The Web, LDAP (Directory), DIIOP, and POP/IMAP mail users, by default, don't get "hit" with the server layer of the security "onion".
To make the server access applied to the Internet protocols, make the following change(s) on the Server document for each server.
1. Verify Server Document Port Settings:
Go to:
Server Document --> Ports tab --> Internet Ports tab --> Web tab --> Enforce server accessing settings: Yes (instead of No).
Server Document --> Ports tab --> Internet Ports tab --> Directory tab --> Enforce server accessing settings: Yes (instead of No).
Server Document --> Ports tab --> Internet Ports tab --> Mail tab --> IMAP, POP, and both SMTP columns --> Enforce server accessing settings: Yes (instead of No).
Server Document --> Ports tab --> Internet Ports tab --> DIIOP tab --> Enforce server accessing settings: Yes (instead of No).
Server Document --> Ports tab --> Internet Ports tab --> Remote Debug Manager tab --> Enforce server accessing settings: Yes (instead of No).
2. Check if the ID Vault has the "old" password.
Try entering not the password on the Person document, but the previous password for the Notes client. You may find that both the old Notes password, and the current person document HTTP password both work.
- If it works, the password in the ID Vault is being used.
- - a. See the Security Settings document --> Password Management (tab) --> Password Management Options (heading) --> Verify the value of the field: Update Internet Password When Notes Client Password Changes. It is likely, Yes.
- - b. See the Security Settings document --> ID Vault (tab) --> TOTP-based authentication with the ID vault (heading) --> Verify the value of the field: Allow password authentication with the ID vault. It is likely, Yes.
- - c. Change the Password again the Notes Client. After change the passwork, click the Sync ID button.
File --> Security --> User Security .. --> <enter current Notes password> --> On the User Security dialog window:
- Click Change Password --> Enter new password and confirm new password.
- Click ID Vault Sync button
- Click OK.
Notes:
- AdminP will update the person document w/the new password at the next interval. You can hurry-it-up, by entering the tell adminp process all into the console. The ID Vault seems to be done almost instantaneously.
- HTTP remembers old and new passwords concurrently for a short period. You can hurry-it-up to only the new one, by restarting the http task (e.g. tell http quit, and load http, or restart task http).
____________________
Testing/Debugging IMAP I/O:
- Notes.ini Settings:
IMAPDebug=[0,1,2,3,4]
IMAPDebugIO=[0,1,2,3,4]
0 being off (default) and 4 being the most verbose logging.
All data will be logged to the file IBM_TECHNICAL_SUPPORT\console.log
Steps:
1. Edit the notes.ini directly, or use the console command, or set via a configuration settings doc:
a. Console directions:
Admin client --> Open Server --> Server (tab) --> Status (sub-tab) --> Server Console (left menu item)
b. Enter the following debug parameters and their respective values, via the following command:
> Set Config notesiniparameter=value
2. Restart the IMAP task, which you can do by issuing this command to the console :
> restart task imap
3. Create/Update the activity logging app as needed to add IMAP for activity logging. (See steps, Activity Analysis Logging Setup, further below.)
4. Review the domino console log and the activity log (loga4-1.nsf).
5. Review the activity logs generated before the debug level change, perform just step 3 above to update the activity log database, and then step 4 to review the logs again. Repeat until analysis is completed.
6. IMPORTANT:
For performance and disk usage reasons, the debug notes.ini settings should be removed or set to 0 after testing is complete.
e.g.
> Set Config IMAPDebug=0
> Set Config IMAPDebugIO=0
> restart task imap
Activity Analysis Logging Setup:
For detailed IMAP logging analysis, run an activity analysis.
Admin client --> Server (tab) --> Analysis (sub-tab) --> Tools (right twistie) --> Activity
In the Server Activity Analysis dialog,
a. Select the items to activity report on the left, click the Add-> button in the middle to add them to the right.
b. Select the Start Date and End Date times.
c. Click the Results Database... button and select either an existing activity log app, or a new one.
d. Click the Overwrite this database option to start over or Append to this database (default) to add to the existing application, if chosen in step c above.
Click OK to enable.
previous page
|