Quick technical tip.  You can use
a connection document to point at a cluster name.  This will allow
a server to connect to either server in a cluster for replication or routing.
 In the destination server name, enter the cluster name.  

Yesterday, I presented my agent debugging
session at Admin2008.  Some great interaction and feedback.  I
was also asked if there was a free tool for listing all signers of all
agents in all databases on a server.  I offered to have one written
and posted, but afterwards the very kind Dennis
van Remortel, sent me a database
he had already written to complete the task.  I have not tested this
yet myself, but as per his email to me:

The documentation

- sign it with a full accessadmin
ID (because of the databases the pesky admins won’t let you in)

- run it over the weekend! It’s heavy

- run it on a server with some diskspace,
it creates a lot of documents.

- it’s crappy code, but hey, I’m
an admin

- No warrenty

- Did I say no warrenty?

Thank you Dennis – you can download
it from my resources
page.

In the second of the "Just stuff what
them Admin weenies shuld have on but don’t kindof things" blog posts
about Domino 8, I thought I would mention the delayed notification feature.
 

Many large domino organisatiions consist
of many servers, spread out around the world.  Even in the largest
of Domino domains I have worked on, a message from one end of the planet
to the other should hop through no more then 5-6 servers (depending on
architecture).  The time required for a message to get from sender
to recipient should take a few minutes at most.  Of course, this is
very dependant on connectivity, latency and performance of the hardware,
load etc.

But what if there is comms failure,
and that ultra important email about the golf trip has not made it from
"useless mid-management fecker no1 in Dublin" to "useless
mid-management fecker no2 in Australia".  Well, in the configuration
document, you can specify message delayed notifications for email messages,
so the domino server that cannot pass the message onto the next hop will
send a message to the original sender, letting them know it is delayed.
  You see this from time to time in internet email, if a message has
been delayed over 24 hours, telling you that it has not got there yet,
but it will keep trying.

On a domino server, you can give different
thresholds for different priorities of emails, as per the screenshot.  So
high priority emails If delayed) will send the originator of the message
notification every xxx minutes, and then lower for the other levels.  Nice
eh?

Ok, this is relatively old by ND8 standards,
but its one of those features I never ever mentioned here.  Every
now and then (rarely these days) I have to give a training course.  Tomorrow
it is on ND8 admin, and trying to separate what is out in 802 and what
is coming out in 8.5 is blurry, as we run beta kit all the time.  Sidenote….
Associating features to versions is not easy for me… often forget what
came when.

Anyways, during the week I am going
to post some Admin features that are out now with ND8.  Nothing too
"out there".  "Just stuff what them Admin weenies shuld
have on but don’t" kindof things.

Right – users forward emails… they
do… using rules or agents themselves.  First approach from me, being
the admin… kill the messages, the agent, then the user.  As you
can see, I’m not always a fan.  But, from time to time, they have
a requirement for this (very rarely justified IMO).  So…. lets say
an end user…. Lets call him Tom D.   or maybe T. Duff… starts
to forward his emails to another account.   A person (Let’s call him
B.Buchan) sends him an email and it gets forwarded.   What Tom wants
is the message to appear in his forwarded account, but from the original
sender (Bill… sorry B.).

In the configuration document we can
customise the sender address for rule-based forwarded email messages

You have choices for the reverse path:

You can set the path to null, or a non-deliverable
return address (this is to stop bounce backs from the forwarded account
hitting the mail file then being forwarded again… otherwise known as
mail routing loop hell.  Tie in a 25MB attachment to that and watch
the party).

You can also preserve the existing value
(in this case Bill’s) or even use the recipients internet address.

Nice feature.

Hopefully, I will do more of these types
of posts this week.  Hope they are useful to someone.

At UKLUG, I mentioned this setting and
that Ed had already blogged it.  A few people asked me to link to
this tip cause they want to implement it now.  In the twitterverse,
it would be a "retweet", but what the hell.

As per Ed’s
post, images pasted into Lotus
Notes client will be converted to jpg or gif, rather then bitmap, saving
buckets of space.  It is a preference in 8.5 but pushing out the following
notes.ini to all clients (654 and onwards) will enable this feature:

OptimizeImagePasteSize=1

Chris Miller and Ulrich Krause also
posted on this in the past.

For a long time, the default access given
to the owner of a mail file was Manager.  This was great, so they
could delegate and add entries into ACL’s as they needed to.  A bit
of a nasty tasting side affect was that they could also delete or encrypt
their own mail files when they felt like it (hands up the administrators
who have had to restore mail files because of this).  Nowadays users
do not need Manager access any more.  They can work fine with Designer
or even Editor access as Adminp can do the delegation for you, not to mention
the out of office agent.

Creating all new users with lower rights
is easily done using a registration policy, but what about the existing
users.  Well, I asked Bluewave staff (cheers Barry
and Pavel) to create a quick application
that will parse through the server, check the owner field and set the ACL
level to whatever we want it to be.  And they came up trumps.  Version
1.0 is now in my resources
page.  Version 1.1 will allow
you to also set access level roles (i.e. create agent etc) and that is
on the way.

So, if you want to make your life easier,
reduce users’ mail file access down today (No Access gets my recommendation..
but then again, I hate end users).  Feel free to download, sign, test
and implement this tool.  Of course this is AT YOUR OWN RISK, but
I have tested it and it works fine.

Just set your server name, mail directory
name and level to set in the configuration and then run the agent.  It
will write a log telling you what has changed.  You will need manager
access in this version (read: Full Access Admin on) to run it correctly.

This was the freebie
I was on about earlier.

Update:  If you feel that
this has helped you, why not help
someone else.

Julian
is a good bloke (for a developer).
 He has written an agent that lists all the information that you would
get from the files tab in the admin client, and dumps it into a csv file.
For. every. database. on. your. server.
This, for an admin, is very very useful – especially for audit people like
me.
I meant to blog this weeks ago.  Click here
for details.

Oh, and for you admin guys – I have a pressie (read: freebie) on the way
to you soon.

This is one for the "many ways
to skin this cat" recommendation pile.

Any time you know there is a domino
webserver, geeks like us immediately try to see what we can get into (allegedly).
 So, what databases are always on the server?

names.nsf

admin4.nsf

and many more…

First things first, of course I recommend
that you remove any database that you can from a public facing domino webserver.
 But names.nsf needs to be there.  You want all users (be them
anonymous or authenticated) to NOT be able to browse the names.nsf database.

First, use Internet web sites (server
document/basics section) for LOTS of reasons.



Next, go to the Internet Sites view
and click on CREATE GLOBAL WEB SETTINGS document.



This is the generic "catch all"
master document for all sites on the server.  Here’s one we made earlier:



Save the document and then go into it.
   Click on WEB SITE and CREATE RULE.



Now, you want to redirect all http requests
for names.nsf to a html file…   The html file is to be saved into
the data\domino\html directory.  Here is the rule:



Now, create one for each system database,
and your server is "more" secure.  Again, there is a lot
more you need to do to secure a web server, and not every method works
for ever situation… but its a nice thing to implement if you can.

For the record (as I have been asked
about this a lot recently).

Transactional logging is great.  Implemented
correctly, you can gain about 10% disk performance on your domino server.
 Now what is implemented right?  Placing your transactional logs
on a separate drive to the data directory (or any directory links).  A
separate drive is is a seperate physical disk or disk array – with different
controllers/spindles.  IE Separate.

In relation to a SAN – yes you can put
transactional logs on a SAN, but only if you have implemented in the same
manner.  This usually costs a lot of money (separate drive area/disks/controllers/spindles/LUN).
 If your blades come with a local array (raid 1 array) use them for
your transactional logs and SAN boot them instead.  Sometimes, the
Domino administrator is not the SAN administrator aswell – and you may
need to ensure that if you have Trnslog running on the SAN, that it is
done in this manner.

So, unless implemented properly I recommend
that the transactional log files are on local drives.  I have many
scars from SANs!

At the start of the year, Julian,
Bill
and I released the first version
of the
Get Errors database.  This
has stemmed a lot of interest.  Thomas
Bahn has improved on this version,
and posted a V1.1 model, which includes multi language support.  Excellent
work Thomas!.  I have posted it on my resources
page aswell.

Version 1.5 is being worked on, which
will include an even easier interface.