Open Mic on. ID Vault Overview & Best Practices. 19th December, 2012

Similar documents
Lotus Domino Security NSL, Web SSO, Notes ID vault. Collin Murray Program Director, Lotus Domino Product Management

Open Mic - Troubleshooting & Best Practices for Read/Unread Marks. Manisha Parida and Sandeep R Deshpande 29 Feb 2012

The ID Vault Feature Across IBM Products

New 8.5 Notes Shared Login "Gotchas"

Troubleshooting Replication &

Troubleshooting Policies on a Domino Server

Best Practices. Ranjit Rai Ranjit Rai 8April 2010

Troubleshooting Policies. Amy Knox Staff Software Engineer, IBM Domino L2 Support team April 29, 2015

The Domino Certificate Authority Key Rollover Process. Author: Graham Farrell IBM Domino server Support Engineer

Lotus Domino Roaming. in Lotus Notes 8.5.x. Presenter: Christian Henseler (roaming (at) henseler.org)

Lotus IBM Lotus Notes Domino 8.5 System Administration Operating Fundamentals.

IBM Domino WEB Federated Login

Lotus Notes Traveler Upgrade Pack 1 High Availability (HA)

AdminCamp Christian Henseler, Christian Henseler,

Pass4sure CASECURID01.70 Questions

DISCLAIMER COPYRIGHT List of Trademarks

IBM C IBM Notes and Domino 9.0 Social Edition System Administration B.

Contents. 1 Introduction... 2 Introduction to Installing and Configuring LEI... 4 Upgrading NotesPump to LEI...

SETTING UP A HYBRID DOMINO ENVIRONMENT TO EASE YOUR WAY TO THE CLOUD

Open Mic Webcast: Troubleshooting freetime (busytime) issues in Lotus Notes

Domino Integration DME 4.6 IBM Lotus Domino

IBM Lotus Domino 8.5 System Administration Bootcamp Information Length: Ref: 5.0 Days D8L89G Delivery method: Classroom. Price: INR.

Sophos Mobile Control Administrator guide. Product version: 5.1

Quickr Configuration/Administration

Copyright 2017 Softerra, Ltd. All rights reserved

RoomWizard. Instructions for Lotus Domino Synchronization Software Installation

Lotus Exam IBM Lotus Notes Domino 7 Managing Servers and Users Version: 5.0 [ Total Questions: 90 ]

RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]

Best Practices of IBM Notes Traveler Deployment. Date: 27 Aug 2015

BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Administration Guide

BIG-IP System: Migrating Devices and Configurations Between Different Platforms. Version

Lotus Team Workplace. Version Installation and Upgrade Guide G

A. Getting Started About e-access Enrolling in e-access: Authenticating your account Login... 5

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

Security and Compliance for Lotus Domino Server

Updating the Client Access URL using IBM Traveler Server. OPEN MIC WEBCAST March 22, 2017 Alvin John Marron L2 Software Engineer IBM Traveler

D8L89G IBM Lotus Domino 8.5 System Administration Bootcamp

D8L75G IBM Lotus Domino 8.5 System Administration Fundamentals Training

Testking.C QA

DIRECTORY INTEGRATION: USING ACTIVE DIRECTORY FOR AUTHENTICATION. Gabriella Davis The Turtle Partnership

Tivoli Directory Integrator (TDI)

QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because

Logging IBM Traveler Server and Client Issues

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

LOT-983 IBM Lotus Notes Domino 8.5 Managing Servers and Users

LEI Installation Basics - on Windows and Linux platforms

Contents. Notes Mail Link Page 1

Sophos Central Device Encryption. Administrator Guide

Use a class C setting for maximum security. The class C setting is Click RoomWizard Setup.

Endpoint Security webrh

A IBM. Assessment: IBM Notes and Domino 9.0 Social Edition System Administration U

The Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide

Open Mic Webcast. Troubleshooting Sametime Policies

Guide for Administrators

Tips and Tricks - Troubleshooting Repeating Meetings, Busytime, and Resource Reservations. Open Mic May 15, IBM Support

Lotus IBM Lotus Notes Domino 7 SysAdmin Operating Fundamentals.

Microsoft Office Groove Server Groove Manager. Domain Administrator s Guide

Vendor: IBM. Exam Code: C Exam Name: IBM SmartCloud Notes Hybrid Config & Onboard Data Transfer. Version: Demo

SECURING DOMINO LDAP. Open Mic June 10th 2015

Identity Synchronizer User administration in Domino controlled by Active Directory

Setting Up Resources in VMware Identity Manager

IBM Tivoli Identity Manager Lotus Notes Adapter White Paper

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Guide for Administrators. Updated November 12, Page 1 of 31

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

High Availability Enabling SSL Database Migration Auto Backup and Auto Update Mail Server and Proxy Settings Support...

March 2011

This section of the release notes is reserved for notable changes and new features since the prior version.

Managing the CaseMap Admin Console User Guide

vcloud Director Administrator's Guide vcloud Director 8.10

Arcserve Backup for Windows

PeoplePassword Documentation v6.0

Troubleshooting Single Sign-On

ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018

Troubleshooting Single Sign-On

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

Self Service Password Reset User Guide Canada Version 1-2 Date: 2017/05/11

RSA Authentication Manager 7.1 Administrator s Guide

Lotus Exam Notes Domino 6:Building the Infrastructure Version: 5.0 [ Total Questions: 90 ]

VMware AirWatch Android Platform Guide

Sophos Mobile. startup guide. Product Version: 8.1

This section of the release notes is reserved for notable changes and new features since the prior version.

Increase user productivity and security by integrating identity management and enterprise single sign-on solutions.

Enterprise Access Gateway Management for Exostar s IAM Platform June 2018

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Notes Domino 8.5 STEW

User Guide. Version R92. English

IBM SmartCloud Notes (SCN) Mail Routing

CA ARCserve Replication and High Availability

This section of the release notes is reserved for notable changes and new features since the prior version.

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

IBM Tivoli Identity Manager V5.1 Fundamentals

Cisco Unified Serviceability

NotifySCM Workspace Administration Guide

IBM EXAM - C IBM SmartCloud Notes Hybrid Config & Onboard Data Transfer. Buy Full Product.

RSA Authentication Manager Adapter User Guide

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

Centrify for Dropbox Deployment Guide

Oracle Directory Services 11g: Administration

SAML-Based SSO Configuration

Transcription:

Open Mic on ID Vault Overview & Best Practices 19th December, 2012 1

Open Mic Team Sunil Chelani Domino SME Presenter Seema Janjirkar Software Engineer Presenter Ranjit Rai Lotus Technical Advisor Focussing on Entire Notes Domino Hansraj Mali Lotus Technical Advisor Focussing on Notes Domino,LotusLive Jayaval Rajendran Lotus Technical Advisor Focussing on Entire Notes Domino Vinayak Tavargeri Lotus Support Manager Open Mic Facilitator 2

Agenda What is a Notes ID Vault Why deploy a Notes ID Vault ID Vault Requirements Understanding ID Vault components Notes ID Vault Creation, and Configuration Operations on the Notes ID Vault Understanding Vault Security Password Reset Deployment Recommendations Troubleshooting ID Vault Notes.ini settings Case Studies Resources Q 3

What is Notes ID Vault The Notes ID Vault is an optional, server-based database that holds protected copies of Notes user IDs Uploading copies of ID files for existing users Adding ID files to vault during registration of new users Resetting of passwords when forgotten Help desk Self service applications Synchronization of ID files across multiple computers Auditor function to gain access to encrypted data Integration with inotes/blackberry Requires administrator access to server, vault administration rights (manager in vault db ACL), auditor role Can be disabled using SECURE_DISABLE_AUDITOR=1 in notes.ini Marking of ID files as Inactive via adminp when deleting users directly in vault 4

Why Deploy Notes ID Vault Can replace time-consuming, expensive ID file and password recovery systems, giving potential for significant reduction in user downtime and help desk costs Simplifies provisioning of Lotus Notes ID credentials Streamlines process for resetting forgotten passwords Help desk options Programmatic interfaces for self-service password applications Automates ID file maintenance ID file synchronization ID renames ID key rollovers ID file replacement due to loss or corruption Supports processes for legal discovery/access to encrypted data, potentially preventing the loss of valuable information 5

ID Vault Requirements IBM Lotus Domino 8.5.x IBM Lotus Notes 8.5.x 8.5.x Lotus Domino directory design 8.5.x Personal address book design(notes Client Address book) Policy to assign the vault A minimum of one Vault server 6

Understanding ID Vault Components Vault Server Vault Database Vault Administrator Vault ID Vault trust Certificates Reset Password Authority Policy Vault Replica Server Auditor Role 7

Notes ID Vault Creation Tools > ID Vaults > Create from Configuration tab Specify a name for the vault used for Hierarchical name of vault Database file name Vault ID file (used when adding or removing vault replicas) Specify password for vault ID Select server on which to deploy vault 8

Notes ID Vault Creation Contd.. Select at least one vault administrator Add / remove vault servers Delete ID files from the vault Add / remove other administrators Select organizations or organizational units whose IDs will be stored Need access to certifier IDs Vault Trust certificates are created for each certifier and stored in Domino Directory Only IDs registered with these certifiers can be uploaded to the vault 9

Notes ID Vault Creation Contd.. Select user names that are authorized to reset passwords Password Reset certificate is created for each user Include IDs associated with any self-service password reset application 10

Notes ID Vault Creation Contd.. Create ID vault policy Create new Edit existing Skip and create later Create Vault Locate certifier IDs 11

Notes ID Vault Creation Contd.. ID Vault application Stored on hosting Domino server Encrypted with hosting Domino server ID Vault Trust Certificate One for each registered certifier Password Reset Certificates Notes Cross-Certificates stored in Domino Directory Notes Cross-Certificates stored in Domino directory One for each user or application authorized to reset passwords Policy Settings If selected during Vault install In new or existing policy document 12

Notes ID Vault Creation Complete Vault ID On vault creators desktop Should be secured like a certifier ID Needed to create vault replicas ID Vault Directory Entry From where ID vault can be managed 13

Notes ID Vault Configuration Security Settings > ID Vault tab Hierarchical name of vault Forgotten password help text Enforce password change Automatic ID downloads Time limit Failure message Person document > ID Vaults Number of downloads 14

Notes ID Vault Database Application is encrypted with the host server's ID ACL Vault Administrators - Manager Vault server - Manager No access required for anyone else Record per ID Modification time Download limit User ID (encrypted) 15

Notes ID Vault Replicas First vault ID Vaults > Create Primary Vault Server Carries out key vault operations Name changes Key rollover Last replica to be deleted Checkmark in ID Vaults > Manage Additional vault replicas ID Vaults > Manage Do not use Create Replica tool Console command show idvaults 16

Operations-Adding new user to Vault Register new user Select Vault policy in Basics tab Vault will be automatically selected in ID Info tab During new user setup User enters their name Server identifies user as having ID in vault and prompts for password Correct password results in ID being downloaded to desktop 17

Operations-Adding existing user to Vault Add user to policy In person document Or via policy assignment tab User logs into Notes ID is uploaded in background User Security Settings indicate ID has been uploaded to vault 18

Operations-Forgotten Password User clicks on link on login dialog User receives instructions to get password reset Contact an administrator Or use a custom-built self-service application 19

Operations-Resetting Password-manual Operator Needs to verify user's identity Requires Password Reset Certificate Resets password from Person Document Does not need access to Vault Does not need access to ID file User Enters new password Can be prompted to change password immediately 20

Operations-Resetting Password-automated Custom Application Help Desk Application Self-service application ResetUserPassword method available in C, Java, JavaScript or LotusScript only API call currently exposed i.e: you cannot develop custom program to extract IDs Sample self-service application code snippet supplied with Domino 8.5 uses the ResetUserPassword method in a LotusScript agent can be used as basis for own application 21

Operations-Synchronizing ID Synchronization Scenarios Name change Key Rollover Password Change Encryption Keys Vault treats synchronization and download differently Synchronization: Client has the ID and password Download: Client only has the password Synchronization occurs At login Immediately (if local ID change is made when user is online) Polling interval (if local ID change is made when user is offline 22

Operations-Extracting id from Vault Provide user with physical copy of ID Extract ID from Person view Supply current password for ID Extract ID from Person document Supply copy of ID for Auditor User should be unaware of access Operator requires Auditor role Extract ID from Person view Don't supply current password (presumably not known) Supply new password to be used by Auditor 23

Operations-Recovering ID ID deleted or corrupted Remove corrupted ID Ensure user can download a new ID Automatic downloads set to Yes or Number of downloads allowed set to greater > 0 User logs in and new copy of ID is downloaded ID lost or stolen Reset password on the ID in the vault Roll over the keys on the ID Ensure that server key checking is enabled Ensure user can download a new ID User logs in and new copy of ID is downloaded 24

Understanding Vault Security Protection against the use of an unauthorized vault Creation of vault trust certificate requires access to certifier ID(s) Protection against unauthorized: Upload of IDs Only IDs registered by authorized certifiers can be uploaded Only IDs specified via policy will be uploaded Downloads of IDs Failed password attempts restricted to 10 per day (configurable) Option to require authorization for all downloads Password resets Requires password reset certificate Creation of password reset certificate requires access to certifier ID Access to vault contents Attached IDs are encrypted in vault All encryption/decryption done in memory no storage of IDs on disk Access to data transmitted over network ID vault transactions are encrypted 25

Password Reset Deployment Recommendation Issue password reset certificates to a small number of highly trusted individuals Issue a password reset certificate to an entire helpdesk OU Issue special IDs for resetting passwords Renaming people into and out of that OU will grant/deny access Administrators switch to these IDs to perform password reset tasks Issue a single password reset certificate to an application and give the help desk access to that application Easy to add and remove people from that ACL Can add supplemental logging and auditing 26

Troubleshooting Where and how to find logs for ID vault?. Security events in the local/server log.nsf 27

Troubleshooting Logs for Extract ID from vault - / Not in vault name Logs for Reset Password from vault 28

Troubleshooting Using the administrator client for analyzing the Vault issues. 29

Troubleshooting Domain monitoring: DDM database 30

Troubleshooting Error Messages Error when trying to extract ID file from ID vault : Server Error: You are not authorized to perform that operation This is due to administrator don't have the Auditor role in the ID vault database. In other case even though administrator has the Auditor role however the server notes.ini SECURE_DISABLE_AUDITOR=1 can prevent ID file to be extracted. User registration fails to upload the new user's ID to the Lotus Domino ID Vault with the error, "Error: File does not exist" URL:http://www.ibm.com/support/docview.wss?uid=swg21366245 Also If Extracting id file if vault name is not mentioned properly that is if Forward slash Missing (/Testvault) same error will come "Error: File does not exist" ID upload to an ID vault can fail during user registration. User registration process is completed with error: FAILED: ID upload to Notes ID Vault failed. In some cases problem was caused because of corruption in Domino Directory (names.nsf) 31

Troubleshooting A user lost his ID or it becomes corrupt. You attempt to launch their Notes client and download a new ID for this user, but you receive the error message "File cannot be created". Refer URL:http://www.ibm.com/support/docview.wss?uid=swg21411443 Error is generated in the Domino logs repeatedly: "Failed to authenticate with server Acmeserver/Acme. This server does not have the vault. A referral was returned. Refer URL: http://www.ibm.com/support/docview.wss?uid=swg21454997 When administrator tries to reset the password for the user ID it gives the error message: Server Error: Missing or invalid Password Reset Trust certificate, Check the log file for details. User.id not uploaded to id vault when user is renamed to new organization Unit "03:11 ON REMOTE SERVER" 32

ID vault NOTES.INI settings Which debugs used to collect the logs for the ID vault issues. Client Side Server Side Debug_IDV_TrustCert=1 Debug_IDV_TrustCert=1 Debug_Namelookup=1 Debug_Namelookup=1 Console_log_enabled=1 Console_log_enabled=1 DEBUG_IDV_TRACE=1 Debug_threadid=1 33

ID vault NOTES.INI settings IDV_POLL_INTERVAL IDVault_Max_Auth_Failures IDVault_Max_Auth_Failure_Cache_Size IDVAULT_RESYNC_INTERVAL SECURE_DISABLE_AUDITOR IDVAULT_COUNT1 IDVaultLastFlushTime IDVaultLastServer IDVAULT_STAMP1 34

Case Study 1: Problem: For Existing users ID files are not getting uploaded to the ID Vault. Troubleshooting: Errors :"Unable to find ID for <user name> in Vault. Error: Entry not found in index Failed to set download count for <user> to 0. Error: Entry not found in index" We have checked following details: User must be using an 8.5.x version client. 35

Case Study 1 Contd... Check policy requirements: A policy must exist that enrolls the user into the vault. It may be organizational or explicit. Verify the client has successfully pulled down the policy. To do this open names.nsf at the client and then hold down SHIFT+CONTROL while selecting the menu options "View" -> "Go To". Open the ($Policies) view. You should see a list of policies for the user as seen below. If you do not, you need to investigate a possible problem with the policy. For assistance in troubleshooting policies, refer to technote 7010353 "Self-Training: Troubleshooting Domino policies and settings documents" for assistance. 36

Case Study 1Contd... We checked the policy setting which has ID vault settings which applied to user is not getting pulled down to client however it is applied with different settings and that is the reason gives the error. "Unable to find ID for <user name> in Vault. Error: Entry not found in index" After investigation we found there is another policy which is called Organisation policy it has set some enforce settings which has caused Organisation policy is getting assigned to this user. Further to my testing, when we enable the setting "Ignore settings from Ancestor policies" in Administration tab -- Exception policy field of "idvault' policy document then the ID vault setting are pulled at notes client end. Then Id got uploaded to the vault. 37

Case Study 2: Administrator are unable to reset the password with below error messages: "Missing or Invalid Vault trust certificate. Check the log file for details" & "Server Error: Missing or invalid Password Reset Trust certificate,check the log file for details" Customer has following O in the address book which are cross certified with each other. O=Acme O=Bat O=Cat O=Lotus The vault DB name is Acme ID Vault for each of the O. Now from any of these O users if they tried to reset password using the ID vault it gives the above errors. Then we enabled the following debugs on server. Debug_IDV_TrustCert=1 Debug_Namelookup=1 Console_log_enabled=1 Debug_threadid=1 38

Case Study 2 Contd... - The console log shows the following errors [1254:0EE3-16F8] ----- Trust cert lookup Subject: CN=Lotus Admin/O=Lotus; Issuer: CN=Test1/O=Lotus, OrgCombo: O=Lotus:PR:O=Lotus [1254:101E-16F8] NAMELookup::<Lookup> PID:TID (1254:101E) start of routine [1254:101E-16F8] NAMELookup::<lookup> Searching view '($CrossCertByRoot)' (1 of 1 views). [1254:101E-16F8] NAMELookup::<lookup> Searching name='o=lotus:pr:o=lotus' (1 of 1 names). [1254:101E-16F8] NAMELookup::<lookup> Searching DBIndex=1. [1254:101E-16F8] NAMELookup::<LocateNameSpace> locate namespace in DBIndex=1, view='($crosscertbyroot)' [1254:101E-16F8] NAMELookup::<ReturnNameInfo> name='o=lotus:pr:o=lotus' was found '0' match(es) [1254:101E-16F8] NAMELookup::<lookup> No matches found for name 'O=Lotus:PR:O=Lotus' in dbindex '1' [1254:101E-16F8] NAMELookup::<LocateNameSpace> locate namespace in stable DBIndex=1, view='($crosscertbyroot)' [1254:1028-0274] NAMELookup::<LocateNameSpace> locate namespace in DBIndex=1, view='$serveraccess' [1254:101E-16F8] NAMELookup::<lookup> NumReturned=0, TotalNumReturned=0 match(es) for name='o=lotus:pr:o=lotus' [1254:0EE3-16F8] ---- Error in IDVLookupTrustCert, subject: CN=Lotus Admin/O=Lotus, issuer: CN=Test1/O=Lotus [1254:0EE3-16F8] ---- Error in IDVValidatePRIssuer for pw resetterl CN=Lotus Admin/O=Lotus, vault:'o=acmeidvault' user:'cn=test1/o=lotus' From the Error and console log, the admin is trying to reset password for user CN=Test1/O=Lotus. During this process, server is trying to find 'O=Lotus:PR:O=Lotus' but nothing found. In names.nsf, in Security - Certificates view, expand "Password Reset Certificates", there is only password reset certificate for organization Acme. No password reset certificate for organization Lotus That's why reset password failed. 39

Case Study 2 Contd... We modified the ID vault setting using Manage tool by adding the other O's in the password reset certificate and the password reset has worked fine for Lotus users. However for the other users who comes under the O Acme/Bat/cat was not happening it was giving the below error "Missing or Invalid Vault trust certificate. Check the log file for Details. We also reproduced the same issue at our end for the above error message and found the error message is no where recorded/capture at server however the error message was for the local client. To resolve this issue we removed all the cross certificates in personal address book and then copied the certificates and cross certificates from server address book to the local address book, After that tested and found reset for the other O is happening successfully without any issues. 40

Case Study 3: User ID file is not getting sync with the ID vault DB below error message is: In vault 'O=third' was not downloaded because the wrong password was supplied. Error: Wrong Password. (Passwords are case sensitive be sure to use correct upper and lower case) http://www-10.lotus.com/ldd/dominowiki.nsf/dx/id-vault-logging-for-8.5-faq This message is logged whenever an incorrect password is entered. This may result because the user simply miss typed his password, or because an attacker is trying to guess the user's password. If this message is logged multiple times and/or for multiple users around the same time period, you may want to investigate the situation. Does ID file security does the ID vault Sync button shows enabled? Found not enabled. So we have reset the password and problem got resolved. However this problem was faced for most of the users To identify why it is not sync we need to check the policy has properly applied to user and also we need to enable some debugs on client. Client Debug. You need to shut down the notes client and then open the notes.ini for the client and then insert the below notes.ini before last two line and save and close the file. To disable on client you need to remove the notes.ini parameters, IDV_TrustCert=1 Debug_IDVault_Server_Selection=1 IDVault_Count1=1 IDVaultLastServer=1 IDV_Poll_Interval=5000 Debug_namelookup=1 CONSOLE_LOG_ENABLED=1 Debug_ThreadID=1 41

Case Study 3 Contd... After reviewed logs we didnt found id is getting synchronized and person document and id vault database is uploaded. To further troubleshoot on the issue. Please try the following 1. Set the following parameter on the notes client. set Idvault_count1 greater than 4 set idvault_stamp1 more than 24 hrs ago Example. To force sync you can set IDVAULT_COUNT1=5 IDVAULT_STAMP1=21/12/2011 12:33:12 PM 2. Delete the user id file from the Notes client and login - copy to c:\temp.the Notes client should automatically sync and pull down a new copy of the ID from the Vault. 3. Gather logging - add these settings to the Notes client notes.ini : console_log_enabled=1 -> Enables logging... This is already enabled Debug_IDV_Trace=1 -> trace ID vault issue logstatusbar=1 -> logs anything in status bar You should get an error when trying to upload to the ID Vault the issue was due to multiple entry in the notes.ini. 42

Case Study 3 Contd... IDVAULT_COUNT1=0 IDVAULT_STAMP1=12/23/2011 03:54:17 PM IDV_TrustCert=1 Debug_IDVault_Server_Selection=1 IDVault_Count1=1 IDVaultLastServer=1 IDV_Poll_Interval=5000 IDVAULT_COUNT1=5 IDVAULT_STAMP1=21/12/2011 12:33:12 PM Debug_IDV_Trace=1 - We removed the duplicate entry and then followed by updating the below notes.ini with the vault server name IDVaultLastServer - With this we deleted the ID file from the data directory and then relaunched the notes client and ID file was downloaded and then we changed the password and found it was successfully synched with ID vault. 43

Case Study 4: Delete the ID vault where there is no password for ID vault ID file. Normally we suggest keep the Vault ID file and password in a safe place. However it you have lost the password then below are the manual process of deleting ID vault on the domino server. 1) Keep the back up of your names.nsf and ID vault database in case if need for reference. 2)From the administration client delete the database for the ID vault. Right click the id vault database which is in the IBM_ID_Vault. Note: If there are replica exist on the other server you need to delete those as well. 3) Go to the Configuration Tab-> Security-> Certificates -> ID vaults. Select the document and delete it. 4) Now in the same tab i.e in the Configuration Tab-> Security->Certificates -> Delete the certificates which you have under "Password Reset Certificates" and "Vault Trust Certificates" 5) Now run the updall on the names.nsf Load Updall -R names.nsf 6) Issue command on the server show idvaults This completes the deletion of the ID vault manually. 44

Case Study 5: Unable to extract theid file from the Vaulted database. The users were moved from one O to different O and for those users they are unable to extract the ID file. checked the ID vault database and found the ID file which is stored has the old name. checked the person document and then verified with the ID file name and found the ID file still having the old name and the person document has the new one. It has confirmed that rename was not proper however manual changed the name in the person document. Then changed the name in the person document back to the original one and then recertified the person document. moved the user from /Acme to /Star and the rename was successful wait till tomorrow to know if the new ID file get uploaded to the ID vault database. Then extracted ID. 45

Resources Lotus Domino Wiki Link for ID vault documents Lotus Domino and Notes Information Center ID vault logging for 8.5 FAQOpen Mic "Lotus Domino ID Vault" call of October 22 2009 Open Mic Q&A: ID Vault & Notes Shared Login - 20 October 2010 Open Mic Webcast REPLAY: ID Vault in Lotus Notes/Domino - 16 May 2012 Notes ID vault deployment at Renovations Open Mic on Notes ID Vault - 19th May 2011 Notes.ini Reference - "ID Vault 46

Your Turn! Q 47

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback