Just wondering if anyone else out there has been able to successfully configure ITIM to provision Lotus Notes user accounts, specifically including also creating a Replica Mail File, and if so, if I could bounce some questions off you that would be greatly appreciated.
Basically, I have been able to get ITIM to successfully create new Notes user accounts, and create their Mail File on their Home Server, but not their Replica Mail File (we require this as we run two "clustered" Lotus Domino Mail servers).
I've tried a few different approaches (i.e. tested separately, not all at the same time) - I've tried 2 different Provisioning Policies - both with "Replica Mail Server" attribute provisioned - one with "Replica Mail File" attribute provisioned, and one without (as per the User Guide). I've also tried a provisioning policy including provisioning the "AdminP Command" attribute set to "NewReplica".
And I've also tried modifying the Lotus Notes account "add" workflow with a "modifyaccount" operation to manually add the "AdminP Command" set to "NewReplica", but so far all I get are either errors, or the requests show as "success" but the Replica Mail file doesn't get created.
Server details as follows:
O/S: Red Hat Enterprise 6.3 (64 bit)
ITIM: ITIM 6.0
Domino Mail Servers (2 Cluster members):
O/S: Windows Server 2008 R2 SP1
Domino: Domino 8.5.3FP2
Thanks in advance.
This topic has been locked.
7 replies Latest Post - 2012-12-13T00:08:19Z by SystemAdmin
Pinned topic ITIM 6.0 - Lotus Notes Adapter - Unable to create Replica Mail File
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-12-13T00:08:19Z at 2012-12-13T00:08:19Z by SystemAdmin
Re: ITIM 6.0 - Lotus Notes Adapter - Unable to create Replica Mail File2012-12-07T17:10:26Z in response to SystemAdminVirtually everyone uses Domino replicas. This feature definitely works.
I always suggest a manual test to validate that your test system is working well, a good idea before installing the adapter. So try it from the Domino Admin client. Bring up the Registration form, fill in the attributes EXACTLY as you did in TIM Notes account form, submit the request and verify that the replica mail file is actually setup. You may just have a Domino config error. Use the adapter log file to verify the attribute values supplied by your provisioning policy.
Re: ITIM 6.0 - Lotus Notes Adapter - Unable to create Replica Mail File2012-12-10T00:10:48Z in response to Dr.StrangeloveHello,
Thanks for the response.
I can definitely confirm that we are able to successfully create users with their Mail File + Replica Mail File without any problems when using the Domino Admin client with the same attributes.
Just to give you a bit of background, I'm the ITIM Admin and Domino Admin at the company that I work for, so I've got a good understanding of both systems, so I'm fairly confident that I haven't missed anything obvious (hopefully).
And just to explain what I've tried so far - in terms of the attributes relating to the Replica, I've set the ITIM Provisioning Policy to provision the "Replica Server" attribute (pointing to our Replica Mail Server). I've tried creating new users with just that, because according to the User Guide on page 44 "...The adapter ignores the value of the Replication Mail File attribute on the Mail tab of the Notes account form if the Lotus Domino server version is 8.5 and later..." (and we're running Domino 8.5.3 servers).
So when I provision new users with just the "Replica Server" attribute, the user is created successfully (i.e. no error messages in ITIM / adapter logs), but no AdminP operation is generated in Domino to create the Replica.
So then I tried modifying the ITIM provisioning policy and adding the "Replica Mail File" attribute (and set it to provision the exact same value as the Mail File attribute). However, when I then try to create a new user, it shows a warning/error in the Adapter logs stating "...Can not replicate mail file. To replicate the mail file, attributes 'Replica file name' and 'Replica server name' both are required...".
Any further ideas/suggestions would be very much appreciated.
I'm going to continue with further testing, but may also end up logging a PMR with Tivoli/Lotus support to see if they can assist.
Re: ITIM 6.0 - Lotus Notes Adapter - Unable to create Replica Mail File2012-12-10T15:46:29Z in response to SystemAdminPage 44 of the User Guide also mentions that a separate Modify transaction must be run to perform the NewReplica AdminP command. So on the TIM side, you will first submit the Add, then submit a Modify.
A better approach may be to use and Explicit Policy. I am not a Domino guru, but I believe you can specify in a Domino Policy that a mail file is to be replicated, right? If so, you can create this policy and then refer to it on the Add transaction in TIM. See Adding Users Accounts with an Explicit Policy (page 37). This is a better option than running two transactions from TIM.
Re: ITIM 6.0 - Lotus Notes Adapter - Unable to create Replica Mail File2012-12-10T22:43:48Z in response to Dr.StrangeloveHello again,
Thanks again for the feedback. Much appreciated.
Yeah I did notice that bit of page 44 yesterday, so I've had a try using both methods, but have not yet had any luck.
I tried customizing the "add" workflow in ITIM (i.e. when creating a new Lotus Notes account) and adding in a "modifyaccount" operation, and passing in the "ernotesadminprequest" attribute with the value "NewReplica", but whenever I created a new user, the operation would complete successfully but still not create the Replica Mail file (well mostly successful, at least the Notes account would finish successfully, but I got some strange behaviour with AD/LDAP accounts, which was strange considering I'd only modified the Notes account "add" workflow).
So I've also tried creating an Explicit policy in Domino, but it doesn't seem to have taken affect / done anything (i.e. user get's created, but no replica get's created).
Anyway, I'm going to continue on trying the Explicit policy in Domino, but I've also logged a PMR, just to get a definitive answer on the exact requirements.
Re: ITIM 6.0 - Lotus Notes Adapter - Unable to create Replica Mail File2012-12-11T05:44:21Z in response to SystemAdminProblem now resolved.
Created an Explicit Policy in Domino, and then specified the name of the Expliciy Policy in the ITIM Provisioning Policy for the "Assigned Policy" attribute.
However, after making this change, it would appear this has broken another part of the process which was actually previously working successfully - i.e. when I create a new user now, their Notes ID File is not getting uploaded into the ID Vault :(
Given that I've resolved the original issue, I'm going to close this question of as "answered", and will post another message in the forum.
Re: ITIM 6.0 - Lotus Notes Adapter - Unable to create Replica Mail File2012-12-11T16:54:11Z in response to SystemAdminThe issue with an ID no loading into the vault is a Domino bug. The TIM Notes Adapter Release Notes describe the Lotus PMR# and the wok arounds.
User not added to vault when notes explicit policy allows it.
This a Notes related issue (SPR MSKA8R8JWK). Following workaround will,
however, work in the interim:
1. In the Domino Admin Client, open the Registration Settings for the
explicit policy. Edit Settings.
2. Click on the 'Miscellaneous' tab. In the 'Group Assignments' list select
any group. E.g. LocalDomainAdmins. Save the settings.
3. Register a new user with the explicit policy.