IBM Connections, Exchange, Kerberos and the Tale of External Non-Collaboration

It is a longer tale, so to make keep it short I decided to busy the lead and give you the synopsis right here:

If you are running IBM Connections integrated with Exchange as your ICMail setup you are using Kerberos. If you want to enable external collaboration by adding another LDAP source for your external users – it will not work.

You can create the repository, add it to WebSphere, you can do all the TDI settings to import the users in it as external users .. but they will not be able to authenticate. The reason is that WebSphere has the authentication mechanism at it’s top level of security (global) and not at the repository level. That means, once you use Kerberos you have to use Kerberos for ALL authentication that happens. Trust me, I have tested. I had PMRs open (with both Connections and WebSphere support). I talked to the IBM Connections Product team and verified that this specific scenario was never actually tested so nobody appears to have known of this, which is also why it never made it’s way into any documentation.

I don’t think there are many clients for whom this might be an issue currently, but I do see many environments wanting more security and wanting to tie in other back-end systems and if that client environment is running AD as their LDAP source , then KERBEROS will be right there as a feature request – or a necessity.

Is External Collaboration Dead when Using Kerberos?

That is an easy answer – No.

But you are now forced to add those external users to your AD forest and either add them to some branch/OU that you can treat as external users or add some AD/LDAP attribute to identify them as external users.

Feature Enhancement Request for WebSphere – PLEASE VOTE!

I entered a feature enhancement request to move the authentication method from a global setting to the repository level – either in general or as art of a security domain setup in WebSphere, thereby allowing non-Kerberos repositories to be used for authentication alongside a KERBEROS enabled repository.

Here is the link to the feature request – the more people look at it, follow it and vote for it the more likely it is to make it’s wat into a future release. you will need to have an IBM website ID to even just look at it but I’d appreciate the effort!

Open Mic Webcast: Troubleshooting Duplicate Mail Messages in IBM Notes – 24 July 2013

Looks like a good webcast again. I often get duplicate mail messages and it drives me nuts …. I will likely listne in to this one.




You are invited to join an Open Mic Webcast on the topic “Troubleshooting Duplicate Mail Messages in IBM Notes.” This event will be held Wednesday, 24 July 2013 at 11:00 AM EDT (15:00 UTC, or GMT -4), for 60 minutes. After a presentation, you will have the opportunity to ask questions directly of IBM Developers and Support Engineers. See more details below. (Note: To view this information online, go to

When Date: 24 July 2013
Time: 11:00 AM EDT (15:00 UTC, or GMT -4), for 60 minutes
Bookmark Webcast Technote
# 7038764
Title: Open Mic Webcast: Troubleshooting Duplicate Mail Messages in IBM Notes – 24 July 2013
Doc #: 7038764
URL: the call, the technote will include:

  • An iCal attachment to add this event to your calendar
  • Details on how to join the call and web conference
  • The slides that will be presented during the session

A couple of weeks after the call, the technote will be updated to include:

  • A recording of the session
  • A written Q&A transcript

To be notified when the Webcast technote is updated, subscribe to IBM My Notifications and select “Webcasts” as a document type of interest.

IBM SmartCloud Meeting (web conference) URL
Web conference password: webcast
Dial-in Information Dial-in Passcode: 6939689US/Canada phone numbers:
Toll-free number (866) 803-2145
Toll number (210) 795-1099

International phone numbers

ndinfo with “unsubscribe” in the subject line. Please be aware that doing so will also unsubscribe you from periodic Support Content Highlights newsletters. If you know of others who wish to subscribe, have them send a message to ndinfo with “subscribe” in the subject line.

This e-mail was sent to the following e-mail address: victor

IBM Open Mic Webcast: What’s the Latest with Notes Traveler? – 24 April 2012

I just received this in my in-box – definitely looks like something everybody should put into their calendars:


You are invited to join an Open Mic Webcast on the topic, “What’s the Latest with Notes Traveler?” ” After a presentation, you’ll have the opportunity to ask questions directly of IBM developers and support engineers. You can post questions in advance of the call as a response to this entry in the Notes/Domino/Traveler forum.

The event will take place on Tuesday, April 24, 2012 at 11 a.m. EDT (15:00 UTC or GMT -4) for 60 minutes.

Bookmark Webcast Technote #7024152 Title:     What’s the Latest with Notes Traveler? – 24 April 2012
Doc #:  7024142

Before the call, the technote will include:

      • NEW: An iCal attachment so you can add this event to your calendar
      • Details on how to join the call and web conference
      • The slides that will be presented during the session

A few weeks after the call, the technote will be updated to include:

      • A recording of the session
      • A written Q&A transcript

To be notified when the Webcast technote is updated, subscribe to IBM My Notifications and select “Webcasts” as a document type of interest.

Web Conference URL Web conference: Join an IBM SmartCloud Meetings (formerly LotusLive) web conference to view the presentation: Conference 6784422

Dial-in Information Dial-in passcode: 1624413

USA/Canada Toll Free Number: (866) 803-2145
USA/Canada Toll Number: (210) 795-1099
Non-US phone numbers: In the table below

International phone numbers:

ARGENTINA                                                 0800-777-0483
AUSTRALIA           ADELAIDE:       61-8-8121-4875           1-800-993-891
AUSTRALIA           BRISBANE:       61-7-3102-0977           1-800-993-891
AUSTRALIA           CANBERRA:       61-2-6100-1977           1-800-993-891
AUSTRALIA           MELBOURNE:     61-3-9010-7746           1-800-993-891
AUSTRALIA           PERTH:         61-8-9467-5256           1-800-993-891
AUSTRALIA           SYDNEY:         61-2-8205-8111           1-800-993-891
AUSTRIA                           43-1-92-80-299           0800-005-020
BELGIUM                           32-2-403-1045             0800-4-9978
BRAZIL                                                     0800-8911977
CHILE                                                     1230-020-0254
CHINA               CHINA A:       86-400-810-4775           10800-712-1319
CHINA               CHINA B:       86-400-810-4775           10800-120-1319
COLOMBIA                                                   01800-9-156417
CZECH REPUBLIC                     420-2-25-98-56-22         800-700-227
DENMARK                           45-7014-0277             8088-6033
ESTONIA                                                   800-011-1111
FINLAND             Land Line:     106-33-142               0-800-1-13084
FINLAND             Mobile:         09-106-33-142             0-800-1-13084
FRANCE               LYON:           33-4-26-69-12-92         080-510-1036
FRANCE               MARSEILLE:     33-4-86-06-00-92         080-510-1036
FRANCE               PARIS:         33-1-70-70-74-22         080-510-1036
GERMANY                           49-69-2222-7802           0800-000-3328
GREECE                             30-80-1-100-0678         00800-12-6968
HONG KONG                         852-3001-3847             800-930-445
HUNGARY                                                   06-800-17998
INDIA               INDIA A:                               000-800-852-1232
INDIA               INDIA B:                               000-800-001-6218
INDIA               INDIA C:                               1800-300-00465
INDONESIA                                                 001-803-011-3781
IRELAND                           353-1-431-9713           1800-932-282
ISRAEL                                                     1-80-9214888
ITALY                             39-02-3601-0952           800-986-557
JAPAN               OSAKA:         81-6-7739-4776           00531-12-1855
JAPAN               TOKYO:         81-3-5539-5169           00531-12-1855
LATVIA                                                     8000-2931
LUXEMBOURG                         352-27-000-1355          
MALAYSIA                                                   1-800-80-2326
MEXICO                                                     001-866-886-2374
NETHERLANDS                       31-20-718-8518           0800-020-1250
NEW ZEALAND                       64-9-970-4753             0800-446-096
NORWAY                             47-21-59-00-54           800-10097
PANAMA                                                     011-001-800-5072068
PERU                                                       0800-53780
PHILIPPINES                       63-2-858-3740            
POLAND                                                     00-800-1212016
PORTUGAL                                                   8008-60385
RUSSIA                                                     8-10-8002-9693011
SAUDI ARABIA                                               800-8-110015
SINGAPORE                         65-6883-9213             800-120-4336
SLOVAK REPUBLIC                   421-2-322-422-32        
SOUTH AFRICA                                               080-09-98844
SOUTH KOREA                       82-2-6744-1067           00798-14800-6849
SPAIN                             34-91-414-29-40           800-098-585
SWEDEN                             46-8-505-78-553           0200-890-172
SWITZERLAND                       41-44-580-7529           0800-001-028
TAIWAN                             886-2-2795-7363           00801-137-710
THAILAND                                                   001-800-1206-65645
UNITED KINGDOM       BIRMINGHAM:     44-121-210-9032           0800-376-8334
UNITED KINGDOM       GLASGOW:       44-141-202-3232           0800-376-8334
UNITED KINGDOM       LEEDS:         44-113-301-2132           0800-376-8334
UNITED KINGDOM       LONDON:         44-20-7108-6315           0800-376-8334
UNITED KINGDOM       MANCHESTER:     44-161-601-1432           0800-376-8334
URUGUAY                                                   000-413-598-3406
USA                               1-210-795-1099           866-803-2145
VENEZUELA                                                 0800-1-00-3751

Restrictions might exist when accessing freephone/toll free numbers using a mobile telephone.

Upcoming Events Visit our Lotus Support Technical Exchange Events page for additional upcoming events.
Subscription Information You are receiving this invitation because you contacted IBM Support in the past. To unsubscribe, send a message to with “unsubscribe” in the subject line (be aware that doing so will also unsubscribe you from periodic Portal Support Content Highlights newsletters). If you know of others who want to subscribe, have them send a message to with “subscribe” in the subject line.

Connections and Sametime Proxy Server 8.5.2 IFR1 fix OBEN-8SDLGS – RECALLED

I just got a mail from IBM support on the Sametime Proxy Server 8.5.2 IFR1 fix OBEN-8SDLGS that is mandatory for awareness between Connections 3.0.1 FP1 and Sametime.  It appears this HF was recalled (not sure what he exact problem is) which explains why I have not been able to get awareness to work with Connections – no mater what I do.

That there is no updated, specific documentation for Connections and ST awareness is not a good sign either but that is why I opened a PMR with IBM when I could just not get awareness to work correctly – and here I am a week later and still nothing to show for my efforts .

I will blog again once I hear back from IBM and a new ST HF is released.

Java: it’s your fault! Connections on AIX

Just a quick one during my lunch hour …. ran into an issue yesterday at my current client that shows once more that when you do not work with a specific OS for a while, you really loose your touch for the small details.

The Saga of WAS, AIX and the damn Java Cache

We installed iFixes yesterday and that all went well. However the syncing of the nodes (kicked off from the Dmgr console) took forever, and then one of the app clusters on one of the nodes would not restart (it eventually did after 4 hours).

To clean the system and get rid of any old temp files we:

  • Stopped all WebSphere servers:  /WAS_Profile/bin/ xxx -user xxx -password ****
  • Stopped the NodeAgent:  /WAS_Profile/bin/ -username xxxx -password ****
  • Cleaned all temp files /WAS_Profile/temp  and /wstemp (everything inside of both folders)
  • Ran  /WAS_Profile/bin/
  • Ran  /WAS_Profile/bin/

Note: you can also use the command “./ –stopservers -username xxxx -password ****” to shut down the node agent AND the servers at the same time. We wanted to see the individual servers come down as we had issues with one of them.

We then tried to restart the node agent ….. and it failed. We found this in the startserver.log for the node agent:

ADMU3011E: Server launched but failed initialization

Damn, nothing worked … re-cleaned, checked, cursed, cried ….. and then opened a Sev 1 ticket with IBM support online. (had a REALLY fast response – thanks guys!)

The Cavalry to the Rescue …

The Connections support guy had a look at the logs and brought in a WAS support specialist who had me repeat the clean-ups steps above AND clean this location as well (everything in this folder, but not delete the folder itself):


The IBM tech thinks we had a corrupted system level java cache that was causing the issue.  After that a ./ worked like a charm and the servers started fine as well.

Total Clean-up

Incidentally, we ended up shutting each AIX WAS server (including the Dmgr) down one by one so we do not have a service outage and ran the above maintenance once more. On the nodes we also ran a “./” with the node agent turned off – just to eliminate any possibility of the nodes maybe being out of synch (thanks for the idea Stuart).

We will also be going through our automated scripts to test adding some more items to them (email notifications when individual steps are done, add the “/temp/javasharedresources” to the list of folders to be cleaned,  etc.).

Lessons to be learned:

  • When you don’t work with an OS for a while you forget the important SMALL stuff (/tmp/javasharedresources) – I had run into this very issue a few years ago and totally forgot about it. I actually did not remember it until this morning, the day after.
  • When in doubt – call support RIGHT AWAY, if for no other reason than to validate your thought process is correct and you are not barking up the wrong tree. We did not wait very long to call, but sometimes even 5 minutes can mean the difference between failure and success.



IBM Support – Change to AVP Telephone Support Processes

This fluttered across my desk today at a client site I am currently working at. It appears that if y are an AVP client (Accelerated Value Program) IBM will no longer get you right to a technician if you call in a ticket but rather wants you to enter it online and wait for a call back. At my current client this is the standard way of operating and the call backs are rather quick – however I have been at other sites where those cal backs have taken somewhat longer in the past. I don’t think there will be much change but I will keep my eyes open and the stopwatch at hand.

I am generally rather happy with IBM support, though some of my clients feel they to often try to solve their problems by asking them (the clients) to upgrade … let’s not get into that discussion as upgrades and point releases in large companies can be compared to the logistical equivalent of clearing a minefield.


Here from the email:

Dear IBM Software Accelerated Value Program Client:

We are pleased you chose IBM to provide high-quality solutions for your business and information systems needs. This email is to inform you that Lotus is making a change in their approach to provide support delivery. Below is an explanation of those changes that will directly affect how you receive ongoing support for your Lotus branded software.

In order to ensure consistency across the IBM Software Accelerated Value Program, effective Monday, January 2, 2012, Lotus will move to call-back mode for all PMRs. Customers will have the option to open PMRs via Electronic Service Request (SR), already a choice of the majority of our customers, or by calling 1-800-IBMSERV or your local country equivalent.

IBM Service Request (SR) is a worldwide, Web-based problem submission and tracking tool available in the IBM Support Portal and is a method of choice by many of our clients. Service Request is available 7×24 and allows you to open PMRs and to check the status of your PMR without having to call IBM and at a time that it is most convenient to you.

Our customers tell us that increased access to information and the ability to be self-sufficient in finding the solutions they need when they need them provides the optimum capability to manage their IT infrastructure. Lotus has an array of tools that make it easy or you. If you are unfamiliar with these tools, we invite you to learn more at Lotus Support — Just a click away! In addition, the IBM Support Portal also has many special features available only to IBM Accelerated Value clients. We are committed to meeting the evolving requirements of our customers and continue to focus on enhancing the tools and support we provide.

All of us in the Lotus Technical Support organization and the Accelerated Value Program team look forward to assisting with your software support needs. We are here to help you achieve maximum benefit from your investment in IBM software and support services.

If you have questions at any time about these changes, please do not hesitate to contact me.