Vous êtes sur la page 1sur 131

Course Overview ................................................................................................................ 3 Key Points About this Course............................................................................................. 4 Lesson 1: Introduction to IBM Lotus Domino Web Access.......................................................

6 Overview............................................................................................................................. 6 What is Domino Web Access? ........................................................................................... 7 The Domino Web Access Strategy ................................................................................... 11 The History of IBM Lotus Domino Web Access ............................................................. 14 Exercise 1.1: The History of Domino Web Access .......................................................... 19 Lesson 2: Configuring a DWA Environment ........................................................................... 21 Overview........................................................................................................................... 21 Domino Web Access Setup Basics ................................................................................... 22 Exercise 2.1: Setting up a DWA Environment ................................................................. 26 DWA Settings in the Server Configuration Document..................................................... 32 Exercise 2.2: Working with DWA Settings in the Server Configuration Document ....... 37 Domino Web Access Notes.ini Parameters ...................................................................... 41 Exercise 2.3: Domino Web Access Notes.ini Parameters ................................................ 47 Lesson 3: Domino Web Access Processes................................................................................ 49 Overview........................................................................................................................... 49 Behind the Scenes ............................................................................................................. 50 How Domino Web Access Generates Pages .................................................................... 54 Exercise 3.1: Viewing DWA Fields with Domino Designer............................................ 58 Lesson 4: Security..................................................................................................................... 59 Overview........................................................................................................................... 59 DWA User Authentication................................................................................................ 60 Logging Out of Domino Web Access............................................................................... 64 The Active Content Filter ................................................................................................. 68 Exercise 4.1: Configuring DWA Session-Based Authentication ..................................... 69 Lesson 5: Sametime Integration with Domino Web Access .................................................... 72 Overview........................................................................................................................... 72 Sametime Integration with Domino Web Access............................................................. 73 Exercise 5.1: Installing a Sametime Server ...................................................................... 77 Exercise 5.2: Integrating Domino Web Access with Sametime ....................................... 83 Key Technotes For Troubleshooting Sametime Integration with Domino Web Access.. 86 DWA/Sametime Notes.ini Parameters.............................................................................. 87 Exercise 5.3: Working with DWA/Sametime Notes.ini Parameters ................................ 89 Lesson 6: Domino Off-line Services (DOLS) and DWA ......................................................... 91 Overview........................................................................................................................... 91 DOLS Basics..................................................................................................................... 92 DOLS Components........................................................................................................... 93 Exercise 6.1: Taking Your DWA Mail File Offline ....................................................... 100 How DOLS Works.......................................................................................................... 106 Exercise 6.2: Working with the Lotus Domino Sync Manager ...................................... 111 DOLS and Passthru Server Support................................................................................ 113 Troubleshooting DOLS in DWA .................................................................................... 115 Lesson 7: DWA Miscellany.................................................................................................... 118 Overview......................................................................................................................... 118

Last edited 10/24/2005

IBM 2005

DWA Miscellany ............................................................................................................ 119 Basic Mail File Troubleshooting Techniques ................................................................. 129 Exercise 7.1: Toggling the DWA and Webmail UIs ...................................................... 130

Last edited 10/24/2005

IBM 2005

Course Overview
This is an intermediate level course on troubleshooting IBM Lotus Domino Web Access issues. This course focuses on using mail files with IBM Lotus Domino Web Access. This course is divided into the following lessons: Lessons Lesson 1: Introduction to IBM Lotus Domino Web Access Lesson 2: Configuring a DWA Environment Lesson 3: IBM Lotus Domino Web Access Processes Lesson 4: Security Lesson 5: Sametime Integration with Domino Web Access Lesson 6: Domino Off-line Services (DOLS) and DWA Lesson 7: DWA Miscellany
Timing

Introduction

In this Course

See Page 6 21 50 60 73 92 119

The timing of this courses components are as follows: Component Course Overview Lesson 1 Lesson 2 Lesson 3 Lesson 4 Lesson 5 Lesson 6 Lesson 7 Total: Approximate Time 10 minutes 1 hour 2 hours 35 minutes 55 minutes 1 hour 45 minutes 2 hours 35 minutes 1 hour 35 minutes 1 hour 30 minutes 2 days with each class day lasting 6 hours

Last edited 10/24/2005

IBM 2005

Key Points About this Course


The exercises and activities in this course emphasize hands-on setup and testing in an IBM Lotus Domino Web Access environment. When you have completed the course you will have the skills to setup and configure your own DWA testing environment. This course will provide you with a foundation from which to troubleshoot and solve issues. This course assumes that with product documentation, you are able to install, configure and use the following: IBM Lotus Notes Client IBM Lotus Domino Administrator Client IBM Lotus Domino Designer Client IBM Lotus Domino Server IBM Lotus Sametime Connect Client Web Browser This course's design enables it to be either delivered in a classroom setting (in which the instructor's role is primarily facilitation) or taken as a self-paced course by an individual participant. It is strongly recommended that participants who take the course in a selfpaced format be paired with a Domino Web Access expert/mentor who can answer questions and provide any other guidance participants may require. Upon completion of lesson 2 (Configuring a DWA Environment), you have the required setup to complete the following lessons (3-7) in any order you wish. This may be a suitable option for you if you are taking the course selfstudy. The approximate time needed to complete each lesson is listed in the table on page 3 and in the overview for each lesson. The actual time needed to complete each lesson depends on the format in which you are taking this course (classroom or self-paced) and your current familiarity with Domino Web Access.
Continued on next page

Introduction

Prerequisites

Course Format

Lesson Structure

More on Timing

Last edited 10/24/2005

IBM 2005

Key Points About this Course, Continued


Required software and documentation

To complete all of the exercises and activities, you will need the following: Hardware 3 machines: 1 that can function as a Domino 6.5.3 (DWA) server 1 that can function as a Sametime 6.5.1 Server (running on Domino 6.5.3 Server) 1 that can function as a client machine, running the following clients:
Notes/Domino Designer/Domino Administrator clients (v6.5.3) Sametime Connect 3.1 client MS Internet Explorer v5.5x or 6.0x

Check the hardware requirements in the IBM Lotus Notes and Domino 6.5.3 Release Notes and the latest IBM Lotus Sametime Installation Guide for information regarding minimum requirements. Software IBM Lotus Notes and Domino 6.5.3 install code (Server and all clients) IBM Lotus Sametime Server 6.5.1 install code (client install code is included with the server) Microsoft Internet Explorer install code (v5.5 or higher) Documentation www.ibm.com/software/lotus/support for technotes IBM Lotus Domino 6.5.1 Administrator Help IBM Lotus Notes 6.5.3 Help IBM Lotus Notes and Domino 6.5.3 Release Notes IBM Lotus Sametime 6.5.1 Installation Guide The documentation can be obtained here: http://www.lotus.com/ldd/doc

Last edited 10/24/2005

IBM 2005

Lesson 1: Introduction to IBM Lotus Domino Web Access Overview


Introduction

This lesson outlines the strategic product positioning of IBM Lotus Domino Web Access in the Lotus Brand messaging portfolio, as well as the history of IBM Lotus Domino Web Access. After completing this lesson you will be able to: Identify the key components of Domino Web Access State the primary reasons why one would select Domino Web Access as their messaging client solution Identify when key features were released in the version history of Domino Web Access

Objectives

In This Lesson

This lesson is divided into the following topics: Topic What is Domino Web Access? The Domino Web Access Strategy The History of Domino Web Access Exercise 1.1: The History of Domino Web Access See Page 7 11 14 19

Timing

The timing of this lesson is as follows: Component Overview Topics Exercise Recap Total: Approximate Time 5 Minutes 30 minutes 20 minutes 5 minutes 1 hour

Last edited 10/24/2005

IBM 2005

What is Domino Web Access?


IBM Lotus Domino Web Access (DWA) is a client that allows users to access different Domino services using a web browser. Domino Web Access provides the browser user with access to a number of features that were previously only available for users with non-browser clients, such as Lotus Notes. These features are in the areas of messaging, calendar and scheduling, personal information management (PIM), task management, and personal journal. Users can also work offline to manage email messages, contacts, calendars, todo items, and so forth, from the user interface that Domino Web Access provides. Domino Web Access can be used independently, or together with the Lotus Notes client. Users can use the Notes client while they are in their office environment, and use Domino Web Access while they are remote and their only choice is to use a Web browsersuch as when they are at another users PC, or on their home PC. This lesson will examine the components that make up Domino Web Access. Note: Up until Domino 6.5, Domino Web Access was called iNotes Web Access, or iNotes. For this reason, many elements of Domino Web Access (such as mail templates) still carry the iNotes name. For the sake of simplicity in this text, all versions of the product including those released prior to Domino 6.5, will be referred to as Domino Web Access (DWA).
DWA Components

Introduction

The DWA environment is comprised of 5 components: Supported Browser Domino Server running the HTTP task The mail template iNotesX.ntf Shared forms database (Forms5.nsf or Forms6.nsf) Domino Off-line Services (DOLS) for offline use

Supported Browsers

As of Domino Web Access 6.5.3, supported browsers are: Microsoft Internet Explorer 5.5x or 6.0x Mozilla (Linux) 1.4.1
Continued on next page

Last edited 10/24/2005

IBM 2005

What is Domino Web Access?, Continued


The DWA server is simply a Domino server running the HTTP task. A DWA users mail file is based on the iNotesX.ntf template, where X refers to a version number, for example iNotes6.ntf. (please see the table on p.17 for version-to-template details). The differences between the iNotesX.ntf templates and the standard mail templates (mail6.ntf, for example) are transparent to users when accessing a DWA mail file via the Notes client. The iNotesX.ntf template offers full compatibility with the Notes client. In other words, users who access mail files from the Notes client will not notice anything aesthetically different. Within the icon design note of databases created with iNotesX.ntf is a field named $WebHybridDB. The value of this field is set to 1, indicating that this is a Domino Web Access mail database. This is how the Domino Web server identifies a Domino Web Access mail file. The icon note also includes a field called $FormsTemplateFile. We will examine each of these fields later in the course. Although iNotesX.ntf has all of the standard forms and views associated with the standard mail template (for compatibility with the Notes client), most of the design elements are retrieved from the shared forms database (more on this in a moment). The only design elements used from the iNotesX.ntf template are: Standard Views/Folders Proxy documents The iNotesX.ntf template maintains some native design elements that are distinct from the standard mail template, such as: Two agents to synchronize Contacts and Journal entries Views explicitly for iNotes: Tasks View, TOC view, Contacts View, Notebook View Other native design elements which maybe unclear.
Continued on next page

DWA Server

iNotesX.ntf

Last edited 10/24/2005

IBM 2005

What is Domino Web Access?, Continued


Forms5.nsf or Forms6.nsf are the shared forms databases used by all Domino Web Access users. The forms database is used by the Web server to assemble the appropriate forms based on user action and then serve them to the client. It is located in the \data\inotes directory on the DWA server. The Forms databases include the following design elements: Forms Subforms GIFs JavaScript Skins (HTML files used to define the general layout of various pages) Forms Map Table (maps Notes forms to corresponding DWA forms) The FormsX.nsf databases work in conjunction with the iNotesX.nsf databases to create the DWA UI.
Local Contacts and Journal

FormsX.nsf

One major difference between the Domino Web Access client and the Notes client is that the concept of a local address book and local journal doesnt exist with Domino Web Access. Instead, Contact and Journal entries are stored in the mail file as opposed to separate databases. For users that maintain both a Notes client and Domino Web Access client, an agent is available to sync Contact and Journal entries. The agent, which is part of the iNotesX.ntf template, must be run from the Notes client. Domino Web Access uses Domino Off-Line Services (DOLS) to take the mail file offline and work with it locally. The Domino Web Access mail template is already DOLS-enabled, so no configuration needs to be done in order to take it offline. Its essentially the same process used to take any DOLS-enabled database offline. One notable exception is the formsX.nsf database is included in the filesets that DOLS downloads to the local client.
Continued on next page

DOLS

Last edited 10/24/2005

IBM 2005

What is Domino Web Access?, Continued


The following files are installed on the Domino server: Path \data\iNotesX.ntf Description DWA Mail file design template Also installed on the client Shared DWA application design elements (HTML, script, images, etc.)

DWA install files

\data\iNotes\FormsX.nsf Specific to a particular Domino release (Don't copy and move to server running another release of Domino) \data\domino\html\iNotes.cab iNotes Class file (upload control, logout functionality) \data\domino\html\inotes5\help\*.* DWA online help files \data\domino\html\SametimeApplet Sametime applet related files \*.* \data\domino\html\download\fileset DWA DOLS filesets s\n_SHIMMER.*

Last edited 10/24/2005

10

IBM 2005

The Domino Web Access Strategy


Lotus has several client solutions for messaging and collaboration. Each fulfills specific market requirements. In this section we will examine the advantages of the browser-based clients. Since this course focuses on Domino Web Access, IBM Lotus Workplace Messaging and Mobile Notes will not be covered. IBM Lotus Domino Access for Microsoft Outlook (DAMO) will only be mentioned briefly. There are five messaging solutions in the Lotus product portfolio. Each provides a feature set tailored to customer need. Notes Client full-featured client Webmail browser client with minimal features Domino Web Access (aka iNotes) browser client with greatest feature parity to the Notes client Domino Access for Microsoft Outlook (aka DAMO) Lotus Workplace Messaging Mobile Notes handheld device access to the Domino Everyplace Server

Introduction

Clients

Webmail

The Webmail client provides basic browser access to Notes mail and calendar functionality. Webmail is typically deployed in small user communities (10 to 100) where users access email and calendars on a limited basis. The main advantages of Webmail are: Inexpensive solution for users that do not require a feature-rich client Browser UI requires minimal training Easy, no touch deployment
Continued on next page

Last edited 10/24/2005

11

IBM 2005

The Domino Web Access Strategy, Continued


Domino Access for Microsoft Outlook (DAMO) was originally released with Notes/Domino 5.0.5. Key Points about DAMO: Allows migration of servers from Exchange to Domino while maintaining same user client Reduced admin and user training costs Outlook familiarity and smaller footprint Can access local mail file via Outlook This means that disconnected users can work with Notes Mail and PIM
Notes vs. DWA

Domino Access for Microsoft Outlook

Notes is the ultimate client because it is unsurpassed in its feature set and performance. For users who require the highest security and functionality, the Notes client is the best choice. Notes advantages over DWA: Highest functionality & performance Optimized for win32 & Mac platforms Installed client - minimizes server load While Notes is the ultimate client, DWA is the ubiquitous client, allowing access from anywhere at anytime via browser. Since the primary client used for Domino Web Access is the browser, Domino Web Access provides a more generalized type of client access to Domino. DWA provides customers with most of the Notes feature set while minimizing costs. Interoperability with Notes also allows flexibility for users who use both clients. DWA advantages over Notes: Midrange functionality & performance Developed with Web technologies to run cross platform No-touch client -- minimizes rollout & maintenance costs
Continued on next page

Last edited 10/24/2005

12

IBM 2005

The Domino Web Access Strategy, Continued


There are several advantages of using Domino Web Access. Below are some of the most common reasons for implementing DWA. Familiar client for end users (browser) which results in reduced training costs Establishes Domino Server infrastructure without changing the end user experience Reduced administration training costs: "no-touch" client minimizes rollout and maintenance costs Brings Domino Messaging and PIM capabilities to the browser Brings Domino Remote functionality to the browser Smaller footprint than the full Notes client Allows user to access mail file from "anywhere" Allows user to synchronize mail and work offline, which reduces connectivity costs Interoperable with full Notes client - for more advanced Notes application functionality
Interoperability

DWA

Domino Web Access is designed for seamless interoperability with the Notes client. The design and functionality of the iNotesX.ntf mail template is the same in the Notes client as if you are using the standard Notes mail template. Contacts and Journal (Notebook) entries are stored in the DWA mail file. Mail agents in the Notes client allow you to synchronize the personal address book and journal. To sync Contacts, select: Actions - Synchronize Address Book To sync Journal (Notebook) entries select: Actions - Synchronize Journal As a strategic selling point, interoperability with the Notes client again makes DWA the ubiquitous client because, as long as a users mail file is using the DWA template and the DWA server allows access from the Internet, the user can access their mail file from any supported browser anywhere in the world.

Last edited 10/24/2005

13

IBM 2005

The History of IBM Lotus Domino Web Access


This section outlines the evolution of Domino Web Access. Also illustrated is the connection between corresponding mail and forms templates by product version. The first browser-based mail client that could access Domino mail files was Webmail. The Notes mail file is accessed over HTTP/HTTPS. Webmail was introduced in Lotus Notes and Domino 4.6, and required the Web Mail template (mailw46.ntf) or the Combo Mail template (mailc46.ntf). In Notes and Domino 5.x and 6.x, Webmail template design elements were combined into the Standard Mail template (mail50.ntf, mail60.ntf).
Domino Access for Microsoft Outlook

Introduction

Webmail

Domino Access for Microsoft Outlook (DAMO) was first introduced in Notes and Domino 5.0.5. Key Points: Outlook client for NRPC (port 1352) access to Domino Messaging and PIM Capabilities, i.e., a stripped down Notes connection used by Outlook Installed via Web Browser - Notes client not involved Note: With the release of DAMO 6.5.1, many changes and improvements have been made.

Domino Web Access

Domino Web Access (then called iNotes) was introduced in Domino 5.0.8. Key Points: Enhanced Web access to Domino messaging/PIM capabilities Uses powerful web technologies (XML, JavaScript, DHTML) to provide enhanced usability, performance and interface functionality over Webmail Works with Domino Off-line Services (DOLS) to allow users to access web applications (primarily mail files) offline.
Continued on next page

Last edited 10/24/2005

14

IBM 2005

The History of IBM Lotus Domino Web Access, Continued


Starting with Domino 6.0.2 CF1 (and above) and Domino 6.5 (and above) the iNotes6.ntf (as opposed to iNotes60.ntf in previous 6.x releases) inherits all design elements from the Mail6.ntf template (standard mail template), including the DOLS design elements. The template is still considered to be a superset of the standard template; that is, it inherits fully from this template but does have native design elements as well. If you attempt to make any customizations with regards to the iNotes template, make those changes to the Mail6.ntf template as the iNotes template will inherit those changes the next time Designer runs. In Domino releases 6.0, 6.0.1, 6.0.1 CF1 & 6.0.1 CF2: The iNotes60.ntf inherits all design elements from the Mail6ex.ntf template including the DOLS design elements. The iNotes template (iNotes5.ntf or iNotes60.ntf) is a superset of the Extended Mail template (mail50ex.ntf or mail6ex.ntf). What this means is that the iNotes template fully inherits all of the Extended Mail template's design elements. It also inherits the Domino Off-Line Services (DOLS) design elements. These elements are inherited directly from the DOLS Resource template (Dolres.ntf) rather than through the Extended Mail template. How does inheriting from the Extended Mail and DOLS Resource templates affect the iNotes template? If a change is made to the DOLS Resource template or the Extended Mail template the iNotes template will be refreshed with those changes after the Designer task runs on the Domino Server. Are there design elements native to the iNotes template only? Yes there are native design elements to the iNotes template such as: (this information was mentioned earlier, but it bears repeating) Two agents to synchronize contacts and Journal Views explicitly for iNotes: New Tasks View, TOC view, New Contacts View, New Notebook View Other native design elements which are obfuscated
Continued on next page

More about iNotes Mail Templates

Last edited 10/24/2005

15

IBM 2005

The History of IBM Lotus Domino Web Access, Continued


The FormsX.nsf (X refers to a version number) database is one of the databases included as part of Domino Web Access. It contains most of the JavaScript, pass-thru HTML, and images used to implement the User Interface (UI) of Domino Web Access. All the forms, subforms, and graphics used by Domino Web Access (except for certain images in mail views which are either in the Domino icons directory or within the mail template) reside in the FormsX.nsf database located within the <domino data>\iNotes\ subdirectory on the server. The reason for keeping design elements in a different single database, instead of in individual mail databases, is that they can be cached on the server. All the Web browsers accessing mail files on a server will use the same design elements, which can be loaded from the server cache. Caching the elements on the server allows better performance on the server. The various iNotes mail templates correspond to either Forms5.nsf or Forms6.nsf, based on the version of your Domino server. Here is how the templates match up: iNotes5.ntf (5.0.8 - latest) and iNotes60.ntf(6.0 - 6.0.2) use Forms5.nsf which is the original iNotes interface iNotes6.ntf (6.0.2 - latest) uses Forms6.nsf is the newest iNotes interface.
Continued on next page

FormsX.nsf

Last edited 10/24/2005

16

IBM 2005

The History of IBM Lotus Domino Web Access, Continued


The table below outlines the iNotes/Forms template history and hierarchy. The DWA release is the same as the Domino release except for DWA 1.0, which shipped with Domino 5.0.8. After that, release numbers were in synch. This table is also in technote 1158614 which can be found at www.ibm.com/software/lotus/support.

Template Pairing and Inheritance


DWA release
5.0.8 (1.0) 5.0.9 5.0.10 5.0.11 5.0.12

Templates that ship with DWA release

Corresponding Forms Database

Inheritance
iNotes5.ntf inherits from Mail5ex.ntf

iNotes5.ntf

Forms5.nsf

Mailex.ntf = the standard Mail5.ntf plus DOLS design elements which are inherited from Dolres.ntf) iNotes5.ntf inherits from Mail5ex.ntf Mailex.ntf = the standard Mail5.ntf plus DOLS design elements which are inherited from Dolres.ntf) iNotes60.ntf inherits from Mail6ex.ntf Note: As of iNotes 6.0 (and higher) the DOLS design elements are native to the extended template and no longer get inherited from the DOLS Resource template (Dolres.ntf). iNotes5.ntf inherits from Mail5ex.ntf Mailex.ntf = the standard Mail5.ntf plus DOLS design elements which are inherited from Dolres.ntf) iNotes60.ntf inherits from Mail6ex.ntf iNotes6.ntf inherits from Mail6.ntf iNotes5.ntf inherits from Mail5ex.ntf Mailex.ntf = the standard Mail5.ntf plus DOLS design elements which are inherited from Dolres.ntf) iNotes6.ntf inherits from Mail6.ntf

iNotes5.ntf 6.0 6.0.1 6.0.1 CF1 6.0.1 CF2 iNotes60.ntf

Forms5.nsf

Forms5.nsf

6.0.2 CF1 6.0.2 CF2 etc.

iNotes5.ntf

Forms5.nsf

iNotes60.ntf iNotes6.ntf

Forms5.nsf Forms6.nsf

6.5 etc.

iNotes5.ntf

Forms5.nsf

iNotes6.ntf

Forms6.nsf

Continued on next page

Last edited 10/24/2005

17

IBM 2005

The History of IBM Lotus Domino Web Access, Continued


The table below outlines the evolution of Domino Web Access. Refer to the corresponding technotes (when applicable) for more details about extended feature sets and enhancements.

Version History

Web Client Webmail iNotes Web Access for MS Outlook

Notes 4.6 5.0.5 5.0.8 5.0.9 5.0.10

Feature Enhancements N/A N/A much more parity with Notes client than Webmail See Release Notes See Release Notes

Highlights/Comments

6.0

See Release Notes or technote 1093462

iNotes Web Access

6.0.1

See Release Notes or technote 1088797

6.0.2

See Release Notes

Domino Web Access

6.5x

See Release Notes

Sticky view columns Virtual list performance improvements Customizable disclaimer (must modify Forms5.nsf) Send & spell check plain text messages GB 18030 support PDF print for CJK character sets Basically, the latest 5.x IWA with 6.x Notes client interoperability (still uses forms5.nsf) Reading Notes encrypted messages Linux server (IWA now available on all Domino 6 server platforms) Soft deletes Name picker lookups to LDAP directories Disclaimer support (config setting) Blue UI is introduced (iNotes6.ntf/Forms6.nsf) Multiple languages on same server BiDi support Set IWA as default mail client Rich text enhancements tables, page breaks, undo, horizontal lines Next/previous navigation within open mail message Forward/Reply w/History without attachments Mail rules Context sensitive "Follow me" help Linux client support Redhat/Mozilla Send Notes encrypted messages Signing and verifying signatures Local archive Improved performance Integrate WebMail Redirect Improved integration with Sametime Multiple time zone support in calendar views Identify messages which have been replied to or forwarded Enhanced customization ability

Last edited 10/24/2005

18

IBM 2005

Exercise 1.1: The History of Domino Web Access


When troubleshooting DWA issues, it is often advantageous to know when changes have occurred in the client. Being aware of things like changes to template design, feature enhancements, and product fixes will allow you to more quickly focus your attention on the real issue. In this exercise you will become more familiar with the history of changes to Domino Web Access (aka iNotes). Upon completion of this exercise, you will be able to identify distinct characteristics of Domino Web Access versions. This exercise takes approximately 20 minutes to complete. To complete this exercise, you need the following: This student guide Release Notes Pen or pencil
Continued on next page

Overview

Intended Outcome

Timing

Requirements

Last edited 10/24/2005

19

IBM 2005

Exercise 1.1: The History of Domino Web Access, Continued


Using your resources, write down the answers to the following questions. 1. What was the first browser-based mail client that could access Domino mail files? Answer: 2. When did the design elements of the combo mail template become part of the standard mail template? Answer: 3. When did support of Redhat OS and Mozilla browser begin? Answer: 4. When was the capability to read Notes encrypted messages introduced? Answer: 5. When was the capability to send Notes encrypted messages introduced? Answer: 6. When were mail rules brought to the DWA client? Answer: 7. When was Sametime online awareness functionality integrated into DWA? Answer: 8. When was the performance enhancement Gzip compression available in the DWA environment? Answer: 9. I am using the iNotes60.ntf design on my mail file. What corresponding forms database does this mail template work with? Answer:
Results

Instructions

By completing these procedures, you have fulfilled the intended outcome.

Last edited 10/24/2005

20

IBM 2005

Lesson 2: Configuring a DWA Environment Overview


Introduction

This lesson will guide you through the setup and configuration of a test Domino Web Access environment. After completing this lesson you will be able to: State the basic steps required to setup a DWA environment Identify DWA Configuration options in the Server Configuration Document Setup and configure a test DWA environment

Objectives

In This Lesson

This lesson is divided into the following topics: Topic Domino Web Access Setup Basics Exercise 2.1: Setting up a DWA Environment DWA Settings in the Server Configuration Document Exercise 2.2: Working with DWA Settings in the Server Configuration Document Domino Web Access Notes.ini Parameters Exercise 2.3: Working with DWA Notes.ini Parameters See Page 22 26 32 37 41 47

Timing

The timing of this lesson is as follows: Component Overview Topics Exercises Recap Total: Approximate Time 5 minutes 45 minutes 1.5 hours 15 minutes 2 Hours, 35 Minutes

Last edited 10/24/2005

21

IBM 2005

Domino Web Access Setup Basics


Setting up a Domino Web Access environment and enabling users to access their mail files via Domino Web Access is relatively simple. This section outlines the basic setup procedure. Configuring a user for Domino Web Access involves the following steps: Administrator does the following Registers users as DWA users. Loads the Web Server (HTTP Web Services) on the Domino server where the DWA mail files are located Configures the server to use DOLS Supplies the user with their user name Supplies the user with their Internet password. Supplies the user with the URL to their mail file User does the following Points their browser to the URL for their mail file Enters name and Internet password to authenticate with the DWA server Note: The administrator can give existing Notes client users DWA functionality by using the Convert task at the DWA server console and ensuring that the user has an Internet password in their Person document. Likewise, end users can replace the design on their mail files with the iNotesX.ntf template and gain DWA capability in their mail file.
About registering DWA users

Introduction

Setup Basics

Domino Web Access users must have the following: Mail file with a iNotesX.ntf design Internet password Notes ID - if users want to read or send encrypted mail to Domino mail users. Note: When you register users with Mail System = Domino Web Access, the Internet password is automatically set. This is the default. However, if you want to create a Notes ID file for the user, you must manually select, Create a Notes ID for this person.
Continued on next page

Last edited 10/24/2005

22

IBM 2005

Domino Web Access Setup Basics, Continued


When you register DWA users, the following is the minimum required: Firstname Lastname Internet password Mail system = Domino Web Access Certifier Name Information = certifier name Note: Even if you are not choosing to create a Notes ID for the user, you still have to select a certifier on the ID Info page; otherwise you will receive an error.

About registering DWA users

When you register a DWA user, you are given the option to Create a Notes ID for this person. (see below) This option facilitates working offline (DOLS).

An option that is unique to DWA becomes available when you choose Create a Notes ID for this person. The option is to store the user ID in mail file. (see below) This option facilitates sending encrypted mail to other Notes mail file users

Continued on next page

Last edited 10/24/2005

23

IBM 2005

Domino Web Access Setup Basics, Continued


When you register a user as a DWA user by choosing Mail System = Domino Web Access (see below)

Registration Caveat

You will be presented with this dialog below.

The text says: Other user registration settings related to Domino Web Access can be changed now (Domino Web Access mail template, no ID creation, etc.) Make those changes? Be aware of the following caveat: If, for example, in an Notes and Domino 6.5.3 environment, you choose Yes to this prompt when registering a user as a Domino Web Access user, it automatically selects the iNotes6.ntf template for you. BUT, if you select No it automatically selects the Mail6.ntf template for the user, even if the Mail System is still set to Domino Web Access. This could cause problems if the administrator does not realize that he will get the Mail6 design by default if he doesnt select yes when prompted by this dialog box. If you select No to the prompt, the Mail page shows the template mismatch, which you must manually change back to iNotes6.ntf.

Continued on next page

Last edited 10/24/2005

24

IBM 2005

Domino Web Access Setup Basics, Continued


The Web Server service (HTTP task) can be selected during server setup ("Web Browsers (HTTP Web services)" during Server Setup). This will load the HTTP task when the server is started. You can also load the HTTP task if it is not already running to bring web services to the Domino server, effectively making it a DWA server. If you want to give users the ability to work off-line, also choose Domino Off-Line Services (DOLS) during server setup. DOLS is not required to run Domino Web Access. However, if you decide later to provide DWA users with the ability to take their mail files off-line you will have to manually configure the DWA server to use DOLS. Manual configuration of DOLS is not difficult, but its easier to do it during server setup.

About Web Server

About DOLS

Last edited 10/24/2005

25

IBM 2005

Exercise 2.1: Setting up a DWA Environment


In order to successfully solve DWA issues, you need a test DWA environment. In this exercise, you will setup a DWA environment. This course assumes that you have sufficient knowledge of Notes and Domino to install and setup a Notes client, a Domino server, and to register users and connect to the Domino server from the Notes client. You should also be able to use the Domino Administrator and Domino Designer clients. If you already have a test environment setup, you may skip this exercise, however, you may want to complete the exercise to gain more hands-on experience installing and setting up a test DWA environment. This exercise consists of multiple parts, as outlined below: Part I Install and Setup a DWA Server Part II Install Notes, Domino Designer, and Domino Administrator clients Part III Register test DWA users Part IV Connect to the DWA server with Notes and DWA (browser) clients
Intended Outcome

Overview

Upon completion of this exercise, you will be able to configure a Domino Web Access environment, and will have a working Domino Web Access test environment. This exercise takes approximately 1 hour to complete.
Continued on next page

Timing

Last edited 10/24/2005

26

IBM 2005

Exercise 2.1: Setting up a DWA Environment, Continued


To complete this exercise, you need the following: Hardware 2 machines: 1 that can function as a Domino (DWA) server and 1 that can function as a client (Notes/Domino Designer/Domino Administrator and DWA). Check the hardware requirements in the Notes and Domino 6.5.3 Release Notes for information regarding minimum requirements. Software Notes/Domino 6.5.3 install code Documentation IBM Lotus 6..5.3 Administrator Help IBM Lotus Notes 6.5.3 Help IBM Lotus Notes and Domino 6.5.3 Release Notes The documentation is installed with the install code. However, you can also get the documentation here: http://www.lotus.com/ldd/doc Note: At the time this course was created, Domino 6.5.3 was the latest release. Use the latest release available to you.
Continued on next page

Requirements

Last edited 10/24/2005

27

IBM 2005

Exercise 2.1: Setting up a DWA Environment, Continued

Instructions: Part I

Install and Setup a DWA Server Using the Domino 6.5.3 Administrator Help as a reference, install and setup a Domino 6.5.3 Server. Step Action Installing the server Read <Contents View, Installation, Installing and setting up Domino servers, Server installation, Installing Domino on Windows systems>. Note: On step 5, do not select to install partitioned servers. On step 7, select Domino Enterprise Server as the type of server to install. On step 8, click Next to accept all components. Complete the steps to install the Domino server. Setting up the server Read <Contents View, Installation, Installing and setting up Domino servers, Using Domino Off-Line Services (DOLS) and Domino Web Access, Setting up Domino Web Access on a server> 2 Start the server to begin the Domino server setup program. Note: When you setup the Domino server, follow the on-screen guide and select the defaults, but be sure to select "Web Browsers (HTTP Web services)" and Domino Off-Line Services (DOLS) as part of the setup procedure.
Continued on next page

Last edited 10/24/2005

28

IBM 2005

Exercise 2.1: Setting up a DWA Environment, Continued

Instructions:

Part II

Install Notes, Domino Designer, and Domino Administrator clients Using the Notes 6.5.3 Help as a reference, install and setup the Notes, Domino Administrator, and Domino Designer clients on a machine other than the Domino server you installed previously Step 1 2 Action Using the client install code, install all clients (Notes, Domino Designer, Domino Administrator) on the machine that will be functioning as your client machine Launch the Notes client and proceed through the setup screens, connecting to your DWA server as the Administrator that you designated in the setup procedure for your DWA server.
Continued on next page

Last edited 10/24/2005

29

IBM 2005

Exercise 2.1: Setting up a DWA Environment, Continued

Instructions: Part III

Register test DWA users In this part of the exercise, you will register some test DWA users. You will register a user that uses the iNotes5.ntf and a user that uses the iNotes6.ntf so that you can see the differences in the UIs. In addition to accessing the mail files via DWA, you will access them from the Notes client so that you can see the interoperability (transparency) of the mail templates. Step 1 Action Launch the Domino Administrator client and connect to your DWA server as the server administrator. Register a test DWA user with the following criteria: Firstname Lastname Internet password Mail system = Domino Web Access Create a Notes ID for this person Mail file template = Domino Web Access (6) (iNotes6.ntf) Mail file owner access = Manager Store user ID in Domino directory Store user ID in file and note where you save it on your hard drive (you will use this information later) Store user ID in mail file Repeat step 2, but substitute Mail file template = iNotesWeb Access (R5) (iNotes5.ntf) Close the Domino Administrator client.
Continued on next page

3 4

Last edited 10/24/2005

30

IBM 2005

Exercise 2.1: Setting up a DWA Environment, Continued

Instructions: Part IV

Connect to the DWA server with Notes and DWA clients In this part, you will access mail files via Notes and DWA clients. This will allow you to see the interoperability of the clients and the differences between the iNotes6.ntf and iNotes5.ntf UIs Note: Before starting this part, be sure no popup blocking software is enabled in your browser. Step 1 Action Launch the Notes client and switch to the Notes ID you created in step 2 of Part III. If you get a message telling you your new Windows password is setdo you want to log off now? Click No and proceed to enter the users password. Open the users mail file. Note that the design, though based on the iNotes6.ntf template, looks and behaves like a standard Notes mail template. Launch IE and open the same users mail file using DWA. Enter the URL to the users mail file (example): http://dwaserver.domain.com/mail/dwausername.nsf Enter the users name and Internet password. This will open the users Welcome Page in DWA. Note the UI. This is the iNotes6.ntf with forms6.ntf. Send some mail to yourself and take some time to explore the UI. Logout of the DWA client. Now, enter the URL to the users mail file that you registered in step 3 of Part III. Enter the users name and Internet password. This will open the users Welcome Page in DWA. Note the UI. This is the iNotes5.ntf with forms5.ntf. Send some mail to yourself and take some time to explore the UI. Logout of the DWA client.

4 5

7 8
Results

In completing this exercise you have fulfilled the intended outcome and configured a basic Domino Web Access testing environment.

Last edited 10/24/2005

31

IBM 2005

DWA Settings in the Server Configuration Document


In the Server Configuration Document for your Domino Web Access server, you will find a tab labeled Domino Web Access (labeled iNotes prior to the Domino 6.5 names and address book design). On this tab is where the server administrator configures much of the Domino Web Access environment. In this section, you will learn about the various Domino Web Access configuration options on this tab. The following fields control Welcome Page configuration. Function Clicking the View/Modify button allows the administrator to customize the Welcome Page for all users. Sample Page (default generic) Custom Page (set Welcome Page URL and Title) Custom Layout (advanced custom layout) Note: this option will not work on DWA files based on the iNotes5 or iNotes60 templates. Permit users to edit the Welcome page layout. Default = Enable

Introduction

Welcome Page

Field

Default Welcome Page

Allow user to edit the Welcome Page


Alarms

The following fields control Alarm settings. Field Function Enable (default) to allow users to set alarms for appointments, meetings, events, and task deadlines. Disable to prevent users from setting alarms that may slow server performance. Enter a number to specify how often, in minutes, the Domino Web Access client checks the server for alarms. Default is 5 minutes. Increase this number to improve server performance.
Continued on next page

Alarms Minimum alarm polling time

Last edited 10/24/2005

32

IBM 2005

DWA Settings in the Server Configuration Document, Continued


The following fields control Mail settings. Field
Minimum mail polling time When sending mail, set format to Name resolution and validation Maximum attachment size (kb)

Mail

Function
Enter a number to specify how often, in minutes, the Domino Web Access client checks the server for new mail. Default is 5 minutes. Increase this number to improve server performance. Choose Plain text, or Let user decide (default). This setting allows you to restrict outgoing mail to plain text only. Plain text messages can be read by most legacy mail applications. Allowing the user to decide lets the user pick the format for every outgoing mail message. Enable to allow alternate name lookups, similar to "type-ahead" in Notes. Lets user resolve ambiguous names and use alternate names by checking names against a contact list or Domino Directory. Enabled by default. Specify size limit for attachments. The Maximum POST data field on the Domino Web Engine tab of the server doc must be set to a larger value than this one. Set to 0 for unlimited size. Set to 50MB by default.

Mail Encryption

The following fields control Mail Encryption settings. Function


Enable (default) to allow users to use a stored Notes ID to read encrypted mail in versions prior to 6.5. In 6.5 and later, Notes public key encryption support has been added, allowing users to send, sign, and verify Notes encrypted messages in addition to reading encrypted messages. The user's ID must be stored in the mail database. Enable this option to allow users to delete their Notes ID from their mail database. By default, this field is not enabled. Enable to allow users to export and save their ID in a separate file. By default, this field is not enabled. Select one to set SSL requirement: No -- (default) To treat encrypted mail the same as unencrypted mail Client -- To require the browser client to use SSL, but not the server. An http cookie is inspected by server to make sure request is over SSL. If not, an SSL redirect occurs. Both -- To require both the browser client and the server to use SSL. Enable to use JavaScript to redirect SSL. By default, this field is enabled. Note: Some reverse-proxy servers do not properly fixup 302 redirects. If so, enabling this option may help (uses JavaScript instead). Disable this option unless necessary.
Continued on next page

Field
Encrypted mail support Allow user to delete their Notes ID from their mail database Allow user to export their Notes ID Require SSL when accessing secure mail features

Use JavaScript for SSL-redirection

Last edited 10/24/2005

33

IBM 2005

DWA Settings in the Server Configuration Document, Continued


The following fields control disclaimer text added to mail memos. Function

Disclaimer Text

Field

Select one: Disabled -- No disclaimer text will display Add disclaimer notice At the top -- To display disclaimer text at the top of Domino Web Access to mail memo mail messages At the bottom -- (default) To display disclaimer text at the bottom of Domino Web Access mail messages Disclaimer text or Type the disclaimer text you want to display (in HTML format) on all Domino HTML Web Access mail messages. By default, this field is blank.

Offline

The following fields control offline usage in Domino Web Access. Field Function
Enable to allow users to encrypt their offline mail files for security. Sets the default encryption setting in the user preferences of the DWA users mail file. If you enable encryption, complete the next two fields to set the encryption level. By default, this field is disabled. Choose one: Simple -- provides protection against casual snooping. Default setting if above field is enabled. Medium -- provides the right balance among security, strength, and fast database access. Probably the right choice for most users. Strong -- when security requirements are paramount, and the resulting database access performance is acceptable. This setting, when enabled (default), overrides the administrator-specified encryption level and allows users to choose their own encryption level. If disabled, prevents the settings from displaying in preferences. When selected, this option enables the "Go Offline" feature in the Domino Web Access client. Disable this option to prevent users from using Domino Web Access offline, disconnected from the network. By default, this field is enabled. Enter the number of days to wait before synchronizing offline databases (default is 90). Users can reset this for each offline subscription file using the Domino Sync Manager. Default = disabled Limit the size of attachments which will be included in synchronization. Default = disabled

Encrypt offline mail databases

Offline database encryption level

Allow user to choose encryption level Allow user to go offline Only sync documents modified in the last x days. Limit document attachments during sync

Continued on next page

Last edited 10/24/2005

34

IBM 2005

DWA Settings in the Server Configuration Document, Continued


The following fields control International settings. Function
Enable (default) to allow Domino Web Access users to display alternate names in a native language. Alternate name support Disable to prevent Domino Web Access from displaying alternate user names in a native language. When disabled, users see alternate names in English only. Note: The alternate name must be registered and certified before using this. This setting overrides the preferred language for an alternate name in user Preferences. Pick from a list to select the default alternate name language. Default is English. Lets users choose the preferred language for an alternate name. Displays on Other tab "Default Display Name" Disable (default) to prevent users from controlling alternate name support.

International

Field

Preferred alternate name language

Allow user to choose alternate name display

Start Up View

The following fields control what View Domino Web Access opens on startup. Function
Enable (default) to allow users to choose what view opens by default when Domino Web Access is launched. Note: this feature is broken with no plans to fix. See technote # 1161132 for more information and possible workarounds. Select the view that displays when the user logs on to Domino Web Access. Default = Welcome

Field
Allow user to select default active view When opening Domino Web Access, open to

Continued on next page

Last edited 10/24/2005

35

IBM 2005

DWA Settings in the Server Configuration Document, Continued


The following fields control miscellaneous other settings in the Domino Web Access user environment. Function
Enable (default) to allow users to create archives of their mail files on the server. Disable to prevent creation of mail archives to save disk space on the server. If disabled, users will see "Archiving has been disabled. Please contact your administrator for details" Enable (default) to allow users to create a full-text index of their mail, calendar, and task entries on the server. Disable to prevent creation of full-text indexes to save disk space on the server and improve performance. Note: if disabled, setting doesn't display Disable to prevent users from changing their Internet password. Note: if disabled, Internet Password button does not appear. Default = enabled Enable (default) to allow users to print various calendar formats, including DayRunner, Franklin Planner, and Trifold. Calendar printing uses the PDF format from Adobe Acrobat. Disable to prevent users from printing Calendar formats using PDF. Note: displays the Print button if enabled. Enable (default) to allow users to use the custom file upload utility to dragand-drop file attachments, select files easily, and have multiple file views. Disable to allow users to use the standard browser file upload utility. If enabled, the DWA server will compress response data back to the browser when appropriate. This is Gzip Compression. Note: Enable this option only if you have a lot of dialup users. While this option speeds up response time for dialup users, it reduces scalability. There is a price to be paid when you minimize the bandwidth that is taken up over the wire. The price that is paid is a loss of scalability. This is because when the responses are compressed, more processor usage is required per response, so the CPU is going to be busier. In other words, we are adding more overhead to the server to compress the responses. So, if you dont have dialup connections, you shouldnt have Gzip compression enabled. If you are worried about how many connections you can have on your server and you dont have dialup (you have a high-speed network), then you shouldnt enable GZIP compression because theres no real noticeable performance benefit to the user community if you have high-speed networks already. Default = enabled

Other Settings

Field
Archiving on server

Full-text indexing Modification of Internet password Calendar printing Domino Web Access ActiveX file attachment utility

Compress HTTP response data

Last edited 10/24/2005

36

IBM 2005

Exercise 2.2: Working with DWA Settings in the Server Configuration Document
Overview

This exercise is intended to make you more familiar with the process of implementing changes to the Server Configuration Document that affect Domino Web Access users, and then testing the changes in the DWA client. Upon completion of this exercise, you will be familiar with the process of testing DWA settings as defined in the Server Configuration Document. This exercise takes approximately 20 minutes to complete. To complete this exercise, you need the following: DWA Server Domino Administrator client Test DWA user account Administrator account to the DWA Server Browser
Continued on next page

Intended Outcome

Timing

Requirements

Last edited 10/24/2005

37

IBM 2005

Exercise 2.2: Working with DWA Settings in the Server Configuration Document, Continued
Instructions: Part I

Follow the steps below to change the Default Welcome Page for DWA users. Step 1 2 3 4 5 6 7 8 9 10 Action Login to a DWA mail file using on of your test DWA accounts. Note the Welcome Page (it should be the default Sample Page). From your Domino Administrator client, open your test DWA server. Click on the Configuration tab, and open the Configuration Document for your DWA server Click on the Domino Web Access tab. Put the document in Edit mode and click on the View/Modify button next to Default Welcome Page. Expand the dropdown menu next to Page Layout, and select Custom Layout. Create a layout from one of the 6 layout template options. Click OK when you are done. Save the Configuration Document. At your DWA server console, issue a tell http restart command. Switch back to your browser and refresh the page. Note that it now reflects the page you created in step 7.
Continued on next page

Last edited 10/24/2005

38

IBM 2005

Exercise 2.2: Working with DWA Settings in the Server Configuration Document, Continued
Instructions: Part II

Follow the steps below to add a disclaimer notice to a mail memo. Step 1 2 3 4 5 6 7 8 9 10 11 12 13 Action From your Domino Administrator client, open your test DWA server. Click on the Configuration tab, and open the Configuration Document for your DWA server Click on the Domino Web Access tab. Put the document in Edit mode. At the bottom of the form, set the Add disclaimer notice to mail memo field to At the bottom. In the Disclaimer text or HTML field, enter the following (without the quotes): This is confidential information. Please do not forward or copy. Save the Configuration Document. At your DWA servers console, issue a tell http restart command. Login to one of your test DWA user accounts. Send an email to yourself. Refresh your browser and view the email you just sent. Note the disclaimer text at the bottom of the message. Experiment with the other settings available for disclaimer text (Disabled, At the Top, enter some different disclaimer text, etc.)
Continued on next page

Last edited 10/24/2005

39

IBM 2005

Exercise 2.2: Working with DWA Settings in the Server Configuration Document, Continued
Instructions: Part III

Follow the steps below to enable and disable the Domino Web Access ActiveX
file attachment utility.

Step 1 2 3 4 5 6 7

Action From your Domino Administrator client, open your test DWA server. Click on the Configuration tab, and open the Configuration Document for your DWA server Click on the Domino Web Access tab. Put the document in Edit mode. In the Other section, note the value of the Domino Web Access ActiveX file attachment utility field. It should be enabled by default (if not, enable the option and save the document). Switch to your browser and login to one of your test DWA user accounts. Create a new message and note the Add attachments field of the dialog box. Experiment with the drag and drop and multiple file views functionality of this field by dragging a small text file from your Windows Explorer into the field. Example:

9 10 11 12 13 14 15
Results

Close the Message dialog box without saving the message. Switch back to the Configuration Document and disable the Domino Web Access ActiveX file attachment utility field. Save the configuration document. At your DWA servers console, issue a tell http restart command. Switch back to your browser and create a new message. Note the Add attachments field and the reduced ease-of-use functionality. Close the Message dialog box without saving the message.

By completing this exercise you have attained the stated skill objective.

Last edited 10/24/2005

40

IBM 2005

Domino Web Access Notes.ini Parameters


There are several Notes.ini parameters that can be implemented on the DWA server to configure the DWA user environment. Most DWA Notes.ini parameters came into being as a result of customer requests for the functionality provided. In this section we will examine the Notes.ini parameters (see the Sametime Integration Lesson for Notes.ini parameters specific to DWA/Sametime Integration). The table below lists the general Notes.ini parameters specific to DWA functionality. Read through the parameters and their functions. Parameter
$DOLSDirectoryCatalog=director y.nsf

Introduction

General parameters

Function
Sets the name of a Domino directory that the user may take offline. This setting makes a part of the interface visible in the user's preferences, giving users the option of taking the server's directory catalog or Domino directory offline. Example: $DolsDirectoryCatalog=dc.nsf The user sees a new preference setting, "Include server's Name and Address Book". If the user enables this setting, the server's directory catalog will be included among the files when the user goes offline. Disables the Active Content Filter. A setting of 1 disables the filter. Setting this variable to 0 (or omitting it from the server's NOTES.INI file) enables the filter. Specifies a URL to redirect users to after logging out from server. The setting provides normal cache clearing with the Domino Web Access control, and clearing of browser credentials. This variable allows sites which have additional actions that need to happen on a logout (such as logging out of a reverse proxy server) to specify a URL to do this additional activity. Or you can use this variable to return people to an initial login page. Example: iNotes_WA_LogoutRedirect=http://www.ibm.com Specifies the maximum number of names to return on name lookups. The default is 200. You can reduce this number to improve server performance Example: iNotes_WA_NameLookupMaxNumMatch=100
Continued on next page

iNotes_WA_DisableActCntSecurit y=value iNotes_WA_LogoutRedirect=URL

iNotes_WA_NameLookupMaxNu mMatch=value

Last edited 10/24/2005

41

IBM 2005

Domino Web Access Notes.ini Parameters, Continued


General parameters (continued)

Parameter
iNotes_WA_AutoUseWebmail=va lue

Function
Use this setting to automatically go to Webmail, in instances where Domino Web Access is not supported by the browser. 0 - Does not fail over to Webmail when using a browser that is not supported by Domino Web Access. 1 - Automatically invokes Webmail if Domino Web Access is not supported by the browser in use. Prevents Domino Web Access from offering a choice to fall back to Webmail when the browser is not supported. 0 - Allows Domino Web Access to invoke Webmail when using an unsupported browser.

iNotes_WA_NoWebmail=value

iNotes_WA_OOO_RunOnWeeken ds=value

1 - Prevents fail over to Webmail. Use this setting to run the Out-of-Office agent on weekends. 0 - Prevents Out-of-Office agent from running on weekends (Default) 1 - Enables Out-of-office agent to run on weekends Use to allow or deny the logout option on portals. Description: Set to 1 to offer the logout option on portals. 0 - Disables this setting (Default) 1 - Enables this setting

iNotes_WA_PortalLogout=value

iNotes_WA_PortalOffline=value

Use to allow or deny the offline option on portals. 0 - Disables this setting (Default) 1 - Enables this setting

Continued on next page

Last edited 10/24/2005

42

IBM 2005

Domino Web Access Notes.ini Parameters, Continued


General parameters (continued)

Parameter
iNotes_WA_PortalSkipEndIESessi on=value

Function
Use this setting to avoid logging out of other web applications when logging out of Domino Web Access during a portal session (when using & ui = portal session). 0 - Disables this setting (Default) 1 - Enables this setting

iNotes_WA_SessionCheck=value

Allows Domino Web Access clients to detect whether a connection to the server is present before submitting requests. This setting incurs an additional HTTP request on every POST operation, but helps greatly reduce the likelihood of lost user data due to the Web server being down or network problems. 0 - Disables this setting (Default) 1 - Enables this setting

iNotes_WA_SkipEndIESession=v alue

Use this setting to avoid issues with other open Web pages being negatively impacted by a Domino Web Access logout. When the Domino Web Access control is in use, Domino Web Access makes a call to end the IE session as part of a Domino Web Access logout. This clears any login credentials stored in IE memory and in memory cookies being used within this IE process (or any child processes spawned from this process). It is preferable for users to log in to other web sites through a separate instance of IE, instead of using this setting. Users can start the additional instances from the desktop, the quick launch toolbar, or the start menu. When users start additional instances in this way, logging out of Domino Web Access does impact the other IE windows. 0 - Disables this setting (Default) 1 - Enables this setting

Continued on next page

Last edited 10/24/2005

43

IBM 2005

Domino Web Access Notes.ini Parameters, Continued


Use the Notes.ini variable inotes_WA_LogoutScrubType to set the level of automatic URL cache clearing. Syntax: inotes_WA_LogoutScrubType=value

Cache clearing parameters

Value

Description (Default) Best for subsequent Domino Web Access performance. Deletes all URLs that begin with the mail file path, except those that have a strategically placed KeepInCache (&KIC) argument. This argument marks page pieces that contain mostly design. Keeping these pieces in the cache offers a significant performance improvement when next using Domino Web Access. Examples of files deleted from the cache: Parts to a MIME message retrieved via a separate URL. Attachments opened when not using the Domino Web Access control. Deletes all URLs that begin with the mail file path. This is the best balance between Domino Web Access performance and security. It does not impact caching used by other Domino or other web applications, nor does it impact caching of pages on the same Domino server or on other servers. Examples of files deleted from the cache (in addition to those listed for type 0):

Most list and calendar view HTML top-level pages. The s_SessionInfo JavaScript page, which contains data about various preferences and relevant Domino Web Access configuration settings. Includes various variants of the current user's name (common name, abbreviated canonical name, full canonical name). The h_TOC JavaScript page, which contains information about the functional areas available for current user and initial URL information. The s_Outline, which contains information about folder names.
Continued on next page

Last edited 10/24/2005

44

IBM 2005

Domino Web Access Notes.ini Parameters, Continued


Cache clearing parameters (continued) Value Description Deletes all URLs in the cache that originate from the server hostname, except for URLs that contain /iNotes/Forms6.nsf, the current Forms file (or iNotes/Forms5.nsf). The best balance of performance and security when the user might access other pages in Domino databases on the same server, or might access Domino Web Access and other reverse proxied intranet sites that might be cached (for example, linking to sites via QuickLinks in the Welcome page or through document links in received mail). For pages accessed via reverse proxy, the server refers to the Reverse Proxy server. Does not impact the performance of other Web sites the user might visit after logout. Examples of files deleted from the cache (in addition to those listed for types 0 and 1): Pages generated from any other Notes or non-Notes Web application on the server In a reverse proxy scenario, pages generated from any other Notes or non-Notes web application on the same server or any other server that is reachable from a reverse proxy server Domino view icons Deletes all URLs in the cache that originate from the server hostname. Provides more security, but impacts Domino Web Access performance negatively for subsequent logons because all cached static script and image pieces are deleted. Does not impact web applications or pages generated from other servers, so does not negatively impact performance of other Web sites the user might visit after logout. Examples of files deleted from the cache (in addition to those listed for Types 0-2) are: URLs to /iNotes/Forms6.nsf (or /iNotes/Forms5.nsf) Domino Web Access static code pages, images, and style sheet. (Secure option) Deletes all URLs in the cache except for URLs that contain /iNotes/Forms6.nsf, the current Forms file (or iNotes/Forms5.nsf). The best balance of performance and security for Domino Web Access, but may negatively impact the performance of other web applications or pages the user might be using. Examples of files deleted from the cache (beyond those listed for type 0-2) are: Any external web pages loaded by the Domino Web Access Welcome page, or traversed to via Domino Web Access or any other browser instance. (More Secure option) Deletes all URL s in the cache. Provides the highest security, but has the greatest impact on Domino Web Access performance for subsequent logons since all cached static script and image pieces are deleted. Examples of files deleted from the cache (beyond those listed for all other types) are: URLs to /iNotes/Forms6.nsf (or /iNotes/Forms5.nsf), as well as Domino Web Access static code pages, images, and style sheet.
Continued on next page

Last edited 10/24/2005

45

IBM 2005

Domino Web Access Notes.ini Parameters, Continued


By default, Domino Web Access uses compression (GZIP format) to reduce network bandwidth consumption and provide better performance, particularly for users with slow network connections. You can use the following Notes.ini settings to turn GZIP compression on and off, and to specify the types of content to compress. After compression, Domino Web Access generated pages are cached in the web server's page cache, which also improves server performance. Parameter
iNotes_wa_GZIP_Disable=value

Gzip parameters

Function
Use this setting to turn compression on and off. The default is 0 (on). For example to turn off compression: iNotes_wa_GZIP_Disable=1 Note: You can also disable GZIP compression using the "Compress HTTP response data" setting on the Domino Web Access tab of the Configuration Settings document.

iNotes_wa_GZIP_Content_Types_ Included=value

Use this setting to define which types of content you want to compress. The default is: "text/*;application/*" For example, to compress all text: iNotes_wa_GZIP_Content_Types_Included="text/*" Use this setting to define which types of content you do not want compress. The default is: "image/*;application/pdf" For example to exclude XML data so that it will not be compressed: iNotes_wa_GZIP_Content_Types_Excluded="image/*;text/xml "

iNotes_wa_GZIP_Content_Types_ Excluded=value

Last edited 10/24/2005

46

IBM 2005

Exercise 2.3: Domino Web Access Notes.ini Parameters


Awareness of the various server-side DWA configuration options available via Notes.ini parameters is necessary skill when configuring a DWA environment. In this exercise you will assess a problem and identify the Notes.ini parameter that will resolve the DWA issue. Upon completion of this exercise, you will be able to Identify the correct DWA Notes.ini parameters to solve specific needs in a DWA environment
Timing

Overview

Intended Outcome

This exercise takes approximately 10 minutes to complete. To complete this exercise, you need the following: Pen or pencil Test DWA server DWA client Test DWA user account
Continued on next page

Requirements

Last edited 10/24/2005

47

IBM 2005

Exercise 2.3: Domino Web Access Notes.ini Parameters,


Continued

Instructions

Using this document as a resource, write down the answers the following questions. 1. An administrator is worried about items left in the local browser cache for a group of DWA users in her companys HR department. This group of users has access to the most highly confidential employee information, and she wants all cached URLs deleted upon logout of DWA. Performance concerns are not an issue. What Notes.ini parameter should she implement on these employees DWA server? Answer: 2. An Administrator wants to configure the DWA environment for DWA users to take a Directory Catalog offline. He has created a Directory Catalog named Dircat.nsf for all of his users, but his users dont even see an option to take a Domino Directory offline in their User Preferences. What else does he need to do to make the Directory Catalog available offline for his DWA users? Answer: 3. The network requires the use of a reverse proxy server for added security. You need to have DWA users logout of the reverse proxy after logging out of DWA. How can you easily redirect DWA users to the reverse proxy server <http://revprox01.us.acme.com> for logout upon logging out from DWA? Answer: 4. A company has DWA users who are on the road 90% of the time and need to be sure that they will not lose data due to connectivity issues while working from the road. How can an administrator ensure that DWA users are less likely to lose data due to connectivity issues? Answer:

Results

By successfully completing this exercise, you have achieved the stated objective.

Last edited 10/24/2005

48

IBM 2005

Lesson 3: Domino Web Access Processes Overview


Introduction

In this lesson you will learn about the inner workings of Domino Web Access. After completing this lesson you will be able to: Explain what happens when a DWA user accesses their mail file Explain what is cached at the client Explain why a user might not be prompted to download the ActiveX control Explain how DWA generates web pages View and identify DWA-specific fields with Domino Designer

Objectives

In This Lesson

This lesson is divided into the following topics: Topic Behind the Scenes How Domino Web Access Generates Pages Exercise 3.1: Viewing DWA Fields with Domino Designer See Page 51 55 59

Timing

The timing of this lesson is as follows: Component Overview Topics Exercise Recap Total: Approximate Time 5 minutes 25 minutes 15 minutes 10 minutes 55 Minutes

Last edited 10/24/2005

49

IBM 2005

Behind the Scenes


What happens when a DWA user accesses their mail file? The following table outlines what happens at each stage of the process. Stage 1 Description Using a supported browser, the end user accesses their mail file via http or https by entering the URL to their mail file. The user is authenticated following the Domino Internet security settings in the DWA servers Server Document (R5.x) or Internet Site document (R6.x). In Domino 5.x, select Server Document Internet Protocols Domino Web Engine HTTP Sessions to check the settings. In Domino 6.x, check the Basics tab of the Server Document to see if Internet Sites documents are enabled. If this option is enabled, check the Internet Sites documents (Domino Web Engine tab) in the Domino Directory to verify the HTTP and HTTPS authentication options. The Domino Web Server processes the URL and inspects the database icon note for a field called $WebHybridDB. If this field is found the value should be set to 1 (default value) indicating that this is an Domino Web Access mail database. The Domino Web Access logic in the Web server is invoked overriding the Web servers normal operation. The DWA logic then locates the shared forms database by retrieving the value from the field $FormsTemplateFile (also found in the database icon note). The Domino URL ?OpenDatabase is activated which redirects the request to a ?OpenDocument URL that represents the first document the user has access to in a view called s_TOC (Table of Contents) located in the shared forms database. The end user sees the Welcome Page and has DWA functionality as defined by the Server Configuration Document, Domino Web Access tab and/or DWA Notes.ini parameters. An iNotes cookie is downloaded to the client where all application settings are stored. An ActiveX component is downloaded to the client when the user attempts to send a message for the first time.
Continued on next page

Accessing a mail file

3 4 5

7 8 9

Last edited 10/24/2005

50

IBM 2005

Behind the Scenes, Continued


For each database URL path, Domino Web Access creates a cookie. This cookie is only retained in memory and is never written to the users hard drive. Development took special care to keep cookie values as small as possible since they are sent to the server with every request. The maximum total number of characters that can be sent to the server in one cookie is 4k (including the cookie name). Domino Web Access uses cookies to keep track of the following (each value name is in parenthesis): If alarm monitor is active (AMActive) Current date within the calendar view (CallDate) Last calendar view visited so when the user clicks the top level Calendar menu it knows what to display Current letter contact displayed in Contacts view (ContactTab) Current date in date navigator (DNIDate) Current GroupCalendar view (GsView) Last mail folder visited (MOFolder) Column number used for sorting (MOSortBy) When the last time new mail was polled for (NMTLP) New mail count found on poll (NMCount)
Client-side Caching

Browser Cookies

It is recommended that users use the Logout button to end their Domino Web Access session in order to clear cached information. Below is a list of what is cached on the client: View data will be cached in the browser cache if youre using SSL. This is related to an IE bug that forces the data to be stored there if using https. It does not occur if youre using http. Variable script and GIF files A copy of a launched attachment is stored in the \temp\iNotes Web Access directory. If you print or preview your calendar using a supplied PDF format, Adobe Acrobat Reader creates a file in the system temp directory that is a copy of the calendar that was just printed or previewed. The file remains there until Adobe Acrobat Reader is shut down. The file is usually named acrxxx.tmp were xxx is a hexadecimal number. Alarms are stored in the browser cache in the following directory: \profiles\username\application\data\microsoft\internet explorer\userdata (for W32). Note: No document data is cached
Continued on next page

Last edited 10/24/2005

51

IBM 2005

Behind the Scenes, Continued


In the Microsoft world, an ActiveX control is roughly equivalent in concept and implementation to a Java applet. ActiveX controls can be downloaded as small programs or animations for Web pages, but they can also be used for any commonly-needed task by an application. In Domino Web Access, we have the iNotes Class ActiveX control, also known as the Domino Web Access Upload Module. You are prompted when it's needed, such as: When creating a new message Logging out for the first time Uploading/downloading an attachment

iNotes Class ActiveX control

If you answer no, you get the browser version of attachment upload. If you answer yes, it is installed to the winnt\downloaded program files directory. It is viewable, deletable, etc., in IE by selecting: Internet Options - General tab - Settings - View Objects The codebase for the iNotes Class is the inotes_x.cab file on the server: \data\domino\html
Continued on next page

Last edited 10/24/2005

52

IBM 2005

Behind the Scenes, Continued


If you are not prompted to install the iNotes Class file You may already have it You may already trust content from IBM (check Internet Options - Content Tab Publishers). If you checked the box to always trust content from IBM then any ActiveX control signed by IBM is trusted automatically. It may be disabled at the server (check Server Config doc - Domino Web Access tab Domino Web Access ActiveX file attachment utility field It may be disabled at the browser (check Internet Options - Security tab Custom Level - Download signed ActiveX controls) Popup blocking software is enabled
Activity

No prompt to install iNotes Class file?

Take a few minutes to locate the iNotes class file on your client machine. Do this in Internet Explorer by selecting: Internet Options - General tab Settings - View Objects When you locate the file, right click on it and explore the properties.

Last edited 10/24/2005

53

IBM 2005

How Domino Web Access Generates Pages


Domino Web Access uses the QuickPlace architecture for generating web pages. Every page generated is generated as a result of a ?OpenDocument or ?EditDocument URL. There is no concept of opening a view but pages may be generated that contain data from one or more Domino views. This is done via Proxy documents. Proxy documents can be opened via the ?OpenDocument URL command and can include data from a view. Examples of proxy document design elements are iwaMail, iwaCalendar and iwaContacts and are located in the Domino Web Access mail file. Proxy documents can easily be viewed with the LDD utility, NotesPeek.
About NotesPeek

Proxy documents

NotesPeek is a tool available in the Lotus Sandbox section of developerWorks: Lotus. NotesPeek presents the information in Notes databases as it is available through the Notes API. NotesPeek can be downloaded here: http://www.lotus.com/ldd/sandbox.nsf/DownloadPage?OpenForm under the By Product View and Standard View Type.
Continued on next page

Last edited 10/24/2005

54

IBM 2005

How Domino Web Access Generates Pages, Continued


To see the Proxy documents complete the following steps: Step 1 2 3 4 Action Open the mail file in NotesPeek Expand the Design Elements. Scroll down until you see the design elements beginning with iwa Note the Proxy documents in a test users DWA mail file. Example of viewing proxy documents in NotesPeek:

Procedure

Continued on next page

Last edited 10/24/2005

55

IBM 2005

How Domino Web Access Generates Pages, Continued


When an end user points their browser to their Domino Web Access mail file the following process happens (e.g. Displaying the default Welcome page): Stage 1 2 3 Description The Domino Web Server processes the URL and inspects the database icon note for a field called $WebHybridDB. If this field is found the value should be set to 1 (default value) indicating that this is a Domino Web Access mail database. The Domino Web Access logic in the Web server is invoked overriding the Web servers normal operation. It then locates the shared forms database by retrieving the value from the field $FormsTemplateFile (also found in the database icon note). The Domino URL ?OpenDatabase is activated which redirects the request to a ?OpenDocument URL that represents the first document the user has access to in a view called s_TOC (Table of Contents view) located in the shared forms database.

Process

Procedure

To view the $WebHybridDB and $FormsTemplateFile fields, perform the following steps. Step 1 2 3 Action Open the DWA mail file in the Domino Designer client. Navigate to the Other design elements. Click on Database Resources.
Continued on next page

Last edited 10/24/2005

56

IBM 2005

How Domino Web Access Generates Pages, Continued


Procedure (continued)

Step 4 5 6 7

Action In the right-hand pane, right click on Icon. Click Design Properties on the popup menu. Click on the Fields tab. Highlight the desired field to view its value. Example:

Last edited 10/24/2005

57

IBM 2005

Exercise 3.1: Viewing DWA Fields with Domino Designer


You can quickly identify whether a mail file is a Domino Web Access mail file and which forms database is associated with it by examining the $WebHybridDB and $FormsTemplateFile fields in the mail file. This key information can help you focus your efforts when troubleshooting customer issues. Upon completion of this exercise, you will be able to use the Domino Designer client to examine key fields in a DWA mail file. This exercise takes approximately 15 minutes to complete. To complete this exercise, you need the following: Domino Designer client DWA mail files you created in the Setting up a DWA Environment exercise Using this student guide as a reference, complete the following steps. Step 1 2 3 4 5 6 7 8 9 Action Launch your Domino Designer client. Switch to the Notes ID for the DWA user you registered in Part III step 2 of the previous exercise, Setting up a DWA Environment. (this is the iNotes6.ntf UI user) In the left hand pane, expand the Other twisty and click on Database Resources. In the right-hand pane, right click on the Icon document. Click Design Properties in the popup menu. Click on the fields tab. (second from the left) Highlight the field $WebHybridDB and note the value. Highlight the field $FormsTemplateFile and note the value. Repeat steps 2 through 8 for the DWA user you registered in Part III step 3 of the previous exercise, Setting up a DWA Environment. (this is the iNOtes5.ntf UI user)

Overview

Intended Outcome

Timing

Requirements

Instructions

Results

By completing this exercise, you have successfully achieved the objective.

Last edited 10/24/2005

58

IBM 2005

Lesson 4: Security Overview


Introduction

In this lesson you will learn the basics of DWA security as it applies to authentication, logout manipulation, and active content on the client side. After completing this lesson you will be able to: Explain and configure DWA session-based user authentication on the DWA server Explain what happens when a user logs out of DWA Explain the purpose of the DWA Redirect option State the purpose of the Active Content Filter and caveat of using it

Objectives

In This Lesson

This lesson is divided into the following topics: Topic DWA User Authentication Logging Out of DWA The Active Content Filter Exercise 4.1: Configuring DWA Session-Based Authentication See Page 61 65 69 70

Timing

The timing of this lesson is as follows: Component Overview Topics Exercise Recap Total: Approximate Time 5 Minutes 45 minutes 45 minutes 10 minutes 1 Hours, 45 Minutes

Last edited 10/24/2005

59

IBM 2005

DWA User Authentication


In this lesson, you will look at basic security settings in the Domino Web Access environment in the areas of: Authentication DWA Active Content Filter Login/Logout
Session Authentication

Introduction

field

Authentication for Domino Web Access users is configured in the DWA Servers server document in the following location: Internet Protocols Domino Web Engine Session Authentication field(s).

When you edit the Session authentication field, you are presented with 3 choices: Disabled (this is the default setting) Single Server Multiple Servers (SSO)

Continued on next page

Last edited 10/24/2005

60

IBM 2005

DWA User Authentication, Continued


This is Basic User ID/Password authentication. There is no timeout the session remains open until the user logs out or closes the browser. The User ID and password is sent with every request.

Disabled

If the Session authentication field is set to Disabled on the DWA server, users will be prompted to login with the generic browser login dialog. The credentials may be cached/persisted by the browser if the box is checked next to "save this password in your password list." It is recommended that users do not select the check box Save this password in your password list on their browser. If this box is checked, the password is saved on the workstation, and unauthorized users could access this mail file later since both the username and the password would be prefilled.
Continued on next page

Last edited 10/24/2005

61

IBM 2005

DWA User Authentication, Continued


The Single Server value allows you to configure session-based authentication, which means you can set the timeout values for user sessions. The Single Server option presents you with two more self-explanatory fields: Idle session timeout specifies this time period in minutes in which a session times out. Maximum active sessions specifies the maximum number of concurrent active user sessions allowed on the server.

Single Server

If the Session authentication field is set to either Single Server or Multiple Servers (SSO), users will be prompted to login with the default login web page (yellow background).

Continued on next page

Last edited 10/24/2005

62

IBM 2005

DWA User Authentication, Continued


Like Single Server session authentication, Multiple Servers (SSO) authentication allows you to set a timeout value for user sessions. Multiserver session-based authentication, also known as single sign-on, allows Domino cookies to span servers. It also allows Domino and WebSphere Portal servers to interoperate and share cookies. When you select Multiple Servers (SSO), you are presented with the Web SSO Configuration field. Here, you pick the Web SSO Configuration document of your choice.

Multiple Servers (SSO)

The Web SSO Configuration document has fields where you can set the token expiration setting for user sessions, as well as an idle session timeout value.

When using session-based authentication (Single Server or Multiple Servers SSO), the User ID/Password is sent only on login. After login, the client's name and encrypted password is stored in a cookie on the workstation. Note: To use session authentication, Web users must use a browser that supports cookies since Domino uses cookies to track user sessions.

Last edited 10/24/2005

63

IBM 2005

Logging Out of Domino Web Access


What happens when a user logs out of Domino Web Access? The following sequence of events describes what happens behind the scenes. This information is also found in technote 1106483. Stage 1 2 3 4 5 6 Description The Logout page is displayed. A ?Logout request is issued to the Domino server; this ends any session-based authentication in effect. Attachment files launched via the upload control are deleted. Browser cache entries are cleared; the iNotes_WA_LogoutScrubType setting affects this. The Internet Explorer (IE) Session is ended, and a call is made to clear cached browser credentials. An iNotes_WA_LogoutRedirect setting specified in the Notes.ini is checked and, if found, the specified page is displayed.

Logging Out

Note: To make logout more secure, #5 listed above was added in iNotes Web Access 5.0.9. This clears ALL browser credentials, including those for sites you still wish to be logged in to. This issue is described in the document, "All Cookies From Browser Are Cleared When Logging Out of iNotes Web Access 5.0.11", technote 1091581). A new server Notes.ini variable was introduced in 5.0.12 to disable this clearing of credentials: iNotes_WA_SkipEndIESession=1 However, this is less secure as it now leaves responsibility to the user to close the browser session.
Continued on next page

Last edited 10/24/2005

64

IBM 2005

Logging Out of Domino Web Access, Continued


At this point (step 6 above), temporary internet files remain on the machine. As stated before, if you have not downloaded the iNotes Control Class, you get a generic logout screen. However, if you downloaded the iNotes Control, you have two logout options: Result Secure: deletes all temporary internet files for URLs beginning with the user's mail file path; all personal data has been cleared. More Secure: deletes all temp internet files "Logout for Shared PCs or for URL entries in cache, leaving cookie Kiosk Users" references for other URLS - same as deleting temporary internet files via Internet Options. Option Close Window button (same as closing the browser)

Logging out: additional info

DWA Redirect

Domino Web Access Redirect (aka Mail Jump) allows administrators to configure their DWA server to make it easier for end users to access their mail files. With Domino Web Access Redirect, users do not need to know the name of their mail file and mail server, they need only know the name of the Domino Web Access Redirect server. Domino Web Access Redirect uses Domino authentication methods to redirect a user's browser to their mail file based on their username/password. Prior to the release of Notes/Domino 6.5.0 and 6.0.3, customers had to download DWA Redirect from the Sandbox area of developerWorks: Lotus. To configure the DWA server to use DWA Redirect, the administrator creates the DWA Redirect database from the template, opens it in a Notes client, clicks Setup and follows the prompts to set it up. When downloaded from developerWorks: Lotus, the templates match up as follows: WebMailRedirect261.nsf - Domino 4.x and above WebMailRedirect641.ntf - Domino 5.x and above WebAccessRedirect650.ntf - Domino 6.x and above WebAccessRedirect 650.ntf is the same template as iwaredir.ntf that is included in Domino 6.5x.
Continued on next page

Last edited 10/24/2005

65

IBM 2005

Logging Out of Domino Web Access, Continued


Without Domino Web Access Redirect the user types in the following to access her mail file: http://bubba.com/mail/jusers.nsf With Domino Web Access Redirect the user types http://bubba.com For more information about configuring DWA Redirect, see Domino Administrator 6.5.3 Help, Index View, Domino Web Access Redirect, Using Domino Web Access Redirect to access mail in Domino Web Access. iNotes_WA_L ogoutRedirect First available in Domino 5.0.10, the iNotes_WA_LogoutRedirect notes.ini variable specifies the URL to redirect users to after logging out from the server, doing normal cache clearing with the iNotes Control, and clearing browser credentials. This variable allows sites that have additional actions that need to happen on a logout (such as logging out from a reverse proxy server) to specify a URL to do this additional activity. Or you can use this variable to return people to an initial login page. This variable has no default value.
Continued on next page

Example

Last edited 10/24/2005

66

IBM 2005

Logging Out of Domino Web Access, Continued


To ensure the highest level of security to mail files being accessed from the Internet, setting up a reverse proxy server to handle inbound requests to mail files using Domino Web Access as the client is highly recommended. A reverse proxy server is a server located between the Internet and your trusted Internal network that intercepts requests from browser users on the Internet (such as Domino Web Access users), and forwards them to the appropriate web server. In this case, the appropriate web server is your internal Domino mail server for Domino Web Access users How does a reverse proxy server make your internal Domino mail server for Domino Web Access users more secure? The RP uses rules, configuration documents, and sometimes authentication to control access The URL typed in by the user is remapped "behind the scenes" HTTP(S) must be enabled at the internal servers. In terms of Domino Web Access, this means that your mail server for Domino Web Access users must be running HTTPS. There is an excellent article on how to configure a WebSphere Edge reverse proxy server to ensure security from unauthorized users:
www.lotus.com/ldd/today.nsf/ lookup/Configuring_IWA_Edge_ReverseProxy

Reverse Proxy Server

Last edited 10/24/2005

67

IBM 2005

The Active Content Filter


The Active Content Filter in DWA is intended to remove potentially harmful active content (JavaScript, Java, ActiveX) from HTML in mail messages prior to display in a browser. The Active Content Filter does not protect against viruses in attachments. Active content filtering can reduce server performance because it requires a full parse of HTML content and a rewrite of the content. Use the NOTES.INI variable, iNotes_WA_DisableActCntSecurity, to disable the Active Content Filter. A setting of 1 disables the filter. Setting this variable to 0 (or omitting it from the server's NOTES.INI file) enables the filter. You can think of the Active Content Filter in DWA as being similar to antivirus software. If you are already running antivirus software, disable the Active Content Filter if you need to address performance issues.

Active Content Filter

Last edited 10/24/2005

68

IBM 2005

Exercise 4.1: Configuring DWA Session-Based Authentication


Overview

By default, session-based authentication is disabled. In this exercise you will enable session-based authentication for your DWA server. Upon completion of this exercise, you will be able to configure a DWA server to use session-based authentication. This exercise takes approximately 45 minutes to complete. To complete this exercise, you need the following: DWA server Domino Administrator Client DWA user account Browser

Intended Outcome

Timing

Requirements

Instructions: Part I

Complete the following steps to enable Single Server Session-based authentication. Step 1 2 3 4 5 6 7 Action Login to the DWA server as one of your test DWA users and note the login dialog box. This is the default Disabled setting for HTTP session authentication (assuming none of the default settings have changed since you initially setup your DWA server). Logout of DWA. Launch the Domino Administrator client. Open your DWA server and click on the Configuration tab. Open the Server Document. In the server document, click Internet Protocols Domino Web Engine. In the Session Authentication field, change the setting from Disabled to Single Server.
Continued on next page

Last edited 10/24/2005

69

IBM 2005

Exercise 4.1: Configuring DWA Session-Based Authentication, Continued

Step 8 9 10 11 12
Instructions: Part II

Action Leave the Idle session timeout field at its default setting of 30 minutes and the Maximum active sessions field at its default setting of 1000. Close and save the server document. Cycle the HTTP task by entering tell http restart at the DWA servers console. Login to the DWA server as one of your test DWA users and note that you now are prompted with the session-based login screen (web form with yellow background). Logout of DWA.

Even though our test DWA environment consists of only one Domino server, the ability to setup SSO is a good skill to learn. Complete the following steps to enable Multi-Server SSO authentication. Step 1 2 3 4 5 6 Action Launch the Domino Administrator client. Open your DWA server by clicking File Open Server and selecting your DWA server. Click on the Configuration tab. Expand the Server twisty and click on Current Server Document. From the Action bar, click on the Create Web (R5) button and select SSO Configuration from the drop down menu. In the Web SSO Configuration form, click on the Keys... action button and select Create Domino SSO Key. Click OK once the key has been created.
Continued on next page

Last edited 10/24/2005

70

IBM 2005

Exercise 4.1: Configuring DWA Session-Based Authentication, Continued

Step

8 9 10 11 12 13 14 15 16

Action On the Basics tab of the Web SSO Configuration document, fill in the fields as follows: Configuration Name: LtpaToken Organization: leave this field blank DNS Domain: <your DWA servers DNS domain> Example: .austin.ibm.com Domino Server Names: <hierarchical name of your DWA server> Leave the other fields at their default settings. Save and close the Web SSO Configuration document. Open your DWA servers Server document. In the Server document, click Internet Protocols Domino Web Engine. In the Session Authentication field, change the setting from Single Server to Multiple Servers (SSO). In the Web SSO Configuration field, select LtpaToken and click OK. Save and close the Server document. Restart the HTTP task on the DWA server. Login to the DWA server as one of your test DWA users and note that you are again prompted with the session-based login screen (web form with yellow background). Logout of DWA.

Results

In completing this exercise you have fulfilled the intended outcome and configured session-based authentication in your Domino Web Access testing environment.

Last edited 10/24/2005

71

IBM 2005

Lesson 5: Sametime Integration with Domino Web Access Overview


Introduction

In this lesson you will learn how to incorporate Sametime functionality into your DWA environment. After completing this lesson you will be able to: Identify pre-configuration considerations Describe the functionality available with Sametime Integration in DWA Install and Configure a Sametime Server Integrate a Sametime server in your test DWA environment Identify Notes.ini server parameters that are specific to DWA Implement DWA-specific Notes.ini parameters on your DWA server

Objectives

In This Lesson

This lesson is divided into the following topics: Topic Sametime Integration with Domino Web Access Exercise 5.1: Installing a Sametime Server Exercise 5.2: Integrating Domino Web Access with Sametime Key Technotes For Troubleshooting Sametime Integration with Domino Web Access DWA/Sametime Notes.ini Parameters Exercise 5.3: Working with DWA/Sametime Notes.ini Parameters See Page 74 78 84 87 88 90

Timing

The timing of this lesson is as follows: Component Overview Topics Exercises Recap Total: Approximate Time 5 minutes 30 minutes 1 hour 45minutes 15 minutes 2 Hours, 35 minutes

Last edited 10/24/2005

72

IBM 2005

Sametime Integration with Domino Web Access


Domino Web Access can be integrated with Sametime to bring chat and online awareness functionality to the DWA client. The steps to configure DWA with Sametime are not difficult, but there are many steps and many things to consider when completing the process. This section will explain the components of DWA/Sametime integration. Exercises follow that will allow you to get hands-on experience configuring a Domino environment that integrates Sametime features with Domino Web Access.
Pre-install considerations

Background

Before you bring Sametime functionality to your Domino Web Access users, there are some key points that must be understood. The DWA and Sametime servers must be dedicated servers. This means that each should be on its own box dedicated to one purpose: providing DWA services or providing Sametime services If the DWA server is pre Domino 6.5.1, the DWA and Sametime servers must be in the same Domino domain If the DWA server is Domino 6.5.1 or later, the DWA and Sametime servers can be in different Domino domains

Sametime Server considerations

Know which versions of Sametime will run on which versions of Domino See technote - "Sametime 2.5/3.x: Which Versions of Domino are Supported or Recommended?" (technote 1096416) Sametime server upgrade issue If you are upgrading your Sametime server from 2.5 to 3.0 or 3.1 and stlinks is not working, remove the following file: <drive name>:\Lotus\Domino\ibm-jre\jre\lib\ext\ibmjcaprovider.jar
Continued on next page

Last edited 10/24/2005

73

IBM 2005

Sametime Integration with Domino Web Access, Continued


There are several things to be aware of if DWA users will be using the Mozilla client. Mozilla only works with Forms6.nsf Sametime functionality in Mozilla DWA only works with a Sametime 3.1 server The version of Stlinks.jar file on the DWA server must be a signed version. If it is not a signed version, replace it with the signed version which can be found on in the Toolkit\stlinksignedapplet\ directory on the Sametime installation CD #2. Requires Java Runtime Environment (JRE) plug-in v1.4.2 or later. See the redbook, Domino Web Access 6.5 on Linux, p.344 for more details. What is Stlinks? Stlinks.js (Sametime Links JavaScript) is a runtime component of the Sametime Links Toolkit that is installed on the Sametime server when Sametime is installed. It is placed in the <Data>\html\sametime\stlinks folder along with other JavaScript, HTML, and GIF files that provide the UI for Sametime Links. The file is called stlinks.js in the Windows world and stlinks.jar in the UNIX world. For more information on Stlinks, see the redbook, Working with the Sametime Client Toolkits, Chapter 12.
Continued on next page

Mozilla browser support

Last edited 10/24/2005

74

IBM 2005

Sametime Integration with Domino Web Access, Continued


Starting in Domino 6.5, Domino Web Access has Instant Messaging (Sametime) online Awareness capabilities similar to that which are available in the Notes 6.5x Client. When this Awareness is enabled in Domino Web Access you are able to utilize integrated Instant Messaging features. These features include: Seeing the on-line status of others within views and folders Seeing the on-line status of others within mail messages and Calendar entries Initiating an instant messaging session from within a view/folder Initiating an instant messaging session from within a mail message or Calendar entry The Instant Messaging Awareness capabilities supplement the Chat feature which has been available in iNotes Web Access (renamed to Domino Web Access) since its release with Domino Server version 5.0.8.
6.5 vs 6.5.1

Chat vs. Online Awareness

The Chat and Instant Messaging Awareness functionality differs slightly between DWA 6.5 and DWA 6.5.1. In Domino Web Access 6.5: When you are logged into your DWA 6.5x mail file via your web browser, you see a "Chat" button on the DWA action bar regardless of whether you have enabled the "Instant Messaging" option in your DWA preferences. It is important to note that Chat and Instant Messaging Awareness are two separate functionalities in Domino Web Access 6.5. If the "Enable Instant Messaging" option in the DWA 6.5 Preferences is left disabled, DWA will function with Sametime in the way that it does in releases prior to 6.5, assuming that Domino has been configured to interface with Sametime properly. In Domino Web Access 6.5.1 (and above): In DWA 6.5.1 (and above) if you do NOT select the "Enable Instant Messaging" checkbox in Preferences, neither the Chat nor the Awareness functionality is available.
Continued on next page

Last edited 10/24/2005

75

IBM 2005

Sametime Integration with Domino Web Access, Continued


In a nutshell, the following steps must be completed to bring Sametime awareness and chat functionality to Domino Web Access: Given: your DWA environment and your Sametime environment are functioning properly independent of one another. 1. Create Connection documents so the DWA and ST server can replicate the Domino Directory 2. Define the Sametime server for DWA users (via Person doc or Notes.ini setting) 3. Choose and configure Authentication scheme 4. Copy appropriate files between the DWA and Sametime servers 5. Users Must Select "Enable Instant Messaging" in their DWA Client 6. Test Your Configuration

Integration Steps

Last edited 10/24/2005

76

IBM 2005

Exercise 5.1: Installing a Sametime Server


In order to successfully solve DWA/Sametime Integration issues, you need a Sametime server in your test DWA environment. In this exercise, you will setup a Sametime server in your test DWA environment. If you already have a Sametime server installed in your test environment, you can skip this exercise, but you may want to go through the process again just for practice. This exercise consists of multiple parts, as outlined below: Part I Register, install, and setup a second Domino server in the DWA servers domain Part II Install a Sametime server and Sametime Connect client Part III Test your Sametime environment
Intended Outcome

Overview

Upon completion of this exercise, you will be able to install and setup a Sametime server. This exercise takes approximately an 35 minutes to complete.
Continued on next page

Timing

Last edited 10/24/2005

77

IBM 2005

Exercise 5.1: Installing a Sametime Server, Continued


To complete this exercise, you will need the following: Hardware 1 machine that can function as a Sametime 6.5.1 server. 1 machine that can function as a Sametime Connect 3.1 client Check the system requirements in IBM Software Support: Lotus technote 1162251- Sametime 6.5.1: System Requirements for information regarding minimum requirements for both the server and the client Note: the Sametime 3.1 Installation Guide has some inaccuracies regarding system requirements. The technote addresses this information. Software Domino server 6.5.3 install code Sametime Server 6.5.1 install code (client install code is included with the server) Domino Administrator Client (already installed from prior exercise) Documentation Domino 6.5.1 Administrator Help (comes with Domino 6.5.3) Sametime 6.5.1 Installation Guide Get the documentation here: http://www.lotus.com/ldd/doc
Continued on next page

Requirements

Last edited 10/24/2005

78

IBM 2005

Exercise 5.1: Installing a Sametime Server, Continued

Instructions:

Part I

Register, Install, and Setup a second Domino server the DWA servers domain Using the Domino 6.5.1 Administrator Help as a reference, install and setup a Domino 6.5.3 Server in the same Domino domain as your DWA server. Step Action Registering the second Domino server If you are not familiar with registering an additional Domino server in an existing domain, read <Contents View, Installation, Installing and setting up Domino servers, Server Registration> before proceeding further. Next, read < Contents View, Installation, Installing and setting up Domino servers, Registering a server> Note: On step 5 - ignore 5a; you will supply the certifier ID (5b); for step 5c, click Continue to apply the current settings to all servers registered in this registration session. Complete the steps in the document to register the Domino server. Installing the server Read <Contents View, Installation, Installing and setting up Domino servers, Installing Domino on Windows systems>. Note: On step 5, do not select to install partitioned servers. On step 7, select Domino Enterprise Server as the type of server to install. On step 8, click Next to accept all components. Complete the steps in the document to install the Domino server. Setup the server Start the server to begin the Domino server setup program. Setup this server as an Additional Server in your environment. When you setup the Domino server, follow the on-screen guide and select the defaults. When setup is complete, exit the setup program and launch the Domino server to verify it runs without error.
Continued on next page

Last edited 10/24/2005

79

IBM 2005

Exercise 5.1: Installing a Sametime Server, Continued

Instructions:

Part II

Install a Sametime server and Sametime Connect client Using the Sametime 6.5.1 Installation Guide as a reference, install a Sametime 3.1 Server over the Domino server you installed and setup in Part I. Step Action Installing the Sametime server Read <Contents View, Installing Sametime 3.1 on a Domino Server, Run the installation CD to install the Sametime 3.1 server >. Follow the steps in the document to install the Sametime server. Note: On step 9, select Domino as the directory type On step 10, leave the check box disabled (not checked) Installing the Sametime Connect client From the machine that is functioning as your client, map a drive to the hard drive where your Sametime server is installed. Browse for this file: \lotus\domino\data\domino\html\sametime\sametimeclient.exe Run the executable and install the Sametime Connect client

Last edited 10/24/2005

80

IBM 2005

Exercise 5.1: Installing a Sametime Server, Continued


Validate that your Sametime installation functions properly in its native Sametime environment. Step 1 Action Launch the Sametime client (be sure your Sametime server is up and running). You will need to change the Sametime Connectivity information in your Sametime Connect client to match your Sametime servers Fully Qualified Domain Name. Example: leadbelly.myserver.com Logon to Sametime by logging in as a user that is in the Domino Directory on your Sametime server (this can be either servers admin, for example).

Instructions: Part III

Continued on next page

Last edited 10/24/2005

81

IBM 2005

Exercise 5.1: Installing a Sametime Server, Continued


Instructions: III (continued)

Step

Action Send yourself an instant message to test the Sametime installation.

If it doesnt work, search www.ibm.com/software/lotus/support and use technotes to troubleshoot and resolve the issue.

Results

By completing these procedures, you have fulfilled the intended outcome.

Last edited 10/24/2005

82

IBM 2005

Exercise 5.2: Integrating Domino Web Access with Sametime


Domino Web Access core functionality can be integrated with Sametime to provide tools for on-demand collaboration like chat and on-line awareness. In completing this exercise, you will configure your Domino Web Access server to work with your Sametime server. This will bring Sametime chat and awareness functionality to your Domino Web Access users. This exercise takes approximately 1 hour to complete. To complete this exercise, you need the following: Domino 6.5.3 server running the HTTP task (your DWA server) Domino Server running Sametime 6.5.1 Domino Administrator Client Admin ID Notes Client IBM Software Support: Lotus website Notes/Domino 6.5.3 Release Notes Domino 6.5.3 Administrators Guide
Continued on next page

Overview

Intended Outcome

Timing

Requirements

Last edited 10/24/2005

83

IBM 2005

Exercise 5.2: Integrating Domino Web Access with Sametime, Continued


Instructions

Using technote 1159197, Complete Steps to Configure Sametime Integration with DWA 6.5.x as a resource; configure your DWA and Sametime servers to bring Sametime functionality to your DWA users. Keep the following points in mind as you configure your servers: This exercise assumes that you have completed prior exercises and have a DWA and Sametime 3.1 server already operating. Therefore, you may skip the parts of the technote that you have already completed (parts 1 and 2) or are unnecessary (part 9). When you reach part 5 of the technote, you will skip to part 7 since you have already configured your DWA server to use SSO for the authentication scheme. Refer to the information in the table below to complete part 7 and configure your Sametime server for SSO authentication.

SSO Config Steps

When you get to part 7 of the technote, there is a disclaimer that states that SSO configuration is beyond the scope of the document. Since you have already configured you DWA server to use SSO, follow the steps below to bring your Sametime server into the SSO environment. Once you have completed these steps, return to part 8 of the technote. Step 1 Action Edit and save the Web SSO Configuration document in the Domino Directory on your DWA server and add the hierarchical name of your Sametime server to the Domino Server Names field. Note: Cant see the Web SSO doc? See technote 1117076. Edit and save the Server document in the Domino Directory on your Sametime server and configure it to use SSO and the LTPAToken. See steps 9 13 on p.72 of this doc for more detail. Add the following parameter to your DWA servers Notes.ini file: iNotes_WA_SametimeToken=0 (this step is specified in part 7 of the technote) Replicate the changes in the Domino Directories on your servers so that the Domino Directories are identical (Server docs and Web SSO doc updates).
Continued on next page

2 3 4

Last edited 10/24/2005

84

IBM 2005

Exercise 5.2: Integrating Domino Web Access with Sametime, Continued


If you cant get it to work

If you complete all of the steps and Sametime functionality is still not working in the DWA client, refer to the technote # 1158798, Troubleshooting Problems with Chat and Awareness in DWA 6.5.x, and try to resolve the issue. In completing this exercise, you have demonstrated your ability to meet the stated objective.

Results

Last edited 10/24/2005

85

IBM 2005

Key Technotes For Troubleshooting Sametime Integration with Domino Web Access
Introduction

As stated before, with so many steps in the configuration process, customers often miss a step, which causes Sametime features to not work in DWA. Also, customers often configure their Sametime server for HTTP tunneling over a port other than the default of 8082. If the Sametime server is configured for tunneling over a different port than the default, Chat and Awareness will break in DWA 6.5.x. The following technotes provide valuable information when troubleshooting DWA/Sametime integration issues. 1158798 - Troubleshooting Problems with Chat and Awareness in DWA 6.5.x 1161236 - When Sametime Is Configured for Tunneling, Chat and Awareness Do not Work in DWA 6.5.x 1154819 - Is it Possible to Configure DWA Chat to Tunnel Using Port 80 or 8080? 1098887 - Enabling and Viewing Java Console Information In Internet Explorer

Technotes

Activity

Take 20 minutes to read the four technotes listed above.

Last edited 10/24/2005

86

IBM 2005

DWA/Sametime Notes.ini Parameters


There are several Notes.ini parameters that can be implemented on the DWA server to configure a DWA/Sametime Integrated user environment. In this section we will examine the Notes.ini parameters specific to DWA/Sametime Integration that can be implemented on the DWA server. The table below lists the Notes.ini parameters specific to DWA/Sametime functionality. Read through the parameters and their functions. Function Use this setting to turn off instant messaging and live names for all users. By default, instant messaging is enabled for anyone that Domino Web Access determines has a Sametime token or Lightweight Third Party Authentication (LTPA) token and a Sametime Server assigned. 0= off iNotes_WA_LiveNames=value 1= on (Default) Use this setting to turn off live names for all users. By default, live names are enabled for any Domino server (6.5 or later) for which instant messaging is possible, if the user has set a preference to enable Instant Messaging. (The stlinks APIs must have been successfully loaded as part of the Domino Web Access page from the Domino Web Access server also.) 0= off iNotes_WA_SametimeJavaConnect=val ue 1= on (Default) Use this setting to use the Sametime Connect for browsers user interface, rather than the Domino Web Access chat user interface. 0= off 1= on (Default)
Continued on next page

Introduction

General parameters

Parameter iNotes_WA_Chat=value

Last edited 10/24/2005

87

IBM 2005

DWA/Sametime Notes.ini Parameters, Continued


General parameters (continued)

Parameter Function iNotes_WA_SametimeServer=hostname Provides a way of setting a Sametime hostname (messaging.ibm.com for example) for all Domino Web Access users (useful for clustered configurations). If not specified, the Sametime server is looked up on an individual user basis, by looking within the current user's Directory entry for a "SametimeServer" field. This Domino server name is then looked up within the ($Servers) view to determine the Internet hostname of the Sametime server. This parameter can save administrators a lot of time, since it eliminates manual updating of Person docs or creating an agent to update Person documents. iNotes_WA_SametimeToken=value Use this setting to turn off the usage of secrets and tokens authentication and use only LTPA token if it is present. 0= off iNotes_WA_STLinksCodebase=URL 1= on (Default) Provides a way of specifying a different first parameter to the STLinksURL API call. Use this setting to set the path to https, to specify a port to the Sametime server, or to specify another reverse proxy path. For example:
http://proxy.reverse.com/messaging/sametime/s tlinks

iNotes_WA_STLinksLocal

For Internet Explorer only, use this setting to turn off loading \stlinks from the Domino application server. If you set this value to 0, \stlinks is loaded from a Sametime server set up in the user's Person document instead. This is useful if different releases of Sametime server are running in an organization. 0= off 1= on (Default)

Last edited 10/24/2005

88

IBM 2005

Exercise 5.3: Working with DWA/Sametime Notes.ini Parameters


Overview

Awareness of the various server-side DWA/Sametime configuration options available via Notes.ini parameters is a necessary skill when helping to configure DWA environments. In this exercise you will set a Notes.ini parameter on your DWA server that affects the DWA/Sametime user experience. You are encouraged to experiment with the remaining DWA/Sametime parameters on your own. Upon completion of this exercise, you will be able to Configure a DWA/Sametime Notes.ini parameter and test its use

Intended Outcome

Timing

This exercise takes approximately 10 minutes to complete. This Exercise requires completion of Exercises 2.1, 5.1, and 5.2. To complete this exercise, you need the following: Test DWA server Test Sametime server DWA/Sametime servers integrated so that Chat and Online Awareness is functioning in the DWA client DWA client Test DWA user account
Continued on next page

Requirements

Last edited 10/24/2005

89

IBM 2005

Exercise 5.3: Working with DWA/Sametime Notes.ini Parameters, Continued


Instructions

Using this document as a resource, complete the following steps. Step 1 2 3 4 5 6 7 8 9 Open the Notes.ini file on your DWA server again. Edit this line to read as below and save and close the file. iNotes_WA_LiveNames=1 At the DWA servers console, cycle the DWA server. In your DWA client, refresh the browser. Be sure to use the browsers refresh button and not the refresh action button in the DWA UI. What do you see? Write down your observations below: Action Login to a test DWA account (iNotes6.ntf UI user). Note that the green Live Names online awareness icon appears next to your user name. Open the Notes.ini file on your DWA server and add the following line: iNotes_WA_LiveNames=0 At the DWA servers console, cycle the DWA server. In your DWA client, refresh the browser. Be sure to use the browsers refresh button and not the refresh action button in the DWA UI. What do you see? Write down your observations below:

10 11
Results

Logout of the DWA client.

By successfully completing this exercise, you have achieved the stated objective.

Last edited 10/24/2005

90

IBM 2005

Lesson 6: Domino Off-line Services (DOLS) and DWA Overview


Introduction

This lesson is designed to introduce you to offline services and functionality in Domino Web Access. After completing this lesson you will be able to: Explain DOLS basic functionality Identify DOLS components and their function Take a DWA mail file offline Use the IBM Lotus Domino Sync Manager to work with a DWA mail file Perform basic DOLS/DWA troubleshooting techniques

Objectives

In This Lesson

This lesson is divided into the following topics (or this topic is divided into the following sections): Topic DOLS Basics DOLS Components Exercise 6.1: Taking Your DWA Mail file Offline How DOLS Works Exercise 6.2: Working with the IBM Lotus Domino Sync Manager DOLS and Passthru Support Troubleshooting DOLS in DWA See Page 93 94 101 107 112 114 116

Timing

The timing of this lesson is as follows: Component Overview Topics Exercises Recap Total: Approximate Time 5 minutes 30 minutes 45 minutes 15 minutes 1 Hour, 35 Minutes

Last edited 10/24/2005

91

IBM 2005

DOLS Basics
Domino Off-Line Services gives browser users the ability to take Domino Web-based applications offline via the browser, work with the application offline and synchronize the local application with the server-based copy of the application. From a conceptual standpoint, its the same idea as using the Notes client to create a local replica and replicate changes between the local and server-based database. DOLS allows DWA users to work with mail files offline. In this lesson we will focus on how DWA users work with offline mail files. Note: Since the focus of this course is on Domino Web Access, we will be working with DOLS in conjunction with mail files exclusively - - not web applications.
DOLS Advantages

What is DOLS?

Some of the advantages of using DOLS with Domino Web Access are: Allows you to access your mail file (or any other DOLS-enabled db) locally Reduces server traffic Working locally is much faster and more efficient than over expensive and/or slow connection

DOLS Components

DOLS is made up of the following components: Server Side DSAPI Filter File Doladmin.nsf database Offline Security Policy document DOLS Subscription for the Web app or database to be taken offline Client Side Doluser.id Subscriptions (local database replicas) IBM Lotus Domino Sync Manager Local databases (Dolnames.nsf and Dolconfig.nsf)

Last edited 10/24/2005

92

IBM 2005

DOLS Components
If the server administrator chose to include DOLS as part of the server setup of his DWA server, there really isnt anything that needs to be configured on the server for DWA users to take their mail files offline - - it should already be configured by default to allow for offline mail use by DWA users. However, if the administrator needs to manually setup DOLS on the DWA server, these are the basic steps: Set the DSAPI filter in the server doc Create the DOLADMIN.NSF database Create an Offline Security Policy document in DOLADMIN.NSF
Definition: DSAPI Filter

Configuring DOLS at the Domino server

DOLS is an extension of the Domino Web Server and loads during server startup. Domino Web Server API, or DSAPI, gives you the ability to develop and register a dll file (or filter) with the Domino Web engine to extend Dominos web authentication mechanism. The DOLS DSAPI filter is used to handle URL requests against the DOLS download page. It triggers the reading of subscription information and ID file deployment and passes this info to the DOLS download control. The filter is specified in the Server Document: Internet Protocols HTTP DSAPI Filter File Names. You must specify the correct DSAPI filter file based on the platform of your Domino Server for DOLS as part of the DOLS configuration process. Example: Value for W32 Domino server platform

DSAPI Filter: Key Facts

If you select to install DOLS during the setup of the Domino server, the DSAPI filter file names field is automatically populated. There can be more than one value in the field, e.g., Websphere also uses a DSAPI filter file Domino reads the values in the field in order, from left to right. The log.nsf doesn't show the DOLS load; it's console only HTTP Server: DSAPI Domino Off-Line Services HTTP extension loaded successfully
Continued on next page

Last edited 10/24/2005

93

IBM 2005

DOLS Components, Continued

DSAPI Filter Files by Platform

The table below lists DSAPI filter file names by platform. When populating the DSAPI Filter File Names field in the Server Document, select the value based on the values in the table according to the servers platform. Platform Win32 Linux AIX Solaris AS/400 OS390 Value for DSAPI field ndolextn libdolextn libdolextn libdolextn LIBDOLEXTN LIBDOLEXTN

Activity

Take 5 minutes to complete this activity. On your test DWA server, open the Server Document and click Internet Protocols HTTP. Locate the field, DSAPI Filter File Names and verify that the correct filter file name is populating this field. If the field is blank or contains the incorrect filter name, enter the correct filter name, save the document, and restart the HTTP task on your DWA server.
Continued on next page

Last edited 10/24/2005

94

IBM 2005

DOLS Components, Continued


This database is where you configure Offline Security Policy documents for Domino domains, and where you can track offline use. This database is created from the doladmin.ntf template. Beginning with Domino 5.0.5, the DOLS Administration Database (doladmin.nsf) is created by default, during the install and setup of the Domino server.

Definition:
DOLADMIN.NSF

Definition: Offline Security Policy

The Offline Security Policy is a document you create in the doladmin.nsf database that controls how offline users IDs (doluser.id) are created. The 3 basic options for creation of the doluser.id file are: Prompt for ID during download This option copies the users supplied Notes ID into the doluser.id. Automatically generate user Ids With this option, the doluser.id is created and certified during download. A certifier ID must be attached and password supplied in the policy document. Use Domino Directory for ID lookup With this option, the process looks up the users Person document in the Domino Directory and copies the Notes ID from the users Person document into the doluser.id that is created.
Continued on next page

Last edited 10/24/2005

95

IBM 2005

DOLS Components, Continued


By default, the Offline Security Policy is set to Prompt for ID during download. This means that before the subscription installs, the users is asked to specify where on their computer their Notes User ID is stored. The Notes User ID is copied into the doluser.id that gets created. The administrator must provide a Notes ID to the user beforehand so the user can select it when prompted. Even if no Offline Security Policy exists in doladmin.nsf, the Prompt for ID during download deployment policy is used. As previously stated, if the server administrator chose to include DOLS as part of the server setup of the DWA server, there really isnt anything that needs to be configured in the Offline Security Policy for DWA users to take their mail files offline - - it should already be configured by default to allow for offline mail use by DWA users via the Prompt for ID during download method. The administrator simply needs to be sure that each DWA user that wants to work offline has a local copy of their Notes ID. For more information on creating offline security policy documents, see Domino Administrator Help, Creating a DOLS Off-line Security Policy document.
Continued on next page

Default Offline Security Policy

Last edited 10/24/2005

96

IBM 2005

DOLS Components, Continued


No matter which Offline Security Policy option you choose, an offline User ID is created for each offline user that takes a database offline (i.e. installs a subscription). This ID is called doluser.id and is downloaded to the users local hard drive the first time they install a subscription. By default on Windows machines, the doluser.id file is created in this location:
C:\Program Files\Lotus iNotes\data\dols\User Name OU Organization\doluser.id

Definition: Doluser.id

Example: Notes user name is Jane Smith/Midwest/Acme C:\Program Files\Lotus iNotes\data\dols\jane smith midwest acme\doluser.id Example: Notes user name is John Doe/Acme C:\Program Files\Lotus iNotes\data\dols\john doe acme\doluser.id For more information on Doluser.id, password and DOLS security, see the IBM Support Software: Lotus white paper 7003798, Password Security and Domino Off-Line Services (DOLS).
Local DOLS databases

There are two important local databases unique to DOLS that are stored in the \program files\lotus iNotes\data folder on the local hard drive. Dolnames.nsf Stores the offline user's Person document and Internet Password Dolconfig.nsf Stores doluser.id password, encrypted locally by the local dolserver.id Opened when Lotus iNotes Sync Manager loads
Continued on next page

Last edited 10/24/2005

97

IBM 2005

DOLS Components, Continued


A subscription means two slightly different things depending on whether you are a Domino server administrator or a DOLS end user. To an administrator, a subscription is a DOLS-enabled database. To create a subscription (DOLS enable) and make a database available offline, you must perform two steps: 1. Copy design elements from the DOLS Resources database (dolsres.ntf) into the database you wish to make available offline. 2. Edit the Offline Subscription Configuration Profile document. This document allows you to determine how the subscription will be downloaded, what services it will provide (full text indexes, Java classes and applets, etc.), and other options, such as synchronization schedules. The Offline Subscription Configuration Profile document is accessed using a Notes client. Some databases are designed to be subscriptions by default. In other words, they already have the necessary database design elements from the dolsres.ntf template built into them, so you dont need to copy in the design elements. Databases that are DOLS-enabled by default: Domino Web Access/iNotes mail files (iNotesX.ntf) Discussion Notes and Web (discws50.ntf, discws6.ntf) To an end user, a subscription is simply a local replica of the web application (.nsf file). To the DWA mail user, the subscription is a local replica of her mail file. In the DWA world, the term is subscription, in the Notes world, it is replica. Since this course focuses on Domino Web Access, we will not explore the details of creating a subscription because it has already been created by default. For more information about how to create subscriptions, see Configuring the DOLS Subscription, in Lotus Domino Administrators Guide, Contents View, Domino Off-line Services section.
Continued on next page

Definition:

Subscription

Last edited 10/24/2005

98

IBM 2005

DOLS Components, Continued


The Lotus Domino Sync Manager (formerly called iNotes Sync Manager) is the client utility to access and start/stop synchronization of the local web application (or subscription) with the server-based copy. A subscription is simply the .nsf file(s) that make up the Domino web application. The term synchronization is used instead of replication in an attempt to disassociate the DWA client from the Notes client. In essence they mean the same thing, but a key point here is that the Notes client does not have to be installed on the client machine. The Lotus Domino Sync Manager can also be used to override default synchronization schedules, view sync details and specify sync options (e.g. specify what to sync, similar to selective replication).

Sync Manager

Last edited 10/24/2005

99

IBM 2005

Exercise 6.1: Taking Your DWA Mail File Offline


Taking a test DWA mail file offline is a skill that you will use when troubleshooting issues. This exercise will guide you through taking a DWA mail file offline in your test environment. You can then apply the skills you gain in your own test environment when troubleshooting issues. In completing this exercise, you will gain experience in taking a DWA mail file offline. This exercise takes approximately 15 minutes to complete. To complete this exercise, you need the following: DWA server DWA user account with DWA mail file Local copy of test DWA users Notes ID on your client machine Browser
Continued on next page

Overview

Intended Outcome

Timing

Requirements

Last edited 10/24/2005

100

IBM 2005

Exercise 6.1: Taking Your DWA Mail File Offline, Continued


Using a DWA user account from your DWA test environment, complete the steps below. Step 1 2 Action Login to your test users mail file on the DWA server. Once the Welcome Page loads, click on the Go Offline button. When you click Go Offline, you will be prompted with this dialog. Click YES.

Instructions

You will then see a dialog box with a message asking you if you want to install the Lotus Domino Sync Manager on your machine. Click Yes. After you click Yes, you will be presented with the License Agreement for Lotus Domino Sync Manager. Click Yes.

Continued on next page

Last edited 10/24/2005

101

IBM 2005

Exercise 6.1: Taking Your DWA Mail File Offline, Continued


Instructions (continued)

Step

Action Next you will be asked where on the hard drive you wan to install the Sync Manager. The default is \Program Files\Lotus iNotes. Click OK.

You are next asked to select your Notes ID. Remember, even without an Offline Security Policy document in the Doladmin.nsf database, Prompt for ID during download is the default policy. Browse for your test DWA users Notes ID, highlight it and click Open.

Continued on next page

Last edited 10/24/2005

102

IBM 2005

Exercise 6.1: Taking Your DWA Mail File Offline, Continued


Instructions (continued)

Step

Action After you supply your ID file, the install of the subscription begins. First, the Sync Manager is installed.

Continued on next page

Last edited 10/24/2005

103

IBM 2005

Exercise 6.1: Taking Your DWA Mail File Offline, Continued


Instructions (continued)

Step

Action Once installed, you get the Lotus Domino Sync Manager splash screen

10

You are then prompted to enter and confirm a password. This is your test users Internet password in their Person document. Enter the password, confirm it, and click OK.
Continued on next page

Last edited 10/24/2005

104

IBM 2005

Exercise 6.1: Taking Your DWA Mail File Offline, Continued


Instructions (continued)

Step

Action Next, you are taken to the Sync Manager UI and the subscription (replica) for your mail file is created.

11

When the sync is complete, you will be prompted to log in. Note that the site is now the loopback IP address of your client. Enter your test users name and password and click OK.

12

13 14
Results

After you click OK, you will be logged into the local subscription of your test DWA users mail file. Note the URL in your browser it points to the loopback IP address 127.0.0.1. Remain in your local subscription for the next exercise.

In completing this exercise, you have achieved the stated objective.

Last edited 10/24/2005

105

IBM 2005

How DOLS Works


The following diagrams show how the Domino Sync Manager gets installed the first time a web application (like the test DWA users mail file) it taken offline, how a subscription is installed, and how it supports Web applications offline. The diagrams illustrate what happened behind the scenes in the last exercise. Typically, the first step is for a user to enter the URL of a Domino server, along with the path and name of a DOLS-enabled Web application (Notes database) on that server, into their browser. The browser contacts the server through the Web Server task, also called the nHTTP task (1a) and the Web Server then communicates with the Web application (1b). If the Web application has appropriate security levels set in the ACL, the user is prompted to log-in to the Web application using their name and Internet password (in their Person Document). This authentication is also handled by the Web Server.

Introduction

Stage 1

Continued on next page

Last edited 10/24/2005

106

IBM 2005

How DOLS Works, Continued


If the application is DOLS-enabled, and an Offline Configuration Document (OCD) was created and saved, the user sees the DOLS Web Control when they open the application. The user clicks the Web control and selects "Install Subscription..." (Go Offline in the DWA client) to start downloading the application to their computer. When the user clicks Go Offline, the application requests the OCD (2a). A special DSAPI filter file on the server, listening for URL Web server requests, notices the OCD request. The filter queries the client to determine if the Domino Sync Manager (iNSM) client software is already installed. If not, the filter tells the browser to begin downloading a set of DOLS File Sets to the client over the HTTP connection (2b). These file sets are used to install the Domino Sync Manager software.

Stage 2

Continued on next page

Last edited 10/24/2005

107

IBM 2005

How DOLS Works, Continued


Once the DOLS File Sets are downloaded, they are uncompressed, and the Domino Sync Manager launches (3). The Sync Manager then configures the client for the incoming application, and launches a Sync Task, which initiates a Remote Procedure Call (nRPC) connection with the Domino server (4a). This secure, Domino replication connection performs a number of operations to download and initialize the application on the client (4b). When synchronization is complete, a subscription of the application exists on the client. A subscription includes all databases that were listed in the OCD as making up the application. Their contents are adjusted according to Administrator and user settings, as well as security information to ensure that the user on the client has access to only the data to which they had access on the server. Also, full-text indexes of all offline databases can be created if the user requests it.

Stage 3

Continued on next page

Last edited 10/24/2005

108

IBM 2005

How DOLS Works, Continued


When the user wants to open the application offline, they select it from a list in the Sync Manager and click "Open Offline." The Sync Manager launches a local copy of the Web Server and the local browser (5a). The Sync Manager tells the local Web server to connect with the local browser (5b), and with the offline copy of the application (5c). The local Web Server then validates the user's login and password information, and displays the application offline (locally) just as it would display it online (on the server). Any data the user creates, modifies, and saves while using the offline application is stored in the local version of the application.

Stage 4

Continued on next page

Last edited 10/24/2005

109

IBM 2005

How DOLS Works, Continued


In order to synchronize the data between the offline and online versions of the application, the Sync Manager, either by the user's command or automatically on a schedule, launches the Sync Task, which again creates an nRPC connection to the Domino server (6a). The Sync Task then replicates any or all data between the client copy of the application to the server copy. Any changes to the security levels of the online application are synchronized offline. Any outgoing e-mail which has accumulated in the local mail.box file is copied to the server and dispatched to the mail router task for delivery. When synchronization is complete, the user may disconnect from the network and continue using the application offline.

Stage 5

Last edited 10/24/2005

110

IBM 2005

Exercise 6.2: Working with the Lotus Domino Sync Manager


The Lotus Domino Sync Manager is the client UI for synchronizing offline subscriptions. When working with DWA mail files, the Sync Manager can be thought of as analogous to the replication page in your Notes client. Upon completion of this exercise, you will be able to use the Lotus Domino Sync Manager. This exercise takes approximately 30 minutes to complete. To complete this exercise, you need the following: DWA server DWA user account with DWA mail file Lotus Domino Sync Manager Browser
Continued on next page

Overview

Intended Outcome

Timing

Requirements

Last edited 10/24/2005

111

IBM 2005

Exercise 6.2: Working with the Lotus Domino Sync Manager,


Continued

Instructions

Using the DWA user account from the last exercise, complete the steps below. Step 1 2 3 4 Action In your offline subscription of your mail file, switch to your Inbox view. Send yourself a message. Refresh the view. Note that you dont see the message you just sent yourself. Click Go Online You receive the following prompt:

6 7

Click NO. You will now be connected to your online mail file. Refresh the Inbox view and note that you still dont see the message you sent yourself in step #2. Switch to your Lotus Domino Sync Manager client, highlight the mail file subscription for your test user and click the Start Sync button. It will upload the message to your online mail file. Note: if your Sync Manager client interface is not responding, exit it and restart it and then initiate the synchronization. Switch back to your online mail file in the browser and refresh the Inbox view. You should now see the message. Experiment for a few minutes on your own with the Sync Manager.

9 10

Results

In completing this exercise, you have achieved the stated objective.

Last edited 10/24/2005

112

IBM 2005

DOLS and Passthru Server Support


Beginning with Domino 5.0.10, Domino Off-line Services (DOLS) supports Passthru servers. When a DOLS-enabled database subscription is downloaded, a Connection document (connection type = Passthru Server) is created in the Dolnames.nsf listing the intermediate (passthru) server and the destination server. A separate Connection document is created for the Passthru server itself. To enable Passthru server support for a DOLS-enabled database in a post Domino 5.0.10 environment, you must use the Domino Designer client to "unhide" the hidden PassThruServer field in the database design. Follow these steps to enable a 5.x DOLS environment for passthru support. Step 1 2 3 4 5 6 7 Action Open the DOLS-enabled database in Domino Designer. In the pane on the left, expand the Resources category and select the Subforms view. Open the DOLS Configurations Settings subform. Highlight the PassThruServer field and right-click to Field Properties. Open the Hide When tab (the window shade) in the InfoBox which appears, and deselect the 'Hide Paragraph From... Notes R4.6 or Later' setting. Save and close the subform. In the Notes client, edit the Offline Subscription Configuration document by selecting Actions - Edit Offline Configuration. Add the IP address or host name of the Passthru server to this field.

5.x Passthru Server Support

Note: DOLS users need to reinstall the subscription to incorporate the change; however, they do not have to uninstall the product first.
Continued on next page

Last edited 10/24/2005

113

IBM 2005

DOLS and Passthru Server Support, Continued


Beginning with Domino 6.0, the Offline Configuration Document has fields on the Admin tab that allow you to specify a passthru server and/or specify optional network addresses for access from outside your corporate intranet. Use Passthru server to connect to destination server This field creates a Passthru type Connection Document used to connect to a passthru server in order to reach the mail server. Use optional TCPIP address to connect to destination server This field creates LAN type Connection document(s) specifying optional network addresses for use when accessing a mail server from outside the internal network.

6.x Passthru Support

Connection Documents

Populating the fields explained above will result in connection documents being created in the local Dolnames.nsf database.

Last edited 10/24/2005

114

IBM 2005

Troubleshooting DOLS in DWA


In this section, we look at some options for troubleshooting DOLS issues in DWA. In the Lotus Domino Sync Manger UI, check the Synchronization Status column. Note the % complete information. The number that you see here when a synch failure occurs corresponds to a specific event in the process. For example, server connection problems occur at 5 %. If there is a connection problem (server is down, etc.), you will see this:

Introduction

Sync Manager

Followed by this:

A common cause for failure at 5% is because there is a firewall between DOLS and the Domino server, and while port 80 is open, 1352 (which is required for synchronization) is usually not. (this is explained in technote 1089136)

80
DOLS Machine

80
Domino Server Firewall with port 80 open and port 1352 blocked

1352

You can also click on the Sync Detail icon during synchronization to learn more about what is happening during the sync.
Continued on next page

Last edited 10/24/2005

115

IBM 2005

Troubleshooting DOLS in DWA, Continued


During the synchronization process, server connections failures happen at 5%. For such failures, it is easy to search the IBM Software Support: Lotus site to find technotes regarding this type of failure by entering the following search criteria: dols&5%
Activity

Synch fails at 5%

Take 5 minutes and go into IBM Software Support: Lotus and use the search criteria described above to search for technotes regarding synch failures occurring at 5%. Your search might return technotes regarding this issue in other products, but you should see at least a few technotes regarding DOLS synch failures in Domino Web Access.

Dol.log

The Dol.log file captures steps during the synchronization attempt. It is stored in \Program Files\Lotus iNotes dir (by default) and is overwritten with each sync, showing only the last sync. If you dont want the dol.log entries overwritten, add the following parameter to the DWA servers notes.ini. This parameter forces entries to be appended to the dol.log. It also prints some output on server console $DOLDebug = 1

Activity

Take a few minutes to open and examine the Dol.log file on your client machine.
Continued on next page

Last edited 10/24/2005

116

IBM 2005

Troubleshooting DOLS in DWA, Continued


A problem is that DOLS works only for one server and not for multiple servers (like in a clustered mail environment). In such cases, the issue is most likely because there is only one connection document in the Dolnames.nsf. This single connection document will point to the users primary mail server. To work around the issue, you either need to create an additional connection document in Dolnames.nsf for each server where they have a replica or configure access to the additional servers via the local hosts file. The path to Dolnames.nsf is \Program Files\Lotus iNotes\data\dolnames.nsf See technote 1085502 for an explanation of this issue.
Activity

DOLS and Multiple servers

Take 5 minutes to open and examine the Dolnames.nsf on your machine. Note the connection document that points to your server. Reinstalling the subscription updates the subscription with changes made to the OCD. This might correct the problem; however, a full reinstall of DOLS might be necessary. To Uninstall DOLS: Control Panel - Add/Remove Programs - Lotus Domino Sync Manager Make sure the DOLS ActiveX Component is deleted: LotusDRSControlClass. Check in your browser by clicking, Tools Internet Options Settings View Objects:

Reinstall subscription

Note: If there are any unsynched messages in the subscription (local replica), uninstalling DOLS will remove them

Last edited 10/24/2005

117

IBM 2005

Lesson 7: DWA Miscellany Overview


Introduction

In this lesson you will learn about various miscellaneous features of Domino Web Access. After completing this lesson you will be able to: Describe the unique characteristics of the DWA Out of Office agent Explain what must be in place to change an Internet Password Manipulate the Welcome Page URL to create a portal Describe the Support Policy regarding customization of DWA Identify what customizations are supported Access the About information in DWA Perform rudimentary mail file troubleshooting

Objectives

In This Lesson

This lesson is divided into the following topics: Topic DWA Miscellany Basic Mail File Troubleshooting Techniques Exercise 7.1: Basic Mail File Troubleshooting Techniques See Page 120 130 131

Timing

The timing of this lesson is as follows: Component Overview Topics Exercise Recap Total: Approximate Time 5 minutes 1 hours 15 minutes 10 minutes 1 Hour, 30 Minutes

Last edited 10/24/2005

118

IBM 2005

DWA Miscellany
In this section we will look at miscellaneous aspects of DWA. DWA 6.0.1 and earlier In Domino Web Access (iNotes) 6.0.1 and earlier, there are two Out of Office agents: the "regular" Out of Office agent and the Domino Web Access Out of Office agent (which is created from the regular Out of Office agent). When a Domino Web Access user saves their Out of Office settings using the browser, then the IWA_OutofOffice agent is created and the settings are saved there. If this Domino Web Access user were to use the Notes client, then the "regular" Out of Office agent would be used, and the settings would be saved in the regular Out of Office agent. For this reason, you should only use the Notes client to enable and disable Out of Office agents or only use the browser client to enable/disable Out of Office agents - - not both. DWA 6.0.2 and later In Domino Web Access 6.0.2 and later (iNotes6.ntf UI) there is only ONE Out of Office agent, and it can be enabled/disabled from the Notes client and DWA as well as the other ways users can access the mail file - DOLS and DAMO. Proper ACL and Minimum Internet name and password settings in the users mail file must also be at the correct levels for the user to be able to enable the Out of Office agent.
Continued on next page

Introduction

Out of Office Agent

Last edited 10/24/2005

119

IBM 2005

DWA Miscellany, Continued


To change your Internet password from within the Domino Web Access client, several settings must be configured correctly. The Change ... button (Preferences - Security tab) does not appear unless: Server Configuration doc - Modification of Internet Password setting is enabled

Changing the Internet password

User is listed as the Owner of the mail file (Preferences - Mail tab) Proper ACL and Minimum Internet name and password settings in the users mail file
Access Levels

When a user is registered as Mail System = Domino Web Access, their mail files default ACL and Maximum Internet Name and Password settings vary according to version. Of course, the administrator can change the users ACL setting during the registration process (on the Mail tab) to Designer or Manager. This table summarizes the various ACL settings necessary for DWA users to be able to change their Internet password or enable the Out of Office agent. Version 5.x 6.0.1 6.0.2 and later Default ACL and MIN&P Settings ACL = Editor MIN&P = Designer ACL = Editor MIN&P = Editor ACL = Editor MIN&P = Editor Change Internet Password ACL = Designer MIN&P = Designer ACL = Editor MIN&P = Editor ACL = Editor MIN&P = Editor Enable the Out of Office Agent ACL = Manager MIN&P = Designer ACL = Manager MIN&P = Designer ACL = Editor MIN&P = Editor
Continued on next page

Last edited 10/24/2005

120

IBM 2005

DWA Miscellany, Continued


Follow these steps to change your Internet password in the Domino Web Access client. (iNotes5.ntf UI) Step 1 2 3 4 5
Procedure

Procedure

Action Click the Preferences button. Click the Other button. Click the Change button under Change Internet Password. Enter your old Internet password and then enter the new password twice. Click OK.

Follow these steps to change your Internet password in the Domino Web Access client. (iNotes6.ntf UI) Step 1 2 3 4 5 Action Click the Preferences button. Click the Security button. Click the Change button under Change Internet Password. Enter your old Internet password and then enter the new password twice. Click OK.

Procedure

Follow these steps to enable the Out of the Office agent in the Domino Web Access client. (iNotes5.ntf UI) Step 1 2 3 4 5 Action Click the Preferences button. Click the Work Hours tab. Click the Settings button. Select the desired date range and other settings. (the check box next to Enable the Out of Office agent will automatically be enabled) Click Save and Close.
Continued on next page

Last edited 10/24/2005

121

IBM 2005

DWA Miscellany, Continued


Follow these steps to enable the Out of the Office agent in the Domino Web Access client. (iNotes6.ntf UI) Step 1 2 3 4 5 6 Action Click the Preferences button. Click on the + button next to Calendar. Click on Work Hours. Click on the Settings button under Out of Office. Select the desired date range and other settings. (the check box next to Enable the Out of Office agent will automatically be enabled) Click Save and Close.
Continued on next page

Procedure

Last edited 10/24/2005

122

IBM 2005

DWA Miscellany, Continued


The Welcome Page can be modified. You can use the Welcome Page itself as a "portal application" by having a direct URL addressing of components for Portal Hosting. Page Mail Calendar ToDo Contacts Notebook
Example

Modifying the Welcome Page

URL (only the end of the URL is shown here) nsf/iNotes/Mail/?OpenDocument&ui=portal nsf/iNotes/Calendar/?OpenDocument&ui=portal nsf/iNotes/ToDo/?OpenDocument&ui=portal nsf/iNotes/Contacts/?OpenDocument&ui=portal nsf/iNotes/Notebook/?OpenDocument&ui=portal

For example ....&ui=portal&PresetFields=s_CalView;W can be used to bring up your One Week view. Portal View/Folder
Inbox Drafts Sent All Documents Trash One Day Two Day Five Day One Week Two Week Month Year List Chart

Argument(
s_ViewLabel Title of view/folder s_ViewName Programmatic name s_ViewLabel;Inbox,s_ViewName;($Inbox) s_ViewLabel;Drafts,s_ViewName;($Drafts) s_ViewLabel;Sent,s_ViewName;($Sent) s_ViewLabel;All Documents,s_ViewName;($All) s_ViewLabel;Trash,s_ViewName;($Trash) s_CalView;D s_CalView;T s_CalView;F s_CalView;W s_CalView;2 s_CalView;M s_CalView;Y s_ToDoView;L s_ToDoView;G
Continued on next page

Mail

Calendar

ToDo

Last edited 10/24/2005

123

IBM 2005

DWA Miscellany, Continued


To see how the Welcome Page can be used as a portal application, take 10 minutes and complete the following steps. Step 1 2 Action Log into DWA as one of your test users. From the default Welcome Page, click Edit layout. In the Page Layout dialog, select the option circled below.

Activity

Select Mail Inbox for Panel #1.

For Panel #2, select Web Page. 5

Continued on next page

Last edited 10/24/2005

124

IBM 2005

DWA Miscellany, Continued


Activity (continued)

Step

Action Append the following to the URL in the Page URL field:
nsf.nsf/iNotes/Calendar/?OpenDocument&ui=portal&PresetFields=s_CalView;M

6
Example:

Save and Close the Welcome Page layout dialog box. You should see something like this:

Continued on next page

Last edited 10/24/2005

125

IBM 2005

DWA Miscellany, Continued


Using both the Notes client and Domino Web Access client to access the same database should properly update the Unread Mark information. The Unread Mark table stored in the database is accessed and updated using the same processes. However, you may find that the activity from one client is not reflected in the database when accessed from the other. For instance, you may find that if you mark a new document as read in the Notes client, it is not marked as read in the Domino Web Access client. Alternately, if you mark a new document as read in the Domino Web Access client, you may find that it is not marked as read in the Notes client. This issue can occur because the Unread Mark table is specific to the spelling and case sensitivity of the ID that is in use. When accessing the file via the browser, the username that is cached at the server for authentication is used. This username is the first value that is listed in the Username field in the user's Person document. If this name is different from the username in the Notes ID, the user is basically working with two separate Unread Mark tables. In order to have documents marked as read in Domino Web Access display as read in the Notes client, the first value in the in the Username field of the Person document must be the same as the username in the Notes ID (you can check the user name on the Notes ID by selecting File, Tools, User ID from the Notes client menu). You can verify the name you are using to authenticate in Domino Web Access by setting the following notes.ini parameter at the server via the Set Config command: set config webauth_verbose_trace=1 For more details about Unread Marks in Domino Web Access, see technote 7003399, Unread Marks and iNotes Web Access.
Continued on next page

Unread Marks

Last edited 10/24/2005

126

IBM 2005

DWA Miscellany, Continued


Changes in general are not recommended, but here are some of the things you can try: Customize the DWA logo Disable the DWA welcome page Add & modify views Reorder and edit the menus Create action buttons for the Domino Web Access views Support Policy see 1100952, What is the Support Policy for Customization of the Domino Web Access Mail Template? See the following documentation for more information on what can be customized: Domino Administrator Help Domino Web Access 6.5 on Linux, chapter 11 (IBM Redbook) iNotes Web Access Deployment and Administration, chapter 6 (IBM Redbook)
6.5x DWA Customization

Pre 6.5x DWA Customization

You may want to change the look and feel of the template (forms6.ntf) by changing its skin - - currently, we dont allow the skin to be changed. However, some specific customization options were introduced with DWA 6.5. The 3 new design elements (see table) in Forms6.nsf can be changed. Changes to these design elements are supported IF they adhere to the rules for customization as outlined in the Domino Administrator 6.5x Help. Design Element
Custom_JS_Extensions (form) Custom_WelcomePage (form) Custom_Banner (subform)

Function
Add custom action buttons for any view or dialog (ability to run web agents) Add more choices for the end users Welcome Page Replace the Domino Web Access logo with logo of your choice

Note: Aside from these 3 new design elements, you still cannot go into the iNotes6.ntf template or the forms6.nsf database and start customizing things on their own. If you want to do something like modify the forms database, you should seek out ISSL.
Continued on next page

Last edited 10/24/2005

127

IBM 2005

DWA Miscellany, Continued


Some troubleshooting tips regarding customization: Are you using customizations Is the same problem occurs when using the standard template Ask the customer if they can let you access the mail file or a test mail file via a URL. Quickly determine details about the DWA client settings by clicking on Domino Web Access in the UI.

Customization troubleshooting

About DWA

This is the information that is returned:

Note: This functionality is available in the iNotes6.ntf UI only.


Activity

Take a few minutes to click on Domino Web Access in the UI when you are logged into DWA so you can see the About Domino Web Access information.

Last edited 10/24/2005

128

IBM 2005

Basic Mail File Troubleshooting Techniques


In this section, we will examine the primary troubleshooting techniques for determining if a problem is specific to Domino Web Access, or a more generalized mail problem. When troubleshooting mail problems in Domino Web Access, there are a few primary questions to ask which will help you narrow the scope of the issue: 1. Does the same thing happen from the Notes client? If so, this may be a Notes client issue (e.g. workstation mail) 2. Does the same thing happen from the Webmail interface? If so, then this may be a Webmail issue (e.g. workstation mail) 3. What happens if the user accesses the same mail file from another workstation? This tells you that it may be workstation-specific
Technique #1

Introduction

Primary Questions

To test whether the same issue happens in the Notes client, copy a message from a Notes mail database that exhibits the errant behavior. Paste the message into your test DWA mail file and see if you can reproduce the problem. To test whether the same thing happens from the Webmail interface, append the following to the standard DWA mail file URL: mailfile.nsf?OpenDatabase&ui=webmail You can toggle between the DWA UI and the Webmail UI by appending the appropriate pointer to the end of the URL, as outlined in the table below.

Technique #2

If you insert this text to the end of the URL ?OpenDatabase&ui=webmail Example:
http://bubba.austin.ibm.com/mail/joeuser.nsf?OpenDatabase&ui=webmail

then you will see the Webmail UI the DWA UI

?OpenDatabase&ui=inotes Example:
http://bubba.austin.ibm.com/mail/joeuser.nsf?OpenDatabase&ui=inotes

Last edited 10/24/2005

129

IBM 2005

Exercise 7.1: Toggling the DWA and Webmail UIs


Often times, you can narrow down the scope of a mail problem in Domino Web Access by seeing if the issue also occurs in the Webmail interface. In this exercise, you will learn how to toggle between the DWA and Webmail UIs. Upon completion of this exercise, you will be able to Troubleshoot mail file issues by toggling the Domino Web Access UI
Timing

Overview

Intended Outcome

This exercise takes approximately 15 minutes to complete. To complete this exercise, you need the following: DWA server DWA user account with DWA mail file Browser
Continued on next page

Requirements

Last edited 10/24/2005

130

IBM 2005

Exercise 7.1: Toggling the DWA and Webmail UIs, Continued


Using this guide as a resource, complete the steps below Step 1 2 Action Login to your DWA server as a DWA user (iNotes6.ntf). Take note of the default URL once you have successfully logged in; it should look similar to the example below:
Example: http://bubba.com/mail/JoeUser.nsf/iNotes/Welcome/?OpenDocument&KIC&U NH=oignfps5e6ivk6r5i34s3m53re4

Instructions

3 4 5

Alter the URL in your browser by inserting the following text immediately after the name of the mail file in the URL: ?OpenDatabase&ui=webmail
Example: http://bubba.com/mail/JoeUser.nsf?OpenDatabase&ui=webmail

6 7 8 9 10
Results

Once you have inserted the text in the URL, hit the Enter key. Observe the User Interface. You should now be seeing the Webmail UI. Alter the URL in your browser by inserting the following text immediately after the name of the mail file in the URL: ?OpenDatabase&ui=inotes
Example: http://bubba.com/mail/JoeUser.nsf?OpenDatabase&ui=inotes

Once you have inserted the text in the URL, hit the Enter key. Observe the User Interface. You should now be seeing the DWA UI. Toggle back and forth a few times by altering the URL. Note that to toggle, you only need to change the last value in the URL - =webmail or =inotes. Logout of DWA.

By completing this exercise, you have successfully achieved the stated objective.

Last edited 10/24/2005

131

IBM 2005