INTERVIEW QUESTIONS 1. Explain mail tracking in brief 2. How will you create multiple mail.box in domino 3. How will you disable mails if mail quota is exceeded 4. Explain mail routing 5. What is the difference between cluster replication and normal replication 6. What is NNN 7. How security works in domino 8. How ECL works 9. How to restrict users using a particular database without implementing ACL 10. What is the difference between author and reader field 11. What is HTTPS 12. What is the extension of key ring file 13. What is the extension of password file 14. How encryption works in Domino 15. Where is Private key stored 16. Can you see public key and private key in id file 17. Can you see public key and private key in domino directory 18. What are steps involved for recertification 19. What is the difference between Database administrator and Server administrator 20. How replication works in Domino 21. What kind of informations are available in connection document 22. Can multiple replica task be enabled 23. Can you temporarily disable replication for one database 24. What is the minimum level of access for creating a replica 25. If some of the documents are not being replicated what can be the issue 26. What is global domain document 27. From where SMTP incoming mail option is enabled 28. What is the use of non adjacent domain 29. How mail tracking can be enabled 30. What is the use of pass through server 31. What is the use of replication type PULL PULL 32. What is the use of commands Compact-C and Compact-B 33. What is the advantage of changing DB id 34. What are the steps involved in mail routing 35. Which task runs on the background of the client for transferring of mails 36. What is the use of administration process 37. Which task is performed by Admin P
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
INTERVIEW QUESTIONS
INTERVIEW QUESTIONS
1. Explain mail tracking in brief
2. How will you create multiple mail.box in domino
3. How will you disable mails if mail quota is exceeded
4. Explain mail routing
5. What is the difference between cluster replication and normal replication
6. What is NNN
7. How security works in domino
8. How ECL works
9. How to restrict users using a particular database without implementing ACL
10. What is the difference between author and reader field
11. What is HTTPS
12. What is the extension of key ring file
13. What is the extension of password file
14. How encryption works in Domino
15. Where is Private key stored
16. Can you see public key and private key in id file
17. Can you see public key and private key in domino directory
18. What are steps involved for recertification
19. What is the difference between Database administrator and Server administrator
20. How replication works in Domino
21. What kind of informations are available in connection document
22. Can multiple replica task be enabled
23. Can you temporarily disable replication for one database24. What is the minimum level of access for creating a replica
25. If some of the documents are not being replicated what can be the issue
26. What is global domain document
27. From where SMTP incoming mail option is enabled
28. What is the use of non adjacent domain
29. How mail tracking can be enabled
30. What is the use of pass through server
31. What is the use of replication type PULL PULL
32. What is the use of commands Compact-C and Compact-B
33. What is the advantage of changing DB id
34. What are the steps involved in mail routing
35. Which task runs on the background of the client for transferring of mails
36. What is the use of administration process
37. Which task is performed by Admin P
38. What kind of informations are available in Location document
39. Can we configure multiple address book in client
40. What is directory cascading and directory assistance and difference between them41. What is the function of CalCon task
42. What is the function of directory catalog
43. What is the advantage of directory assistance
44. How directory cascading can be configured
45. What is the minimum level of access for user to login in to web mail
46. What is agent manager
47. How will you troubleshoot if agent fails (Step wise)
48. What kind information can be viewed through Show Server command
49. What is the command to view the current version of the domino50. What is the command to replicate a database
51. What is the command to restart the router
52. What is the use of Fixup command
53. What is the use of Updall command
54. What is the difference between updall and update command
55. What is the difference between New Copy and New Replica
56. What is the advantage of Clustering and what all components are involved in domino clustering
57. What is cluster manager
58. What is the use of shared mails
Answers1. Explain mail tracking in briefAns:-1. Both users and Domino administrators can track mail. Users can track only messages that they themselves sent. Administrators can track mail sent by any user.
When you configure mail tracking, you can specify which types of information Domino records. For example, you can specify that Domino not record message-tracking information for certain users, or you can choose not to record the subject line of messages sent by specific users. The Mail Tracker Collector task (MTC) reads special mail tracker log files (MTC files) produced by the Router and copies certain messaging information from them to the MailTracker Store database (MTSTORE.NSF). The MailTracker Store database is created automatically when you enable mail tracking on the server. When an administrator or user searches for a particular message, either a message tracking request or a mail report, Domino searches the MailTracker Store database to find the information. Note The Mail Tracker Collector differs from the Statistics Collector (Collect task), which is responsible for gathering statistical information about servers. How mail tracking works
1. From a Notes client or Domino Administrator client, a user creates a query to determine whether a specific message arrived at its intended destination or to determine how far it got if delivery failed. 2. The mail tracking program begins to trace the routing path from the server where the message originated. If the message is not found on the originating server, tracking automatically continues at the next server on the route. 3. Step 2 is repeated on each "next server" until the route ends. Detailed information is provided about the processing of the message on each server. 4. After the tracking query completes, the user can select messages from the results and check their delivery status. The following table displays the possible values for the delivery status: Delivery StatusMeaning
DeliveredThe message was delivered to a mailbox on the server. The mail file status indicates whether the message was read, unread, or deleted. If the mail file status is not read, unread, or deleted, it appears as unknown.
Delivery failedThe server attempted to deliver the message to a mail file but was unsuccessful. The recipient may not exist, or the server's disk may be full.
In queueThe Router is processing the message.
TransferredThe Router successfully sent the message to the server identified in the next hop field.
Transfer failedThe Router attempted to transfer the message to another server and failed.
Group expandedThe message was addressed to a group, and the group was expanded on this server.
UnknownThe status of the message on the server cannot be determined.
Generating mail usage reports
Over time, the Domino MailTracker Store database (MTSTORE.NSF) accumulates valuable data about message routing patterns on the server. It may be useful to generate mail usage reports from this data. For example, you can generate reports of recent messaging activity, message volume, individual usage levels, and heavily traveled message routes. You can use the Reports database (REPORTS.NSF) to generate and store mail usage reports. Typically, the Reports database is created automatically when you set up the server.
Mail usage reports provide important information that you can use to resolve problems and improve the efficiency of the mail network. In addition, this information is valuable when you plan changes or expansions to the mail network. For example, you can generate reports that show the 25 users who received the most mail over a given period of time (a day, a week, a month, and so forth), or the volume of mail sent by a specified user over some interval. With this information, you can identify users who might be misusing the mail system. Other reports show the most frequently used next and previous hops, enabling you to assess compliance with mail use policies. Agents stored in the Reports database let administrators schedule reports on a one-time, daily, weekly, and monthly basis. By default, Domino generates scheduled reports at midnight at the interval you specify -- daily, weekly, or monthly. When a report query is run, the active report agent examines the data collected in the Domino MailTracker Store database to generate the resulting report. You can configure a report to save results in the Reports database or mail results to one or more administrators. Saved reports are organized in the Reports database under several different views. Reports that are mailed, but not saved, are not added to the Reports database. You can use the Reports database to analyze server mail usage. Views in the database display previously saved reports according to date, schedule, report type, and user. In addition, a view displays all scheduled reports by interval. Mail routing event generators
To monitor a mail network, you can configure mail routing event generators to test and gather statistics on mail routes. For information on mail routing event generators, see the topic Creating mail routing event generators2 How will you create multiple mail.box in domino
Ans:-2. To create multiple MAIL.BOX databases
1.Make sure you already have a Configuration Settings document for the server(s) to be configured.
2.From the Domino Administrator, click the Configuration tab, and expand the Messaging section.
3.Click Configurations.
4.Select the Configuration Settings document for the mail server or servers you want to administer, and click Edit Configuration.
5.Click the Router/SMTP - Basics tab.
6.Complete this field and then click Save & Close:
FieldDescription
Number of mailboxesIndicates the number of mailboxes (MAIL.BOX databases) on servers that uses this Configuration Settings document. If this field is blank, one mailbox is used. Configure a maximum of ten mailboxes.
7. Restart the server to put the new setting into effect.
3 How will you disable mails if mail quota is exceeded
Ans:-3. To stop the delivery of mail to mail files that are over their quota is available.
To enable this 'Obey Database Quotas during Message Delivery' feature in Domino 6.x, do the following:
1. Open the Domino Directory.2. Select Servers, Configurations, Router/SMTP, Restrictions and Controls, Delivery Controls.3. Choose the appropriate option for "Over quota enforcement".
4 Explain mail routing
Ans:-4. How Mail Routes in a Domino System
These steps describe how mail routes in a Domino mail system.
1.Using a mail client, a user creates and addresses a mail message to a recipient.
2.The user sends the message.
3.The user's mail client does one of the following:
Uses Notes protocols to deposit the message into the MAIL.BOX database on the user's Domino mail server.
Uses SMTP to send the message to the user's Domino mail server, which must be running the SMTP listener task. The SMTP listener task deposits the message into MAIL.BOX (Lotus Notes, IMAP clients, POP3 clients).
Uses HTTP to send the message to the user's Domino mail server, which must be running the HTTP task. The HTTP task deposits the message into MAIL.BOX (Web clients).
4.The Router finds the message in MAIL.BOX and determines where to send the message for each recipient. The Router checks its routing table to calculate the next "hop" for the message on the path to its recipients and determines the appropriate protocol -- either SMTP or Notes routing -- to transfer the message.
Using SMTP routing, the Router connects to the destination server -- the recipient's mail server, a relay host, a smart host, or one of the servers in the recipient's Internet domain -- and transfers the message.
Using Notes routing, the Router moves the message to the MAIL.BOX database on the server that is the next hop in the path to the recipient's mail server. The Router on that server transfers the message to the next hop, until the message is deposited in the MAIL.BOX database on the recipient's home server.
5.The Router on the recipient's server finds the message (in MAIL.BOX on a Domino server) and delivers it to the recipient's mail file.
6.Using a mail client, the user retrieves the message from the mail file. Depending on the type of mail client, one of the following protocols is used: Notes remote procedure calls, IMAP, POP3, or HTTP.
6 What is NNN
Ans:-6. The Domino Server Setup program automatically places all servers that are in a Domino domain and that run the same network protocol in the same Notes named network (NNN). In the Server document, the setup program assigns each NNN a default name in the format portname network.
After you complete the Server Setup program, rename the NNN for each network port in the Server document. It is useful if the name reflects both the location of the network and its protocol. For example, if your company has a TCP/IP network and has LANs in Boston and San Francisco, change the name of the NNN in Boston to "TCPIP Boston network," and change the name of the NNN in San Francisco to "TCPIP SF network."
Caution Domino assumes that all servers in a NNN have a continuous LAN or WAN connection. If this is not the case, serious delays in mail routing between servers can occur. Be careful not to include servers with only dialup connections in an NNN.
To change the name of a Notes named network
1. From the Domino Administrator, select the server you just set up.
2. Click the Configuration tab.
3. Expand the Server section in the view pane.
4. Click Current Server Document.
5. Click Edit Server, and then click the Ports - Notes Network Ports tab.
6. In the Notes Network field for each port, enter a new name for the server's Notes named network. The name can include space characters.
7. Click Save and Close. 7 How security works in domino
Ans:-7. The Domino security model is based on the premise of protecting
resources, such as the Domino server itself, databases, workstation data,
and documents. The resources, or objects, that are being protected are set
up to define the rights of users to access and change the object.
Information about access rights and privileges are stored with each
protected resource. Thus, a given user or server may have different sets
of access rights, depending on the resources to which that user or server
requires access.
The following includes brief descriptions of the various resources that
you need to protect in a Domino environment. Some of the topics are not
specific to Domino security, but are included here in the interest of
thoroughness.
Physical security
Physically securing servers and databases is equally as important as
preventing unauthorized user and server access. It is the first line of
defense against unauthorized or malicious users, by preventing them
from having direct access to your Domino servers. Therefore, we
strongly recommend that you locate all Domino servers in a ventilated,
secure area, such as a locked room. If servers are not physically secure,
unauthorized users might circumvent security features for example,
ACL settings and access applications directly on the server, use the
operating system to copy or delete files, or physically damage the server
hardware itself.
Physical network security concerns should also include disaster planning
and recovery.
Operating system security
Unauthorized or malicious users often take advantage of operating
system vulnerabilities. As a system administrator, you should safeguard
the operating system on which your Domino server runs. For example,
you should limit administrator login/rights, disable FTP (on NT), and
avoid the use of mapped directory links to file servers or shared NAS
server for Domino servers. Stay informed about your operating system of
choice, and keep current with security updates and patches.
Security
Network security
The goal for securing your network is to prevent unauthorized users
from gaining access to servers, users, and data. Physical network security
is beyond the scope of this book, but you must set it up before you set up
Notes and Domino connection security. Physical network security is
established through the use of devices such as filtering routers,
firewalls, and proxy servers that enable network connections for
various network services (such as LDAP, POP3, FTP, and STMP) that
you want to provide for your users. Network connection security access
is also controlled using these devices, as you can define what connections
can be accessed, and who is authorized to used them.
Properly configured, these devices prevent unauthorized users from:
Breaking through into the network and accessing the server via the
operating system and its native services (such as file sharing).
Impersonating an authorized Notes user
Eavesdropping on the network to collect data
Server security
The Domino server is the most critical resource to secure and is the first
level of security that Domino enforces after a user or server gains access
to the server on the network. You can specify which users and servers
have access to the server and restrict activities on the server for
example, you can restrict who can create new replicas and use passthru
connections.
You can also restrict and define administrator access, by delegating
access based on the administrator duties and tasks. For example, you can
enable access to operating system commands through the server console
for system administrators, and grant database access to those
administrators who are responsible for maintaining Domino databases.
If you set up servers for Internet/intranet access, you should set up SSL
and name-and-password authentication to secure network data
transmitted over the network and to authenticate servers and clients.
ID security
A Notes or Domino ID uniquely identifies a user or server. Domino uses
the information contained in IDs to control the access that users and
servers have to other servers and applications. One of the responsibilities
of the administrator is to protect IDs and make sure that unauthorized
users do not use them to gain access to the Domino environment.
Some sites may require multiple administrators to enter passwords before
gaining access to a certifier or server ID file. This prevents one person
from controlling an ID. In such cases, each administrator should ensure
each password is secure to prevent unauthorized access to the ID file.
For more information, see the topic Notes and Domino ID security
later in this chapter.
You can also secure Notes user IDs with Smartcards. Smartcards reduce
the threat of user ID theft, as a user who has a Smartcard needs their user
ID, their Smartcard, and their Smartcard PIN to access Notes.
Application security
Once users and servers gain access to a Domino server, you can use the
database access control list (ACL) to restrict access that specific users and
servers have to individual Domino applications on the server. In
addition, to provide data privacy, encrypt the database with an ID so
unauthorized users cannot access a locally stored copy of the database,
sign or encrypt mail messages users send and receive, and sign the
database or template to protect workstations from formulas.
Application design element security
Although users may have access to an application, they may not have
access to specific design elements in the application for example,
forms, views, and folders. When designing a Domino application, an
application developer can use access lists and special fields to restrict
access to specific design elements.
Workstation data security
Notes users may keep and use important applications and information
on their workstations. This information can be protected through the use
of an execution control lists (ECL), which defines the access that active
content from other users has to the user workstation.
8 How ECL worksAns:-8. You use an execution control list (ECL) to set up workstation data security. An ECL protects user workstations against active content from unknown or suspect sources, and can be configured to limit the action of any active content that does run on workstations. The ECL determines whether the signer of the code is allowed to run the code on a given workstation, and defines the access that the code has to various workstation functions. For example, an ECL can prevent another person's code from running on a computer and damaging or erasing data. "Active content" includes anything that can be run on a user workstation, including formulas; scripts; agents; design elements in databases and templates; documents with stored forms, actions, buttons, hot spots; as well as malicious code (such as viruses and so-called "Trojan horses").
There are two kinds of ECLs: the Administration ECL, which resides in the Domino Directory (NAMES.NSF), and the workstation ECL, which is stored in the user's Personal Address Book (NAMES.NSF). The Administration ECL is the template for all workstation ECLs. The workstation ECL is created when the Notes client is first installed. The Setup program copies the administration ECL from the Domino Directory to the Notes client to create the workstation ECL.
The workstation ECL
A workstation ECL lists the signatures of trusted authors of active content. "Trust" implies that the signature comes from a known and safe source. For example, every system and application template shipped with Domino or Notes contains the signature Lotus Notes Template Development. Likewise, every template and database that your organization designs should contain the signature of either the application developer or the administrator.
For each signature, the ECL contains settings that control the actions that active content signed with that signature can perform and the workstation system resources it can access.
For a description of ECL access options, see ECL security access options.
How the workstation ECL works
When active content runs on a user workstation and attempts a potentially harmful action -- for example, programmatically sending mail -- the following occurs:
1. Notes verifies that the active content is signed and looks up the signer of the code in the workstation ECL.
2. Notes checks the signer's ECL settings to determine whether the action is allowed. 3. One of the following occurs:
a. If the signer of the code is listed in the workstation ECL and the appropriate setting is enabled, the active content runs. b. If the active content attempts an action that is not enabled for the signer, or if the signer is not listed in the ECL, Notes generates an Execution Security Alert (ESA), which specifies the attempted action, the signer's name, and the ECL setting that is not enabled.The ESA gives the user four options:
Do not execute the action -- to deny the signer access to perform the specified action.
Execute the action this one time -- to allow the signer access to perform the action only once. The ESA appears again if the same action is attempted in the future. This option does not modify the ECL.
Start trusting the signer to execute this action -- to allow the action to be performed and modify the ECL configuration to add the signature of the active content to the ECL. This grants permission for the signer to execute the specific action any time on that workstation. More Info -- to display a dialog box that provides information about the design type, design name, Notes ID, signature status, and parent database of the code that caused the ESA.
For example, locally scheduled agents, as well as manual agents, can generate ESAs. Click "More Info" to get information about the agent that generated the alert.Note The administration ECL has a setting that prevents users from changing their workstation ECLs. If this setting is enabled, then the user's option to trust the signer is disabled.Creating a security policy settings document A Security policy settings document controls the Administration ECL as well as Notes and Internet passwords.
To create Security settings
1. Make sure that you have Editor access to the Domino Directory and one of these roles:
PolicyCreator role to create a settings document
PolicyModifier role to modify a settings document2. From the Domino Administrator, select the People & Groups tab, and then open the Settings view. 3. Click "Add Settings," and then choose Security.
4. On the Basics tab, complete these fields: FieldAction
NameEnter a name that identifies the users (and, if you are a service provider, the hosted organization) that use these settings.
DescriptionEnter a description of the settings.
5. On the Password Management tab, complete these fields:
FieldAction
Allow users to change Internet password over HTTPChoose one:
Yes (default) -- to allow users to use a Web browser to change their Internet passwords. No
Synchronize Internet password with Notes passwordChoose one:
No (default)
Yes -- to allow users to use the same password to log in to both Notes and the Internet.
Check Notes passwordChoose one:
No (default)
Yes -- to require a password for Notes authentication.
6. In the "Enforce password expiration" field, choose one:
Disabled (default) -- to disable password expiration.
Notes only -- to enable password expiration for only Notes passwords. Internet only -- to enable password expiration for only Internet passwords.
Notes and Internet -- to enable password expiration for both Notes and Internet passwords.Note Internet password expiration settings are recognized only by the HTTP protocol. This means that Internet passwords can be used with other Internet protocols (such as LDAP or POP3) indefinitely. Caution Do not enable password expiration if users use Smartcards to log in to Domino servers. 7. If you enabled password expiration, complete these fields. Otherwise, go on to Step 9:
FieldAction
Required change intervalEnter the number of days a password can be in effect before it must be changed.
Allowed grace periodEnter the number of days users have to change an expired password before being locked out.
Password history (Notes only)Enter the number of expired passwords to store. Storing passwords prevents users from reusing old passwords.
8. Choose one of the following to specify Password Quality Settings for IDs:
Required password quality -- and then choose the quality level required when users create passwords.
Use length instead -- and then enter a number from 0 to 16 to require that users create passwords of a specific length. 9. On the Execution Control List tab, complete these fields:
FieldAction
Admin ECLThe default administration ECL is the default value for this field. Choose one: Edit -- to edit the default administration ECL. New -- to create a new administration ECL. Enter the name of the new ECL and choose options in the Workstation Security: Execution Control List dialog box. The name of the new ECL appears in this field.
Update ModeChoose one:
Refresh -- to update workstation ECLs with changes made to the Administration ECL. If a setting appears in both the administration and workstation ECL, the administration ECL setting overrides the workstation ECL setting.
Replace -- to overwrite the workstation ECL with the Administration ECL. This option overwrites all workstation ECL settings.
Update FrequencyChoose one:
Once Daily -- to update the workstation ECL when the client authenticates with the home server and either it has been a day since the last ECL update or the administration ECL has changed.
When Admin ECL Changes -- to update the workstation ECL when the client authenticates with the home server and the administration ECL has changed since the last update.
Never -- to prevent the update of the workstation ECL during authentication.
10. Save the document.
For more information on Notes and Internet passwords, see the topics Setting up password verification and Name-and-password authentication for Internet clients.
11 What is HTTPSAns:-11. HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a Web protocol developed by Netscape and built into its browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is the use of Netscape's Secure Socket Layer (SSL) as a sublayer under its regular HTTP application layering.
12.What is the extension of key ring file
13.What is the extension of password file
Ans:-12&13. Before you request a certificate from a CA, you must create a key ring file to store the certificates. A key ring file is a binary file that is password-protected and stored on the server's hard drive. When you create a server key ring file (.KYR), Domino generates an unsigned server certificate and automatically includes several trusted root certificates. The unsigned server certificate is not valid until it is signed by a certifier. Domino also creates a stash file (.STH) using the same name as the key ring file, but with the file extension .STH. Domino uses the stash file to store the key ring file password for unattended access to the server key ring file.
To create a server key ring file
1.Set up the Server Certificate Admin application.
2.From the Notes client, open the Server Certificate Admin application on the server for which you want to enable SSL. 3.Click "Create Key Ring."
4.Complete these fields:
FieldAction
Key Ring File NameEnter the key ring file name. The default is KEYFILE.KYR. It's helpful to use the extension .KYR to keep key ring file names consistent.
Note the server's key ring file name appears in any Internet Site documents that you have configured, or, if Internet Site documents are not being used, on the Ports - Internet Ports tab of the Server document. If you specified a name other than the default, you need to edit the name where it appears - in the Internet Site documents or in the Server document.
Key Ring PasswordEnter the password for the key ring.
Key SizeSpecify the key size Domino uses when creating the public and private key pairs. The larger the size, the stronger the encryption.
Common nameEnter the server's TCP/IP fully-qualified domain name -- for example, www.acme.com.
Set up the server certificate so that the common name matches the host name since some browsers check for this match before allowing a connection.
OrganizationEnter the name of the organization -- for example, a company name, such as Acme.
Organizational Unit(Optional) Enter the name of certifier division or department.
City or Locality(Optional) Enter the organization city or locality.
State or ProvinceEnter the full name of the state or province in which the certifier organization resides.
CountryEnter the two-character abbreviation of country in which organization resides
5.Click "Create Key Ring."
6. After you read the information about the key ring file and distinguished name, click OK. Notes creates the key ring file and stash (.STH) file and places them in the Notes data directory on the client machine used to create the key ring.
7.Copy the key ring file and stash (.STH) file to the Domino data directory on the server.
Caution You must ensure that the key ring password in the stash file is protected. The key ring file password is altered in the stash file so that it cannot be recognized by a casual observer, but it is not encrypted. You should not allow unauthorized persons access to either the stash file or the key ring file. In the normal course of operation, only the server itself should have access to those files; however, administrators may also need permission to remove or replace the files. As with all server resources, managing proper file permissions and protections is vital to the security of the system.
8. Request an SSL server certificate.
14.How encryption works in DominoAns:-14. Mail encryption protects messages from unauthorized access. Only the body of a mail message is encrypted; the header information -- for example, the To, From, and Subject fields -- is not.
Notes users can encrypt mail sent to other Notes users or to users of mail applications that support S/MIME -- for example, Microsoft Outlook Express and Netscape Communicator. Users can use Notes mail encryption to encrypt mail sent to other Notes users, encrypt mail received from other Notes users, or encrypt all documents saved in a mail database. Notes uses the recipient's public key, which is stored in the sender's Personal Address Book or in the Domino Directory, to encrypt outgoing and saved mail. In general, mail sent to users in a foreign domain cannot be encrypted. However, if the recipient of the mail uses Notes and the sender has access to the recipient's public key, the sender can encrypt the mail message. The recipient's public key can be stored in the Domino Directory, in an LDAP directory to which the sender has access, or in the sender's Personal Address Book. Notes users can also use S/MIME to encrypt mail sent to recipients who use mail applications that support S/MIME. Senders must have the recipient's public key in order to encrypt the message for S/MIME. The recipient's public key is stored in an Internet certificate in either a Domino Directory or LDAP directory to which the sender has access or in the sender's Personal Address Book. The sender must also have a cross-certificate that indicates to Notes that the recipient's public key can be trustedWhat are steps involved for recertificationAns:-18. Before a user ID reaches its expiration date, recertify the user ID using the original certifier ID. The user ID is recertified without renaming the user.
Use the Certificate expiration view to determine which certifiers need to be recertified. Access this view from Files - Certlog.nsf - By Expiration date. All certifiers are listed by expiration date.
Note To recertify a user ID using a certifier other than the certifier used to create the user ID, see "Moving a user name in the name hierarchy" in this chapter.
To recertify a user ID
Follow these steps to use the Administration Process to recertify a hierarchical ID that is about to expire.
1.To recertify a user ID, you must have:
Author with Create documents access and the UserModifier role, or Editor access to the Domino Directory
At least Author with Create documents access to the Certification Log (CERTLOG.NSF)
2.From the Domino Administrator, click the People & Groups tab.
3.Select the user to be recertified with the same certifier.
4.From the tools pane, select People - Recertify.
5.Complete these fields:
FieldAction
ServerDo one of these:
If you are using the Lotus Domino 6 server-based CA, choose the server that is used to access the Domino Directory to look up the list of certifiers.
If you are supplying a certifier ID, select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors. This is also the server on which CERTLOG.NSF is updated.
Use the CA processChoose this option if you have configured the Lotus Domino 6 server-based CA.
Select a CA configured certifier from the list and click OK.
Supply certifier ID and passwordChoose this option if you are using a certifier ID and password.
Choose the certifier ID that certified the user's ID and click Open. For example, to rename Joe Smith/Sales/NYC/ACME, use the certifier ID named SALES.ID.
Click "Certifier ID" to select an ID other than the one displayed.
Enter the password for the certifier ID and click OK.
6.Verify the certifying ID information and complete the following fields:
FieldAction
New certificate expiration date(Optional) Specify a certifier ID expiration date other than the default two years from the current date.
Only renew certificates that will expire before(Optional) Enter a date to recertify only a subset of selected user IDs, according to their current expiration dates.
Edit or inspect each entry before submitting request(Optional) Select the option to edit or inspect each entry before submitting the request if you want to view each certificate before it is renewed.
7. If you selected the option to view each entry prior to its being submitted, the Recertify Person dialog box appears with non-modifiable information in the primary and common name fields. Review the information that displays, then select one of the following:
OK - to submit the name change.
Skip - if you are recertifying more than one user ID and you want to continue to the next without submitting a recertification for the current name.
Cancel Remaining Entries - to cancel this recertification, as well as those for any other names you selected and have not yet submitted.
8.When the Processing Statistics dialog box appears, review the information to verify that all name changes have succeeded. Click OK. If any fail, check the Certifier Log (certlog.nsf) to determine the reason for the failure.Ans:-20. Replication is the process of synchronizing documents from the same databases on different workstations or servers over time. Replication enables exchanging modifications between special copies of databases called replicas .
The following table describes the terms used for replication.
Replication terms
TermDefinition
ReplicatorThe Replicator is a server task that is loaded, but not initiated, at server startup. The replicator pulls data from, or pushes data to, another server.
Replica IDThe unique number assigned to a database when it is first created. Replicas of the same database share the same replica ID. The Replicator looks for databases with the same replica ID to synchronize.The replica ID is found on the tab in Database Properties.
Replica ID
Note: A database copy does not share the same replica ID as the original database. Only database replicas share the same replica ID.
Unique Notes Identification Number (UNID)The unique number assigned to a document when it is first saved. The Replicator looks for documents with the same UNID to synchronize.The UNID is found on the tab in Document Properties.
UNID
Replication HistoryA list of dates and times when two servers or a server and workstation successfully replicated. The Replicator uses Replication History to determine which documents are new, changed, or deleted since the last time the two databases replicated.
How does replication work?
In server-to-server replication, one or both server's replicator task synchronizes the data. The diagram below shows how replication works using a replication type called Pull-Pull where both servers share the workload.
East01 initiates Pull-Pull replication with West01. In this example, Pull-Pull is accomplished by configuring Pull Only replication on both servers.
Server-to-server replication
The following table describes how information in databases is kept updated on all servers during replication.
Server-to-server replication process
StageDescription
1The replicator compares its list of databases with the called server's list of databases to determine which databases they have in common.
2Working on one database at a time, the initiating server builds a list of ACL, design, and document modifications that have occurred since the last time these two servers replicated.
3The Replicator pulls (reads and writes) ACL and design and document changes, based on permissions set in each server, database, and document.
4Upon completion of replication with the first database, the Replicator updates the replication history for that database and moves on to the next database in common. It repeats Stages 2 and 3.
5When the initiating server has replicated all databases in common with the called server, the Replicator will tag the called server's replicator to repeat the same process in the other direction.
Workstation-to-server replication works differently since the workstation software does not have a Replicator. In workstation-to-server replication, it is the workstation software itself that reads changed documents from the database on the server and writes those changes to the local replica. The workstation also pushes its changed documents to the database on the server. The server's Replicator is not involved in workstation-to-server replication. As with server-to-server replication, the ACL, design, and document changes are distributed based on server, database, and document settings.Ans:-21. During configuration, Notes creates a Connection document for your home server. Connection documents reside in your Personal Address Book and store information Notes needs to access a server, such as the server's full Domino name, Internet address, or telephone number. One server may have multiple Connection documents if you access it in multiple ways, for example over the LAN at work and using a dialup modem from home
Ans:-22 & 23.YesAns:-24.Create Replica
Ans:-25. Following are several common reasons that replication fails:
No changes have been made. Replication occurs only when there are changes to replicate.
The database is not scheduled to replicate. See the topic on scheduling replication.
Replication is temporarily disabled for the database you're using. To enable replication, choose File - Replication - Settings, click Other, and deselect "Temporarily disable replication."
The replica IDs of the two databases you want to replicate are not the same. (Databases with different replica IDs cannot replicate.) Examine the replica ID for each database and make sure they match. If the replica IDs don't match, create a new replica and then clear the replication history on any other replicas to ensure that the next replication is a full replication. The access control list on one of the replicas may have changed since the replicas were created so that you no longer have the same access level to both replicas. The destination server is out of hard disk space.
You replicate at a Notes Direct Dialup or Network Dialup location, and you see "Skipping replication due to previous call failure" on the Replicator page. Check to see that your phone connection has not been lost.Ans:-26. When Domino receives an inbound SMTP message, it attempts to determine whether the message is for a local recipient. When the Domino Directory does not include a Global Domain document, Domino accepts only messages addressed to users in the same Internet domain as the server, as indicated in the Fully-qualified Internet host name that appears in the Server document. But if the Domino Directory includes a Global domain document, Domino can receive mail for multiple Internet domains. To determine whether to accept a message, Domino compares the domain part to the local primary Internet domain listed in the Global domain document. If it does not find a match in this field, it examines the secondary Internet domains -- the "alternate Internet domain aliases" -- listed in that document.
The role of Global domain documents in determining whether to accept inbound SMTP mail
If the Domino Directory contains multiple Global domain documents, Domino uses a similar process to determine whether a recipient is local: it first checks the primary Internet domain in each Global Domain document, and then, if it still hasn't found a match, it continues by checking the alternate Internet domains. If the domain in the address does not match any of the domain entries in any Global domain document, the message is considered an attempt to relay, and Domino rejects the message.
Inbound address lookup when the Domino Directory contains multiple Global Domain documents
After Domino accepts a message, the Router attempts to match the recipient's Internet address to an entry in the Domino Directory. When looking up the recipient in the Domino Directory, if the domain suffix in the address matches an alternate Internet domain aliases defined in a Global Domain document, and no Person document includes this address, the Router performs a secondary lookup. In this secondary lookup, the Router pairs the local part of the address with the domain suffix of the primary Internet domain specified in the Global domain document. For example, a server receives a message for [email protected]. The Router searches all of the Person documents in the Domino Directory for this Internet address, but cannot find a match. However, in the Domino Directory, there is a Global domain document that includes the domain suffix acmewest.com as an alternate Internet domain alias. In this same Global Domain document, the primary Internet domain is acme.com. After the primary lookup fails, Domino performs a secondary lookup, using the address [email protected]. Domino performs secondary lookups only if the Router is configured to perform fullname, or fullname, then local part lookups.
In cases where the Domino Directory contains multiple Global domain documents, and a secondary lookup is required, when replacing the domain suffix in the original address with the domain suffix of the primary Internet domain, the Router only considers Global domain documents that list the alternate Internet domain alias. That is, Domino always replaces the domain suffix from within a given document; it never replaces an alternate domain listed in one document with a primary domain from another document.
To prevent the Router from using domain aliases when looking up addresses, do not include alternate Internet domain aliases in a Global domain document. Instead, create multiple Global Domain documents, each specifying a different primary Internet domain.
Controlling outbound addresses construction with multiple Global domain documents When the Domino Directory contains a single Global Domain document, the address construction rules in that document determine how a server forms the sender's address in an outbound SMTP message. However, if the Domino Directory contains multiple Global Domain documents, when constructing the sender's address, Domino uses the Internet domain specified in the Server document and the address construction rules defined in the Global Domain document listed last, alphabetically, in the directory. If you want Domino to form the sender's outbound address from the primary Internet domain and the address construction rules contained in a particular Global domain document, designate that document as the default Global Domain document.
Designating a default Global domain document When there are multiple Global Domain documents in the Domino Directory, designate one as the default so that when a servers construct a sender's outbound Internet address, the addresses created are based on the primary Internet domain and address construction rules specified in the designated document.
1. From the Domino Administrator, click the Configuration tab and then expand the Messaging section.
2. Choose Domains, and click Global Domain
3. Select the Global Domain document you want to designate as the default and click Edit Domain.
4. On the Basics tab, complete following field, and then click Save & Close:
FieldEnter
Use as default Global Domain (for use with all Internet protocols except HTTP)Select Yes to designate this Global Domain document as the default Global domain for this Domino Directory.
Ans:-27. To set up a server to receive SMTP-routed messages, you must enable the SMTP Listener. Then the server can "listen" for SMTP traffic over the TCP/IP port (usually port 25) and receive SMTP messages in the MAIL.BOX database(s). Enabling the SMTP listener causes the server SMTP task to start up automatically every time the server starts. Disabling the SMTP listener prevents the SMTP task from starting up when the server starts. Note Do not add SMTP as a task to the task list in the NOTES.INI file or this feature will not work.
To enable or disable the SMTP Listener
1. From the Domino Administrator, click the Configuration tab and then expand the Server section.
2. Select the Server document to be edited it and then click Edit Server.
3. On the Basics tab, complete these fields:
FieldEnter
Fully qualified Internet host nameThe server's complete combined host name and domain name, including the top-level domain. For example, smtp.acme.com; smtp is the host name; acme is the second-level domain; and .com is the top level domain. In the absence of a Global Domain document, the Router uses the entry in this field to determine the local Internet domain. Typically, the fully qualified host name is added to the Server document during server setup or by the Administration process (AdminP). A routing loop can result if this field does not contain a valid entry.
SMTP listener taskChoose one:
Enabled to turn on the Listener so that the server can receive messages routed via SMTP routing
Disabled (default) to prevent the server from receiving messages routed via SMTP routing
4. Click the Ports - Internet Ports - Mail tab. 5. In the Mail (SMTP Inbound) column, ensure that the TCP/IP port status is set to Enabled, and then click Save and Close.
Refer to "Reconfiguring the SMTP port" for more information about modifying the default SMTP port settings.Ans:-28. Non-adjacent domains are Domino domains that are not directly connected, but have an intermediary domain, adjacent to both of them in common. For example, domain A and domain B are adjacent and have Connection documents defining the route between them. Similarly, domain B, in turn, is adjacent to domain C and mutual Connection documents exist between them; and domains C and D are likewise adjacent to each other and linked by Connection documents. Domain B is thus adjacent to domain A on one side, and domain C on the other; and domain C is adjacent to B and D, respectively. If no direct connection exists between A and C, these two domains are considered to be non-adjacent domains. Similarly if there is no direct connection between B and D, these two domains are also non-adjacent.
Because there is no direct connection between two non-adjacent domains, you cannot define the routing path between them in a Connection document. Connection documents can only be used between two directly-connected, adjacent domains. However, users in non-adjacent domains can send mail to each other by routing it through the intermediary domain.
One way to do this is to use explicit addressing -- telling the Router how to reach the destination domain through the intermediary domain by placing the entire routing path in the address field. For example, if Kathy Burke in domain A wants to send a message to Robin Rutherford in the non-adjacent domain C, she addresses the message by way of domain B, as follows:
Robin Rutherford@C@B
In processing the message, the Router on the domain A mail server looks only at the last part of the address, and uses the Connection document to determine the route to domain B. The domain B server then uses the Connection document in its Domino Directory to transfer the message to domain C.
Although the use of explicit addressing is an effective method for directing mail to non-adjacent domains, because it relies on a complete knowledge of the inter-domain routing topology, it's also not a very practical solution. This information is not readily available to a typical user. To simplify routing and addressing to non-adjacent domains, you can create a Non-adjacent domain document in the Domino Directory to define the path between the non-adjacent domains.
Using a Non-adjacent domain document
Administrators can create a Non-adjacent domain document to control message routing to a non-adjacent domain. A Non-adjacent Domain documents serves three functions:
Specifies a routing path to the non-adjacent domain by supplying next-hop domain information Restricts mail from other domains from routing to the non-adjacent domain Defines the Calendar server used to enable free time lookups between two non-adjacent domains. Non-adjacent domain documents are only required to specify routing restrictions to a non-adjacent domain. However, to simplify addressing on messages destined for a non-adjacent domain, it's useful to have a Non-adjacent domain document for that domain. Without a Non-adjacent domain document in the Directory, the Router has no defined routing path to the non-adjacent domain. The Router can transfer a message to the non-adjacent domain if the recipient address uses explicit path routing (User@AdjacentDomain@NonAdjacentDomain), but cannot transfer a message with a simple domain address (User@NonAdjacentDomain). When explicit addressing is used the Router uses the Connection documents between domains to calculate the path to the next-hop domain.
But when a Non-adjacent domain document is available, the Router obtains intermediary domain information from that document. This eliminates the need for users sending mail to a non-adjacent domain to use complex, explicit addressing. Thus, if domain A has a Non-adjacent domain document for domain C, when Kathy Burke in domain A sends mail to Robin Rutherford in domain C, she uses the address Robin Rutherford@C (rather than Robin Rutherford@C@B). Because the Router finds the intermediate domain information in the Non-adjacent domain document, the message is transferred successfully to domain C by way of domain B.
Using Non-Adjacent domain documents to restrict mail
Using Non-adjacent domain documents to simplify addressing makes them valuable enough. But Non-adjacent domain documents play another equally significant role. Although they are not strictly required to enable routing between non-adjacent domains, they are needed if you want to restrict routing of messages from certain domains.
By default, any domains that can route mail to your domain can also route mail to the destination domains named in a Non-adjacent domain document. Mail routed from one domain to another through your domain consumes your network resources. To prevent your servers from being used to transfer mail between other domains, you can selectively allow and deny mail routing through your domain.
The Allow and Deny fields on the Restrictions tab of the Non-adjacent domain document let you control the flow of messages from other domains to the non-adjacent domain. Entries in these fields must be the names of adjacent domains; the Router ignores entries for non-adjacent domains beyond the previous hop. If you deny a domain from sending mail through your domain, the Router denies all mail received from that domain, including messages the domain may have passed on from another, non-adjacent domain. The "Deny mail from domains field" in a Non-adjacent domain document does not block messages that use explicit domain addressing, that is, addresses that explicitly name every domain on the routing path. A Non-adjacent domain document can only block mail that relies on information in the Non-adjacent domain document to supply the name of a a missing intermediate domain. If the entire routing path is contained in the recipient address, the Router doesn't need to check the document to determine where to route the message, and thus cannot block it. For example, if in the previous example, the administrator in domain B creates a a Non-adjacent domain document for domain D and adds domain A to the Deny mail from domains field. Kathy Burke in domain A can still send mail to Judy Kaplan in domain D by specifying the following explicit domain address: Judy Kaplan@D@C@B. To prevent Kathy Burke from sending this message, the administrator in Domain B would have to create an Adjacent domain document for domain C that names domain A in the Deny mail from domains field.
The settings in the Allow and Deny fields work in conjunction with the Allow and Deny fields on the Router/SMTP - Restrictions and Controls - Restrictions tab of the Configuration Settings document. In the event of any conflict between settings, Domino applies the most restrictive entry.
Messages may be further restricted by Adjacent Domain documents, Non-adjacent Domain documents, and Configuration Settings documents set up between domains along the routing path.
To create a Non-adjacent domain document1. From the Domino Administrator, click the Configuration tab and then expand the Messaging section.
2. Choose Domains.
3. Click Add Domain to create a new Domain document.
4. On the Basics tab, complete these fields:
FieldEnter
Domain typeChoose Non-adjacent domain
Mail sent to domainThe name of the non-adjacent Domino domain you want to route mail to.
Route through domainThe name of the intermediary Domino domain through which you want to route mail for the destination domain. The current domain must have a Connection document to this domain.
Also, the Domino Directory in the intermediary domain must have a Connection document to the destination domain.
Domain descriptionAn optional description of the domain
5. Click the Restrictions tab, complete one or both of these fields, and then save the document:
FieldEnter
Allow mail only from domainsEnter the names of Domino domains adjacent to the current domain that are allowed to route mail to this non-adjacent domain.
Leave this field blank to allow any domain to route mail through the local domain to the non-adjacent domain.
Deny mail from domainsEnter the names of Domino domains adjacent to the current domain that are not allowed to route mail to this non-adjacent domain.
Leave this field blank to allow any domain to route mail through the local domain to the non-adjacent domain.
Note You cannot use wildcards in the Restrictions fields. You must enter explicit domain names.
6. Create a Connection document to specify how servers in the current domain connect to the intermediary adjacent domain.
Note Since, by definition, all servers in a domain use the same Domino Directory, only one Non-adjacent domain document is required for each non-adjacent domain. You do not have to create a separate document for each server.
Ans:-29. This process allows you to customize the type of information you want to collect and store in the Mail Tracking Store database (MTSTORE.NSF). For example, you can exclude certain users' mail from being collected, or you can restrict messages from being tracked by message subject.
1.Make sure you already have a Configuration Settings document for the server(s) to be configured.
2.From the Domino Administrator, click the Configuration tab and expand the Messaging section.
3.Click Configurations.
4.Select the Configuration Settings document for the mail server or servers you want to administer, and click Edit Configuration.
5.In the Configuration Settings document, click the Router/SMTP - Message Tracking tab.
6.Complete these fields, and then click Save & Close:
FieldEnter
Message trackingChoose one:
Enabled to log message-handling activity information in the Mail Tracking Store database.
Disabled (default) to not log any message-handling information.
Don't track messages forThe names of users and/or groups whose messages will not be logged and, therefore, cannot be tracked. This field applies only to messages sent by the specified person or group.
For example, to prevent administrators from tracking messages sent by the Manager of Human Resources, enter the manager's name in this field.
If you leave this field blank (default), authorized administrators can track messages for all users and groups on all servers that are enabled for mail tracking.
On servers running the ISpy task to test mail connectivity, this task sends trace messages at 5-minute intervals. To prevent the Domino MailTracker Store database from filling up with entries for these trace messages, enter the name of the ISpy mail-in database on the server in this field, for example, ISpy on MailHub1.
Log message subjectsChoose one:
Yes - The server records the subject of each message in the MailTracker Store database.
No - (default) The server does not log message subjects.
Don't log subjects forThe names of users and/or groups whose message subjects will not be logged and, therefore, cannot be tracked. This field applies only to messages sent by the specified person or group. The default is none.
Message tracking collection intervalA number that represents how often, in minutes, you want to log message tracking activity in the Mail Tracking Store database.
Note This number may affect server performance. Enter a number appropriate to the size and speed of your system. The default 15 minutes is recommended.
Allowed to track messagesThe names of servers and/or users allowed to track messages on this server.
If you leave this field blank (default), only members of the LocalDomainServers group are authorized to track messages on this server. If you add any entries to this field, you must list all servers and/or users that are allowed to track messages on this server.
Allowed to track subjectsThe names of servers and/or users allowed to track messages by subject on this server.
If you leave this field blank (default), only members of the LocalDomainServers group are authorized to track messages by subject on this server. If you add any entries to this field, you must list all servers and/or users allowed to track subjects on this server.
Note If you list servers and/or users in this field, you do not have to list them in the "Allowed to track messages" field.
If disk storage space is a concern, use database replication settings to control how many days' worth of information the Mail Tracking Store database retains. The number of days restricts how far back in time messages can be tracked, so choose a value that balances tracking needs and available disk storage. Ans:-30. A passthru server is a Domino server that connects to other Domino servers when a direct connection can not be made. For example, if the server you are calling over a phone line does not have a modem, the passthru server's modem can answer your call and connect to the server.
A passthru server can:
Connect to multiple servers with a single phone call (if you use a phone line and either a Notes Direct Dialup or Network Dialup connection to access Notes from outside your organization)
Connect to servers behind a firewall at your organization (if you use cable or DSL to access Notes from outside your organization)
Connect to servers on your LAN that use a different network protocol (for example, NETBIOS instead of TCP/IP) from your computer, if the passthru server runs both protocols
Connect (hop) to other passthru servers as necessary until reaching a target server
A hunt group is a bank of phone lines that you can access using a single phone number. The phone lines that make up this hunt group can be attached to several passthru servers. When you call a server, the hunt group decides which phone line should take the call, connects to a passthru server, and finally connects to your intended destination server. Large organizations with many passthru servers may use hunt groups to more efficiently balance the load on servers.
For more information, ask your Domino administrator whether your organization uses passthru or hunt group servers, and which Connection documents you need to take advantage of them.
Tip If your organization has at least one passthru server, specify it as your default server in your current Location document. Create other passthru or Connection documents on the advice of your administrator.
For information on replicating using a passthru server, see To replicate with a selected server and To create a call entry.
To specify a default passthru server for the current location
When Notes can't connect to a server directly, Notes tries to use the default passthru server to connect.
1. From the menu, choose File - Mobile - Edit Current Location.
2. Click the Servers tab.
3. In the "Passthru server" field, enter the name of a passthru server.
4. Click "Save & Close."
To create a passthru server Connection document automatically
1. Choose File - Mobile - Edit Current Location.
2. Near the top of the window, click the "Connection Configuration Wizard" button.
3. Follow the steps in the wizard for a passthru server.
Tip You can also choose File - Preferences - Client Reconfiguration Wizard to create a connection to a passthru server. Before using the wizard, make sure you are using a location where you want to use the server.
To create or edit a passthru server Connection document manually
1. Ask your Domino administrator for the name of the passthru server. 2. Choose File - Mobile - Server Phone Numbers.
3. Do one of the following:
To create a new Connection document, click the "New" button and choose "Server Connection."
To edit an existing Connection document, select the server and click the "Edit Connection" button.4. Click the Basics tab.
5. In the "Connection type" field, select "Passthru Server."
6. In the "Server name" field, enter the name of the destination server to access. You can use an asterisk (*) as a wildcard to represent all or part of a server name. For example, use */Acme to connect to any server at Acme.
7. In the "Passthru server name or hunt group name" field, enter the name of the passthru server.
8. (Optional) Click the Comments tab to add information for your own reference.
9. (Optional) Click the Advanced tab to specify additional settings such as a dedicated location for this connection, or login scripts.
10. Click "Save and Close."
Ans:-31. Pull-Pull is a two-way process in which two servers exchange updates. Using Pull-Pull, two replicators -- one on the calling server and one on the answering server -- share the work of replication.
Ans:-32. Compact B (In-place with file size reduction):- Uses in-place compacting, recovers unused space and reduces file size, unless there's a pending structural change in which case copy-style compacting occurs. If you use transaction logging, do full database backups after compacting completes.Compact C (Copy-style):- Uses copy-style compacting. Use this option, for example, to solve database corruption problems.
Ans:-34.Refer Answer:-4.
Ans:-35.SMTP Listener Task
Ans:-36&37. The Administration Process is a program that automates many routine administrative tasks. For example, if you delete a user, the Administration Process locates that user's name in the Domino Directory and removes it, locates and removes the user's name from ACLs, and makes any other necessary deletions for that user. If you want to delete all replicas of a database, the Administration Process finds the replicas on servers in the domain and provides an interface for deleting them. The Administration Process automates these tasks:
Name management tasks, such as rename person, rename group, delete person, delete group, delete server name, recertify users, and store Internet certificate.
Mail file management tasks, such as delete mail file and move mail file.
Server document-management tasks, such as store CPU count, store platform, and place network protocol information in Server document.
Roaming user management, such as roaming user setup, move roaming users to other servers, upgrade a nonroaming user to roaming status, and downgrade roaming user to nonroaming status.
User mail file management tasks, such as performing Access Control List (ACL) changes and enabling agents. For example, the "Out of Office" agent is enabled and disabled by Notes client users. Person document management tasks, such as storing the user's Notes version and client platform information.
Replica management tasks, such as create replica, move replica, or delete all replicas of a database.Administration servers
Administration servers control how the Administration Process does its work. You specify an administration server for the Domino Directory and for specific databases. By default, the first Lotus Domino server you set up in a domain is the administration server for the Domino Directory. The administration server for the Domino Directory maintains the Domino Directory's ACL, performs deletion and name change operations in that Domino Directory, and these changes are replicated to other servers in the domain. If you have multiple directories in your domain -- not replicas of other domain's directories, but more than one of your own -- you can specify an administration server for each of the directories in your domain. Do not specify an administration server in your domain for a replica of another domain's Domino Directory.
All databases need an administration server to manage name changes and deletions that apply to the database -- for example, changes to the ACL, Readers and Authors fields, or Names fields. If a database has replicas, you assign an administration server to only one replica. Then the Administration Process makes all changes to that replica, and replication for that database carries out the changes in all other replicas.
You can also set up one or more extended administration servers to distribute across multiple servers the processing of administration requests that modify the Domino Directory. The Administration Requests database
The Administration Requests database (ADMIN4.NSF) is created on the administration server for the Domino Directory when that server starts for the first time. Requests for work to be done by the Administration Process are stored in the Administration Requests database. The status of work done by the Administration Process is also stored there as response Log documents to the requests, in the form of Administration Request documents. To complete tasks, the Administration Process posts and responds to requests in the Administration Requests database. Domino servers use replicas of this database to distribute requests made on one server to other servers in the domain.
When other servers start, if the Administration Requests database does not exist, the server creates a replica stub of the Administration Requests database and waits for it to be initialized from another server in the domain. Every server in the domain stores a replica of the Administration Requests database and the Domino Directory. The Administration Requests database also acts as the interface to the Domino Certificate Authority requests. It is the responsibility of the Registration Authority to monitor the status of the Certification Authority (CA) Requests. The CA requests can be removed from the view or resubmitted for processing in the same manner as the Administration Process Requests. The Certification Log
To use the Administration Process to perform name changes and recertifications, the Certification Log (CERTLOG.NSF) must reside on the server that stores the Domino Directory in which you will initiate the name change or recertification. If the Certification Log exists on another server, move the Certification Log to the server containing the Domino Directory on which you are initiating the name change or recertification. The Certification Log contains a permanent record of how you register servers and users, including information about the certifier ID. The Certification Log also contains messages that describe the results of recertification requests that the Administration Process is processing. Ans:-40. Directory Assistance
Directory assistance is a feature a server can use to look up information in a directory other than a local primary Domino Directory (NAMES.NSF). You can configure directory assistance to use a particular directory for any of these services:
Client authentication
Group lookups for database authorization
Notes mail addressing
LDAP service searches or referrals
You can set up directory assistance for a remote LDAP directory or a Domino directory. A remote LDAP directory can be any remote LDAP-compliant directory, either one on a foreign LDAP directory server or one on a Domino server that runs the LDAP service.
A Domino directory is a directory created from the PUBNAMES.NTF template and accessed via NAMELookup calls. Servers can use directory assistance to do lookups in either local or remote replicas of a Domino directory. A Domino directory configured for directory assistance can be a secondary Domino Directory, an Extended Directory Catalog, or a primary Domino Directory.
A secondary Domino Directory is any Domino Directory that is not a server's primary Domino Directory. A secondary Domino Directory can be a directory associated with another Domino domain. A secondary Domino Directory can also be a Domino Directory created manually from the PUBNAMES.NTF template that is not associated with a Domino Domain, used, for example, to store and track Web user information.
An Extended Directory Catalog contains documents aggregated from multiple secondary Domino Directories. A server must use directory assistance to look up information in an Extended Directory Catalog, unless you integrate the Extended Directory Catalog directly into the primary Domino Directory.
The primary Domino Directory is the directory a server searches first that describes the Domino domain of the server. You can set up directory assistance for a primary Domino Directory, usually to specify which replicas of primary Domino Directories that servers with Configuration Directories can use.Directory Catalogs
A directory catalog is an optional directory database that typically contains information aggregated from multiple Domino Directories. Clients and servers can use a directory catalog to look up mail addresses and other information about the people, groups, mail-in databases, and resources throughout an organization, regardless of the number of Domino domains and Domino Directories the organization uses. A directory catalog includes the type of information that is important for directory services, and excludes other types of information that are part of a Domino Directory, for example Domino configuration information, such as information in Connection documents.
You use a directory catalog in conjunction with, rather than instead of, the primary Domino Directory and the Personal Address Book. A server searches its primary Domino Directory, and a Notes client searches its Personal Address Book, before searching a directory catalog.
There are two types of directory catalogs: condensed Directory Catalogs and Extended Directory Catalogs. Condensed Directory Catalogs use a unique design based on the DIRCAT5.NTF template that enables them to be extremely small. Condensed Directory Catalogs are designed for use on Notes clients. A condensed Directory Catalog on a Notes client is also known as a Mobile Directory Catalog.
Extended Directory Catalogs use the same design as the Domino Directory, which is based on the PUBNAMES.NTF. They are larger than condensed Directory Catalogs, but are the recommended directory catalog for server use because they allow faster and more flexible directory lookups.
Servers can use a directory catalog for mail addressing, for processing LDAP service operations, to look up client authentication credentials, and to look up the members of groups in database ACLs when authorizing users' database access. Ans:-41.Calcon task is to view the free time information of a particular user.Ans:-42&43.Refer Answer 40
Ans:-46. The Agent Manager ( Amgr) is an internal Domino task responsible for the execution of various Domino agents. Although agents are highly convenient, they are also very powerful and must be tracked. Agent Manager debugging provides a more granular level of auditing than Agent Manager logging does. By enabling Agent Manager debugging, a more in-depth audit trail of Agent execution will be recorded.
The Agent Manager debugging process will also report information on database activity in some cases. This will include the creation of new documents, the modification of existing documents, and new mail delivery.
Rather than being reported to a database, Agent Manager debugging information is reported to the console only by default. Administrators have the option to report debugging information to a text file by setting the "Debug_Outfile" console variable.
It is recommended that certain Agent Manager debugging options be enabled. These options include:
'c': Debug control information.
'e': Agent Manager event information.
'l': Loading information.
'm': Memory manager information
's': Scheduling informationAns:-47. In addition to the possibility that there are errors in the agent code, an agent may fail to run properly because the agent has insufficient access or because the agent is not set to run on the given server.
1.Insufficient access in the database ACL can prevent an agent from running properly. For example, a user may design an agent that copies selected documents from database A to database B. If the user -- and by extension, the agent -- doesn't have Author access in the ACL of database B, the agent runs, but it is not allowed to copy the documents. To determine if this problem exists, examine the Agent Log for access errors after the agent runs unsuccessfully.
2.If an agent won't run on a particular server, check the Agent Restrictions on the Security tab of the Server document. This section contains the "Run personal agents," "Run restricted LotusScript/Java agents," and "Run unrestricted LotusScript/Java agents" fields that specify who has access to run agents on the server. Although a user who has the appropriate access in the database ACL may be able to create an agent on the server, without the appropriate access in the Server document, the user can't run the agent.
You should also check the Server Access section on the Security tab of the Server document. This section contains the "Only allow server access to users listed in this Directory," "Access server," and "Not access server" fields, which allow and deny access to the server. Because an agent inherits the access privileges of the person who creates it, the agent can't run on a server for which its creator does not have access.
3.Scheduling conflicts may prevent an agent from running. In the Server document, click the Server Tasks - Agent Manager tab and check the "Daytime Parameters Start time/End time" and "Nighttime Parameters Start time/End time" fields. Any time not specified in these fields represents downtime; if a user creates a scheduled agent and specifies that it run during the server's Agent Manager downtime, the agent will not run. Compare these fields in the Server document to the time the agent is scheduled to run. If a conflict exists, change the Agent Manager schedule on the server, or ask the user to reschedule the agent.
4.If a LotusScript or Java agent terminates before completing its tasks, check the "Max LotusScript/Java execution time" fields in the Server document. If a complex agent requires more time than is scheduled, the Agent Manager terminates the agent before completion.
Ask the user to reschedule the agent to run at night, when the default maximum execution time is longer; or increase the value of the "Max LotusScript/Java execution time" field in the Server document, as needed. If neither of these solutions is practical, ask the user to rewrite the agent as several smaller agents.Ans:-48. Shows server status information including the server name, data directory on the server, time elapsed since server startup, transaction statistics, and the status of shared, pending, and dead mail.Ans:-49.Show Server
Ans:-50. Replicate servername [databasename]
Description: Forces replication between two servers (the server where you enter this command and the server you specify). Use the server's full hierarchical name. If the server name is more than one word, enclose the entire name in quotes. To force replication of a particular database that the servers have in common, specify the database name after the server name. The initiating server (where you're currently working) first pulls changes from the other server, and then gives the other server the opportunity to pull changes from it. You can use this command to distribute changes quickly or to troubleshoot a replication or communication problem.
Ans:-51. Tell Router QuitAns:-52. Fixes suspected corrupt Domino databases. These options can be combined as needed:
load fixup [database] -F
When fixup runs against multiple databases, by default it checks only documents with the last modified date since its last run. This parameter then forces the fixup task to check all documents in all databases being checked.
load fixup [database] -i
Checks only new documents in the database since the last run of fixup.
load fixup [database] -J
Runs fixup against databases that have transaction logging enabled. If this parameter isn't used, fixup doesn't check these databases.
load fixup -L
When used without specifying the database to check, logs every database suspected of being corrupted. The default is to log only when a database problem is found and needs to be corrected.
load fixup [database] -N
Changes the way that fixup operates when a corrupted document within a database is encountered. When this parameter is specified, any corrupted documents found are not deleted. A typical use of this is to allow documents to be copied to another database before fixup deletes them in an effort to retrieve documents from a corrupted database.
load fixup [database] -Q
Instructs fixup to be less thorough in its checking for corrupted documents in the database.
load fixup [database] -U
Changes unread document lists to the older R4 format. (Lotus recommends that you do this only when requested by Lotus Support.)
load fixup [database] -V
Specifies to not check views for corruption. Ans:-53. Maintains changed views and full text indices as the data changes within the Domino database.
load updall [database] -A
Performs an incremental update of an R4 site search database.
load updall [database] -B
Performs a full update of an R4 site search database.
load updall database -C
Rebuilds the full text indexes and any unused views in the database.
load updall [database] -F
Updates full text indexes but not views. load updall [database] -H
Updates full text indexes that are configured to be updated immediately.
load updall [database] -L
Updates full text indexes that are configured to be updated immediately, hourly, or daily.
load updall [database] -M
Updates full text indexes that are configured to be updated immediately or hourly.
load updall [database] -R
Rebuilds all full text indexes and all views in the database.
load updall database -T view
Rebuilds the out-of-date view in the database.
load updall database -T view -R
Rebuilds the view in the database whether or not it is out of date.
load updall [database] -V
Updates view but not full text indexes.
load updall [database] -X
Displays the number of user appointments and resource reservations in the free time database.
Ans:-54. UPDATE is usually scheduled to run continuously on the server, UPDALL will be scheduled to run overnight, and can also be run on demand. The main differences between them are
UPDALL will refresh the full-test indexes on all databases, UPDATE only refreshes those which are set to immediate or hourly
UPDALL will purge deletion stubs
UPDALL can be run manually with options
UPDALL will delete unused view indexes
To run UPDALL (maybe to fix a corrupt index), enter the command
LOAD UPDALL PATH OPTIONS from the server console. PATH is the pathname to the database or databases you want refreshed. Options include
-F only update full-text indexes
-V only update views
-X only rebuild views
-R rebuild both full-text indexes and view indexes. Use carefully, it will use loads of resource
There are loads of other options, which restrict the actions depending on database refresh settings.
Ans:-56. A Domino cluster is a group of two or more servers that provides users with constant access to data, balances the workload between servers, improves server performance, and maintains performance when you increase the size of your enterprise. The servers in a cluster contain replicas of databases that you want to be readily available to users at all times. If a user tries to access a database on a cluster server that is not available, Domino opens a replica of that database on a different cluster server, if a replica is available. Domino continuously synchronizes databases so that whichever replica a user opens, the information is always the same.
IBM Lotus Notes clients can access all Domino cluster servers. HTTP clients (Internet browsers) can access only Domino Web servers in a Domino cluster.
How do clusters help you?
The main benefits of clusters are:
High availability of important databases
When a hardware or software problem occurs, clustered servers redirect database open requests to other servers in the cluster to provide users with uninterrupted access to important databases. This process is called failover. Clusters provide failover for business-critical databases and servers, including passthru server failover to other servers in the cluster. Failover also lets you perform server maintenance, such as hardware and software upgrades, with little negative effect on users.
Workload balancing
When users try to access databases on heavily used servers, Domino can redirect the user requests to other cluster servers that aren't as busy so that the workload is evenly distributed across the cluster. Workload balancing of cluster servers helps your system achieve optimum performance, which leads to faster data access.
Scalability
As the number of users you support increases, you can easily add servers to a cluster to keep server performance high. You can also create multiple database replicas to maximize data availability, and you can move users to other servers or clusters as you plan for future growth. As your enterprise grows, you can distribute user accounts across clusters and balance the additional workload to optimize system performance within a cluster.
Data synchronization
A key to effective clustering is setting up replicas on two or more cluster servers so that users have access to data when a server is down or is being used heavily. Cluster replication ensures that all changes, whether to databases or to the cluster membership itself, are immediately passed to other databases or servers in the cluster. Thus, databases are continuously synchronized to provide high availability of information.
Analysis tools
Using the cluster analysis tools, as well as the log file, the Monitoring Configuration and Monitoring Results databases, and the server monitor, you can analyze cluster activity and make any changes necessary to improve performance.
Ease of changing operating systems, hardware, or versions of Domino
When you want to change your hardware, operating system, or Domino release, you can mark the clustered server as RESTRICTED so that requests to access a database on the server fail over to other cluster servers that contain replicas. This lets you make changes without interrupting the productivity of your users.
Data backup and disaster planning
You can set up a cluster server as a backup server to protect crucial data. You can prevent users from accessing the server, but cluster replication keeps the server updated at all times. You can even do this over
Related Documents
