back to Full Health • Getting Control • Mail , Databases and ECLs • SMTP • Agent Scheduling • Directories • Adminp • LDAP • Tasks and Internet Site Documents • Domino Configuration Tuner !26
  • 27. #engageug Back to Full Health • Getting Control • Mail , Databases and ECLs • SMTP • Agent Scheduling • Directories • Adminp • LDAP • Tasks and Internet Site Documents • Domino Configuration Tuner !27
  • 28. #engageug Getting Control - Mail and Databases • Setting ACLs at directory level (Editor) • Lock down ECLs via Policies • Introducing quotas alongside server based archiving • Consider archiving files to a dedicated server • Upgrade to 8 and enable OOO router instead of agents • Disable forwarding rules set up by users • Use message tracking and mail rules very sparingly • Disable on the fly searching of non indexed databases !28
  • 29. #engageug Database Management Tools • DBMT Server Command • runs copy-style compact operations • purges deletion stubs • expires soft deleted entries • updates views • reorganizes folders • merges full-text indexes • updates unread lists • ensures that critical views are created for failover • Replaces Updall • Load updall - nodbmt tells updall to run but not perform the functions that DMBT already does !29
  • 30. #engageug DBMT Parameters • -compactThreads • -updallThreads • -ftiThreads • -timeLimit refers to compact timeout for DBMT • -range starttime stoptime • compactNdays (run Compact every x days) • ftiNdays (run FT Index every x days) • force d (day Sunday =1) fixup if compact fails for consecutive day !30
  • 31. #engageug Getting Control - SMTP • Restrict relaying to specific ip addresses not network ranges • Beware of allowing authenticated relaying and opening up to dictionary attacks • Restrict rights to send to internal groups from internet addresses • Don’t accept mail for local part matches • Configure your server for HTML mail not plain text !31
  • 32. #engageug Getting Control - SMTP (more) • Don’t allow all connecting hosts to deliver mail inbound, if you use a service restrict to those hosts • Use services / tools to spot attacks such as • persistent attempts to mass deliver within a time period • continual failures by a host to deliver to a correct address • Move responsibility for that first line of defense away from native Domino !32
  • 33. #engageug Getting Control - Agent Scheduling • When are agents set to run • amgr_newmaileventdelay • amgr_newmailagentmininterval • If you’re using OOO agents how often are they scheduled • Do users have private agents running • Sh Agents [DBName] • All shared and private agents in a database • Who has rights to run agents !33
  • 34. #engageug Getting Control - Directories • Avoid adding additional views to the Domino Directory • The risk of allowing local replicas with Author rights • Directory Assistance • Sh xdir !34
  • 35. #engageug Getting Control - Adminp • Purge old documents • Requests awaiting approval • Tell adminp process NEW not ALL !35
  • 36. #engageug Getting Control - LDAP • Allowing anonymous access to query LDAP • Authenticating LDAP queries • Extended Directory Catalog used by LDAP • Relying on DNS • Not configuring the LDAP task correctly to allow large searches with no timeouts • Maintaining schema.nsf !36
  • 37. #engageug Getting Control - Tasks and Program Documents • Disable tasks you don’t need • Schedule overnight tasks so they don’t overlap • and don’t conflict with backups • Use program documents so you can review and manage easily • sh config servertasksat* • Keeping templates on every server • Using compact -B !37
  • 38. #engageug Getting Control - Internet Site Documents • Web Configuration means TCPIP tasks are configured in the server document and are server wide • often enabled by default • Internet site documents require you to opt in for TCPIP services • configured by hostname !38
  • 39. #engageug Domino Configuration Tuner • Domino Configuration Tuner is an analysis tool based on a set of pre-configured best practice/worst practice rules • The Rules are shipped by IBM with the Lotus installs and are updated via a public update site • Makes recommendations on configuration changes to enhance performance and security and reduce TCO !39
  • 40. #engageug How does it work? • Run and installed via the Domino Configuration Tuner database • Updated by online template updates and rule updates • DCT rules and results are held in a local database and will require a restart of the client for changes to take effect • Scans • Server documents • notes.ini settings • advanced database properties • Intended to scan servers in a single domain !40
  • 41. #engageug How does it work? • Creates reports on each scanned server based on the rules you select • Each report contains • Issues • recommendations for adjustments • links to supporting documentation !41
  • 42. #engageug Pre-requisites • v8 Notes client (standard or basic) or administrator • dct.nsf database and dct.ntf template • servers 7.x or higher !42
  • 43. #engageug Setup • DCT.NSF • StdDominoConfigTuner Template (dct.ntf) • ID must have reader access to names.nsf • ID must have ‘View Administrator’ rights • Requires no server or domain changes !43
  • 44. #engageug View Administrator Rights • Server Document • Security Tab • View Administrator is a subset 
 of ‘Administrator’ rights • Think of it as ‘Show’ not ‘Tell’ rights • Sh users - YES • tell http refresh - NO !44
  • 45. #engageug DCT Preferences • List of all rules • Review rule , description and supporting documentation • All rules are enabled by default for all scans • Enable and Disable rules !45
  • 46. #engageug DCT Updates • Connects to the IBM site to download • must have outbound connectivity !46
  • 47. #engageug DCT Updates • Click ‘check for updates’ • Connects to an external IBM site to identifies any template or rule updates !47
  • 48. #engageug DCT Updates • Accept license and updates download • It’s not possible to selectively download !48
  • 49. #engageug DCT Updates - Finished • “Successful” screen will notify you to restart your client • You may need to do 2 client restarts before DCT can be used !49
  • 50. #engageug • First select the servers in your current domain you want to run against • The list of servers is retrieved from the domain of the home server identified in your location document • Change locations to scan a different domain Running the tuner !50
  • 51. #engageug • You can manually type in the full hierarchical names of any other servers you want to scan as part of this analysis • Separate multiple server names with commas, semi colons or new lines • You can only scan servers you can reach so you need a connection document to any you list • or the server needs to be available via your passthru server in your location Running the tuner !51
  • 52. #engageug Understanding the Results • Summary results • Issues by criticality !52
  • 53. #engageug Understanding the Results • Summary results • Servers that failed to scan • reason why scan failed !53
  • 54. #engageug Understanding the Results • Summary results • Detailed list of rules evaluated !54
  • 55. #engageug Understanding the Results • View the current report • Select ‘change’ to view a different report !55
  • 56. #engageug Understanding the Results • Filter results to make analysis easier • by server • by specific rules • by severity !56
  • 57. #engageug Understanding the results • Categorised results of recommendations • Sorted by criticality and then by server name !57
  • 58. #engageug Understanding the results • Each recommendation comes with an explanation so you can evaluate on a result by result basis if you want to make the change !58
  • 59. #engageug • Each recommendation is provided with a link to a best / worst practices supporting documentation Understanding the results !59
  • 60. #engageug Working with Rules • Disabling and enabling rules can be done through the ‘Preferences’ !60
  • 61. #engageug Working with Rules • Selecting a rule shows the description and links to the best / worst practice documentation !61
  • 62. #engageug Making Changes • Advanced Database Properties • assigned en masse via Domino Admin • notes.ini settings • assigned via the command set config xxx = x • shown via the command sh config xxx = x • Many recommendations refer to ‘some databases’ but don’t specify which ones - check which ones will be affected !62
  • 63. #engageug Resources • Domino Configuration Tuner blog • http://www.bleedyellow.com/blogs/DCT/ • details and explanations of new rules published each month !63
  • 64. #engageug Summary • No matter how well your servers are configured they will continue to degrade in performance over time unless you pro-actively monitor and fix • Many of the server performance issues will be seen first by your users before they filter down to you • Make reviewing your server configuration using DDM probes followed by a DCT analysis part of every server upgrade • Enable probes that are specific to the server role. Mail and Directory probes on Mail servers and Agent probes on Application servers • Use Security and Database probes configured in DDM to stay on top of any low level warnings that could cause larger problems in the future • Don’t over configure your servers to monitor everything or you’ll be looking for a needle in a haystack. Ask your servers to tell you only what you need to be aware of so immediately • Use the built in tools, DCT, Statistics, DDM, Catalog, Activity Trends to monitor your servers and gain a good understanding of what is their ‘normal’ behaviour so you can more easily spot when something goes wrong. !64
  • 65. #engageug Questions !65 How to contact me: Gabriella Davis gabriella@turtlepartnership.com Twitter: gabturtle