INTERVIEW QUESTIONS
INTERVIEW QUESTIONS
1. Explain mail tracking in brief
2. How will you create multiple mail.box in domino
3. How will you disable mails if mail quota is exceeded
4. Explain mail routing
5. What is the difference between cluster replication and normal
replication
6. What is NNN
7. How security works in domino
8. How ECL works
9. How to restrict users using a particular database without
implementing ACL
10. What is the difference between author and reader field
11. What is HTTPS
12. What is the extension of key ring file
13. What is the extension of password file
14. How encryption works in Domino
15. Where is Private key stored
16. Can you see public key and private key in id file
17. Can you see public key and private key in domino
directory
18. What are steps involved for recertification
19. What is the difference between Database administrator and
Server administrator
20. How replication works in Domino
21. What kind of informations are available in connection
document
22. Can multiple replica task be enabled
23. Can you temporarily disable replication for one database24.
What is the minimum level of access for creating a replica
25. If some of the documents are not being replicated what can
be the issue
26. What is global domain document
27. From where SMTP incoming mail option is enabled
28. What is the use of non adjacent domain
29. How mail tracking can be enabled
30. What is the use of pass through server
31. What is the use of replication type PULL PULL
32. What is the use of commands Compact-C and Compact-B
33. What is the advantage of changing DB id
34. What are the steps involved in mail routing
35. Which task runs on the background of the client for
transferring of mails
36. What is the use of administration process
37. Which task is performed by Admin P
38. What kind of informations are available in Location
document
39. Can we configure multiple address book in client
40. What is directory cascading and directory assistance and
difference between them41. What is the function of CalCon task
42. What is the function of directory catalog
43. What is the advantage of directory assistance
44. How directory cascading can be configured
45. What is the minimum level of access for user to login in to
web mail
46. What is agent manager
47. How will you troubleshoot if agent fails (Step wise)
48. What kind information can be viewed through Show Server
command
49. What is the command to view the current version of the
domino50. What is the command to replicate a database
51. What is the command to restart the router
52. What is the use of Fixup command
53. What is the use of Updall command
54. What is the difference between updall and update command
55. What is the difference between New Copy and New Replica
56. What is the advantage of Clustering and what all components
are involved in domino clustering
57. What is cluster manager
58. What is the use of shared mails
Answers1. Explain mail tracking in briefAns:-1. Both users and
Domino administrators can track mail. Users can track only messages
that they themselves sent. Administrators can track mail sent by
any user.
When you configure mail tracking, you can specify which types of
information Domino records. For example, you can specify that
Domino not record message-tracking information for certain users,
or you can choose not to record the subject line of messages sent
by specific users. The Mail Tracker Collector task (MTC) reads
special mail tracker log files (MTC files) produced by the Router
and copies certain messaging information from them to the
MailTracker Store database (MTSTORE.NSF). The MailTracker Store
database is created automatically when you enable mail tracking on
the server. When an administrator or user searches for a particular
message, either a message tracking request or a mail report, Domino
searches the MailTracker Store database to find the information.
Note The Mail Tracker Collector differs from the Statistics
Collector (Collect task), which is responsible for gathering
statistical information about servers. How mail tracking works
1. From a Notes client or Domino Administrator client, a user
creates a query to determine whether a specific message arrived at
its intended destination or to determine how far it got if delivery
failed. 2. The mail tracking program begins to trace the routing
path from the server where the message originated. If the message
is not found on the originating server, tracking automatically
continues at the next server on the route. 3. Step 2 is repeated on
each "next server" until the route ends. Detailed information is
provided about the processing of the message on each server. 4.
After the tracking query completes, the user can select messages
from the results and check their delivery status. The following
table displays the possible values for the delivery status:
Delivery StatusMeaning
DeliveredThe message was delivered to a mailbox on the server.
The mail file status indicates whether the message was read,
unread, or deleted. If the mail file status is not read, unread, or
deleted, it appears as unknown.
Delivery failedThe server attempted to deliver the message to a
mail file but was unsuccessful. The recipient may not exist, or the
server's disk may be full.
In queueThe Router is processing the message.
TransferredThe Router successfully sent the message to the
server identified in the next hop field.
Transfer failedThe Router attempted to transfer the message to
another server and failed.
Group expandedThe message was addressed to a group, and the
group was expanded on this server.
UnknownThe status of the message on the server cannot be
determined.
Generating mail usage reports
Over time, the Domino MailTracker Store database (MTSTORE.NSF)
accumulates valuable data about message routing patterns on the
server. It may be useful to generate mail usage reports from this
data. For example, you can generate reports of recent messaging
activity, message volume, individual usage levels, and heavily
traveled message routes. You can use the Reports database
(REPORTS.NSF) to generate and store mail usage reports. Typically,
the Reports database is created automatically when you set up the
server.
Mail usage reports provide important information that you can
use to resolve problems and improve the efficiency of the mail
network. In addition, this information is valuable when you plan
changes or expansions to the mail network. For example, you can
generate reports that show the 25 users who received the most mail
over a given period of time (a day, a week, a month, and so forth),
or the volume of mail sent by a specified user over some interval.
With this information, you can identify users who might be misusing
the mail system. Other reports show the most frequently used next
and previous hops, enabling you to assess compliance with mail use
policies. Agents stored in the Reports database let administrators
schedule reports on a one-time, daily, weekly, and monthly basis.
By default, Domino generates scheduled reports at midnight at the
interval you specify -- daily, weekly, or monthly. When a report
query is run, the active report agent examines the data collected
in the Domino MailTracker Store database to generate the resulting
report. You can configure a report to save results in the Reports
database or mail results to one or more administrators. Saved
reports are organized in the Reports database under several
different views. Reports that are mailed, but not saved, are not
added to the Reports database. You can use the Reports database to
analyze server mail usage. Views in the database display previously
saved reports according to date, schedule, report type, and user.
In addition, a view displays all scheduled reports by interval.
Mail routing event generators
To monitor a mail network, you can configure mail routing event
generators to test and gather statistics on mail routes. For
information on mail routing event generators, see the topic
Creating mail routing event generators2 How will you create
multiple mail.box in domino
Ans:-2. To create multiple MAIL.BOX databases
1.Make sure you already have a Configuration Settings document
for the server(s) to be configured.
2.From the Domino Administrator, click the Configuration tab,
and expand the Messaging section.
3.Click Configurations.
4.Select the Configuration Settings document for the mail server
or servers you want to administer, and click Edit
Configuration.
5.Click the Router/SMTP - Basics tab.
6.Complete this field and then click Save & Close:
FieldDescription
Number of mailboxesIndicates the number of mailboxes (MAIL.BOX
databases) on servers that uses this Configuration Settings
document. If this field is blank, one mailbox is used. Configure a
maximum of ten mailboxes.
7. Restart the server to put the new setting into effect.
3 How will you disable mails if mail quota is exceeded
Ans:-3. To stop the delivery of mail to mail files that are over
their quota is available.
To enable this 'Obey Database Quotas during Message Delivery'
feature in Domino 6.x, do the following:
1. Open the Domino Directory.2. Select Servers, Configurations,
Router/SMTP, Restrictions and Controls, Delivery Controls.3. Choose
the appropriate option for "Over quota enforcement".
4 Explain mail routing
Ans:-4. How Mail Routes in a Domino System
These steps describe how mail routes in a Domino mail
system.
1.Using a mail client, a user creates and addresses a mail
message to a recipient.
2.The user sends the message.
3.The user's mail client does one of the following:
Uses Notes protocols to deposit the message into the MAIL.BOX
database on the user's Domino mail server.
Uses SMTP to send the message to the user's Domino mail server,
which must be running the SMTP listener task. The SMTP listener
task deposits the message into MAIL.BOX (Lotus Notes, IMAP clients,
POP3 clients).
Uses HTTP to send the message to the user's Domino mail server,
which must be running the HTTP task. The HTTP task deposits the
message into MAIL.BOX (Web clients).
4.The Router finds the message in MAIL.BOX and determines where
to send the message for each recipient. The Router checks its
routing table to calculate the next "hop" for the message on the
path to its recipients and determines the appropriate protocol --
either SMTP or Notes routing -- to transfer the message.
Using SMTP routing, the Router connects to the destination
server -- the recipient's mail server, a relay host, a smart host,
or one of the servers in the recipient's Internet domain -- and
transfers the message.
Using Notes routing, the Router moves the message to the
MAIL.BOX database on the server that is the next hop in the path to
the recipient's mail server. The Router on that server transfers
the message to the next hop, until the message is deposited in the
MAIL.BOX database on the recipient's home server.
5.The Router on the recipient's server finds the message (in
MAIL.BOX on a Domino server) and delivers it to the recipient's
mail file.
6.Using a mail client, the user retrieves the message from the
mail file. Depending on the type of mail client, one of the
following protocols is used: Notes remote procedure calls, IMAP,
POP3, or HTTP.
6 What is NNN
Ans:-6. The Domino Server Setup program automatically places all
servers that are in a Domino domain and that run the same network
protocol in the same Notes named network (NNN). In the Server
document, the setup program assigns each NNN a default name in the
format portname network.
After you complete the Server Setup program, rename the NNN for
each network port in the Server document. It is useful if the name
reflects both the location of the network and its protocol. For
example, if your company has a TCP/IP network and has LANs in
Boston and San Francisco, change the name of the NNN in Boston to
"TCPIP Boston network," and change the name of the NNN in San
Francisco to "TCPIP SF network."
Caution Domino assumes that all servers in a NNN have a
continuous LAN or WAN connection. If this is not the case, serious
delays in mail routing between servers can occur. Be careful not to
include servers with only dialup connections in an NNN.
To change the name of a Notes named network
1. From the Domino Administrator, select the server you just set
up.
2. Click the Configuration tab.
3. Expand the Server section in the view pane.
4. Click Current Server Document.
5. Click Edit Server, and then click the Ports - Notes Network
Ports tab.
6. In the Notes Network field for each port, enter a new name
for the server's Notes named network. The name can include space
characters.
7. Click Save and Close. 7 How security works in domino
Ans:-7. The Domino security model is based on the premise of
protecting
resources, such as the Domino server itself, databases,
workstation data,
and documents. The resources, or objects, that are being
protected are set
up to define the rights of users to access and change the
object.
Information about access rights and privileges are stored with
each
protected resource. Thus, a given user or server may have
different sets
of access rights, depending on the resources to which that user
or server
requires access.
The following includes brief descriptions of the various
resources that
you need to protect in a Domino environment. Some of the topics
are not
specific to Domino security, but are included here in the
interest of
thoroughness.
Physical security
Physically securing servers and databases is equally as
important as
preventing unauthorized user and server access. It is the first
line of
defense against unauthorized or malicious users, by preventing
them
from having direct access to your Domino servers. Therefore,
we
strongly recommend that you locate all Domino servers in a
ventilated,
secure area, such as a locked room. If servers are not
physically secure,
unauthorized users might circumvent security features for
example,
ACL settings and access applications directly on the server, use
the
operating system to copy or delete files, or physically damage
the server
hardware itself.
Physical network security concerns should also include disaster
planning
and recovery.
Operating system security
Unauthorized or malicious users often take advantage of
operating
system vulnerabilities. As a system administrator, you should
safeguard
the operating system on which your Domino server runs. For
example,
you should limit administrator login/rights, disable FTP (on
NT), and
avoid the use of mapped directory links to file servers or
shared NAS
server for Domino servers. Stay informed about your operating
system of
choice, and keep current with security updates and patches.
Security
Network security
The goal for securing your network is to prevent unauthorized
users
from gaining access to servers, users, and data. Physical
network security
is beyond the scope of this book, but you must set it up before
you set up
Notes and Domino connection security. Physical network security
is
established through the use of devices such as filtering
routers,
firewalls, and proxy servers that enable network connections
for
various network services (such as LDAP, POP3, FTP, and STMP)
that
you want to provide for your users. Network connection security
access
is also controlled using these devices, as you can define what
connections
can be accessed, and who is authorized to used them.
Properly configured, these devices prevent unauthorized users
from:
Breaking through into the network and accessing the server via
the
operating system and its native services (such as file
sharing).
Impersonating an authorized Notes user
Eavesdropping on the network to collect data
Server security
The Domino server is the most critical resource to secure and is
the first
level of security that Domino enforces after a user or server
gains access
to the server on the network. You can specify which users and
servers
have access to the server and restrict activities on the server
for
example, you can restrict who can create new replicas and use
passthru
connections.
You can also restrict and define administrator access, by
delegating
access based on the administrator duties and tasks. For example,
you can
enable access to operating system commands through the server
console
for system administrators, and grant database access to
those
administrators who are responsible for maintaining Domino
databases.
If you set up servers for Internet/intranet access, you should
set up SSL
and name-and-password authentication to secure network data
transmitted over the network and to authenticate servers and
clients.
ID security
A Notes or Domino ID uniquely identifies a user or server.
Domino uses
the information contained in IDs to control the access that
users and
servers have to other servers and applications. One of the
responsibilities
of the administrator is to protect IDs and make sure that
unauthorized
users do not use them to gain access to the Domino
environment.
Some sites may require multiple administrators to enter
passwords before
gaining access to a certifier or server ID file. This prevents
one person
from controlling an ID. In such cases, each administrator should
ensure
each password is secure to prevent unauthorized access to the ID
file.
For more information, see the topic Notes and Domino ID
security
later in this chapter.
You can also secure Notes user IDs with Smartcards. Smartcards
reduce
the threat of user ID theft, as a user who has a Smartcard needs
their user
ID, their Smartcard, and their Smartcard PIN to access
Notes.
Application security
Once users and servers gain access to a Domino server, you can
use the
database access control list (ACL) to restrict access that
specific users and
servers have to individual Domino applications on the server.
In
addition, to provide data privacy, encrypt the database with an
ID so
unauthorized users cannot access a locally stored copy of the
database,
sign or encrypt mail messages users send and receive, and sign
the
database or template to protect workstations from formulas.
Application design element security
Although users may have access to an application, they may not
have
access to specific design elements in the application for
example,
forms, views, and folders. When designing a Domino application,
an
application developer can use access lists and special fields to
restrict
access to specific design elements.
Workstation data security
Notes users may keep and use important applications and
information
on their workstations. This information can be protected through
the use
of an execution control lists (ECL), which defines the access
that active
content from other users has to the user workstation.
8 How ECL worksAns:-8. You use an execution control list (ECL)
to set up workstation data security. An ECL protects user
workstations against active content from unknown or suspect
sources, and can be configured to limit the action of any active
content that does run on workstations. The ECL determines whether
the signer of the code is allowed to run the code on a given
workstation, and defines the access that the code has to various
workstation functions. For example, an ECL can prevent another
person's code from running on a computer and damaging or erasing
data. "Active content" includes anything that can be run on a user
workstation, including formulas; scripts; agents; design elements
in databases and templates; documents with stored forms, actions,
buttons, hot spots; as well as malicious code (such as viruses and
so-called "Trojan horses").
There are two kinds of ECLs: the Administration ECL, which
resides in the Domino Directory (NAMES.NSF), and the workstation
ECL, which is stored in the user's Personal Address Book
(NAMES.NSF). The Administration ECL is the template for all
workstation ECLs. The workstation ECL is created when the Notes
client is first installed. The Setup program copies the
administration ECL from the Domino Directory to the Notes client to
create the workstation ECL.
The workstation ECL
A workstation ECL lists the signatures of trusted authors of
active content. "Trust" implies that the signature comes from a
known and safe source. For example, every system and application
template shipped with Domino or Notes contains the signature Lotus
Notes Template Development. Likewise, every template and database
that your organization designs should contain the signature of
either the application developer or the administrator.
For each signature, the ECL contains settings that control the
actions that active content signed with that signature can perform
and the workstation system resources it can access.
For a description of ECL access options, see ECL security access
options.
How the workstation ECL works
When active content runs on a user workstation and attempts a
potentially harmful action -- for example, programmatically sending
mail -- the following occurs:
1. Notes verifies that the active content is signed and looks up
the signer of the code in the workstation ECL.
2. Notes checks the signer's ECL settings to determine whether
the action is allowed. 3. One of the following occurs:
a. If the signer of the code is listed in the workstation ECL
and the appropriate setting is enabled, the active content runs. b.
If the active content attempts an action that is not enabled for
the signer, or if the signer is not listed in the ECL, Notes
generates an Execution Security Alert (ESA), which specifies the
attempted action, the signer's name, and the ECL setting that is
not enabled.The ESA gives the user four options:
Do not execute the action -- to deny the signer access to
perform the specified action.
Execute the action this one time -- to allow the signer access
to perform the action only once. The ESA appears again if the same
action is attempted in the future. This option does not modify the
ECL.
Start trusting the signer to execute this action -- to allow the
action to be performed and modify the ECL configuration to add the
signature of the active content to the ECL. This grants permission
for the signer to execute the specific action any time on that
workstation. More Info -- to display a dialog box that provides
information about the design type, design name, Notes ID, signature
status, and parent database of the code that caused the ESA.
For example, locally scheduled agents, as well as manual agents,
can generate ESAs. Click "More Info" to get information about the
agent that generated the alert.Note The administration ECL has a
setting that prevents users from changing their workstation ECLs.
If this setting is enabled, then the user's option to trust the
signer is disabled.Creating a security policy settings document A
Security policy settings document controls the Administration ECL
as well as Notes and Internet passwords.
To create Security settings
1. Make sure that you have Editor access to the Domino Directory
and one of these roles:
PolicyCreator role to create a settings document
PolicyModifier role to modify a settings document2. From the
Domino Administrator, select the People & Groups tab, and then
open the Settings view. 3. Click "Add Settings," and then choose
Security.
4. On the Basics tab, complete these fields: FieldAction
NameEnter a name that identifies the users (and, if you are a
service provider, the hosted organization) that use these
settings.
DescriptionEnter a description of the settings.
5. On the Password Management tab, complete these fields:
FieldAction
Allow users to change Internet password over HTTPChoose one:
Yes (default) -- to allow users to use a Web browser to change
their Internet passwords. No
Synchronize Internet password with Notes passwordChoose one:
No (default)
Yes -- to allow users to use the same password to log in to both
Notes and the Internet.
Check Notes passwordChoose one:
No (default)
Yes -- to require a password for Notes authentication.
6. In the "Enforce password expiration" field, choose one:
Disabled (default) -- to disable password expiration.
Notes only -- to enable password expiration for only Notes
passwords. Internet only -- to enable password expiration for only
Internet passwords.
Notes and Internet -- to enable password expiration for both
Notes and Internet passwords.Note Internet password expiration
settings are recognized only by the HTTP protocol. This means that
Internet passwords can be used with other Internet protocols (such
as LDAP or POP3) indefinitely. Caution Do not enable password
expiration if users use Smartcards to log in to Domino servers. 7.
If you enabled password expiration, complete these fields.
Otherwise, go on to Step 9:
FieldAction
Required change intervalEnter the number of days a password can
be in effect before it must be changed.
Allowed grace periodEnter the number of days users have to
change an expired password before being locked out.
Password history (Notes only)Enter the number of expired
passwords to store. Storing passwords prevents users from reusing
old passwords.
8. Choose one of the following to specify Password Quality
Settings for IDs:
Required password quality -- and then choose the quality level
required when users create passwords.
Use length instead -- and then enter a number from 0 to 16 to
require that users create passwords of a specific length. 9. On the
Execution Control List tab, complete these fields:
FieldAction
Admin ECLThe default administration ECL is the default value for
this field. Choose one: Edit -- to edit the default administration
ECL. New -- to create a new administration ECL. Enter the name of
the new ECL and choose options in the Workstation Security:
Execution Control List dialog box. The name of the new ECL appears
in this field.
Update ModeChoose one:
Refresh -- to update workstation ECLs with changes made to the
Administration ECL. If a setting appears in both the administration
and workstation ECL, the administration ECL setting overrides the
workstation ECL setting.
Replace -- to overwrite the workstation ECL with the
Administration ECL. This option overwrites all workstation ECL
settings.
Update FrequencyChoose one:
Once Daily -- to update the workstation ECL when the client
authenticates with the home server and either it has been a day
since the last ECL update or the administration ECL has
changed.
When Admin ECL Changes -- to update the workstation ECL when the
client authenticates with the home server and the administration
ECL has changed since the last update.
Never -- to prevent the update of the workstation ECL during
authentication.
10. Save the document.
For more information on Notes and Internet passwords, see the
topics Setting up password verification and Name-and-password
authentication for Internet clients.
11 What is HTTPSAns:-11. HTTPS (Hypertext Transfer Protocol over
Secure Socket Layer, or HTTP over SSL) is a Web protocol developed
by Netscape and built into its browser that encrypts and decrypts
user page requests as well as the pages that are returned by the
Web server. HTTPS is the use of Netscape's Secure Socket Layer
(SSL) as a sublayer under its regular HTTP application
layering.
12.What is the extension of key ring file
13.What is the extension of password file
Ans:-12&13. Before you request a certificate from a CA, you
must create a key ring file to store the certificates. A key ring
file is a binary file that is password-protected and stored on the
server's hard drive. When you create a server key ring file (.KYR),
Domino generates an unsigned server certificate and automatically
includes several trusted root certificates. The unsigned server
certificate is not valid until it is signed by a certifier. Domino
also creates a stash file (.STH) using the same name as the key
ring file, but with the file extension .STH. Domino uses the stash
file to store the key ring file password for unattended access to
the server key ring file.
To create a server key ring file
1.Set up the Server Certificate Admin application.
2.From the Notes client, open the Server Certificate Admin
application on the server for which you want to enable SSL. 3.Click
"Create Key Ring."
4.Complete these fields:
FieldAction
Key Ring File NameEnter the key ring file name. The default is
KEYFILE.KYR. It's helpful to use the extension .KYR to keep key
ring file names consistent.
Note the server's key ring file name appears in any Internet
Site documents that you have configured, or, if Internet Site
documents are not being used, on the Ports - Internet Ports tab of
the Server document. If you specified a name other than the
default, you need to edit the name where it appears - in the
Internet Site documents or in the Server document.
Key Ring PasswordEnter the password for the key ring.
Key SizeSpecify the key size Domino uses when creating the
public and private key pairs. The larger the size, the stronger the
encryption.
Common nameEnter the server's TCP/IP fully-qualified domain name
-- for example, www.acme.com.
Set up the server certificate so that the common name matches
the host name since some browsers check for this match before
allowing a connection.
OrganizationEnter the name of the organization -- for example, a
company name, such as Acme.
Organizational Unit(Optional) Enter the name of certifier
division or department.
City or Locality(Optional) Enter the organization city or
locality.
State or ProvinceEnter the full name of the state or province in
which the certifier organization resides.
CountryEnter the two-character abbreviation of country in which
organization resides
5.Click "Create Key Ring."
6. After you read the information about the key ring file and
distinguished name, click OK. Notes creates the key ring file and
stash (.STH) file and places them in the Notes data directory on
the client machine used to create the key ring.
7.Copy the key ring file and stash (.STH) file to the Domino
data directory on the server.
Caution You must ensure that the key ring password in the stash
file is protected. The key ring file password is altered in the
stash file so that it cannot be recognized by a casual observer,
but it is not encrypted. You should not allow unauthorized persons
access to either the stash file or the key ring file. In the normal
course of operation, only the server itself should have access to
those files; however, administrators may also need permission to
remove or replace the files. As with all server resources, managing
proper file permissions and protections is vital to the security of
the system.
8. Request an SSL server certificate.
14.How encryption works in DominoAns:-14. Mail encryption
protects messages from unauthorized access. Only the body of a mail
message is encrypted; the header information -- for example, the
To, From, and Subject fields -- is not.
Notes users can encrypt mail sent to other Notes users or to
users of mail applications that support S/MIME -- for example,
Microsoft Outlook Express and Netscape Communicator. Users can use
Notes mail encryption to encrypt mail sent to other Notes users,
encrypt mail received from other Notes users, or encrypt all
documents saved in a mail database. Notes uses the recipient's
public key, which is stored in the sender's Personal Address Book
or in the Domino Directory, to encrypt outgoing and saved mail. In
general, mail sent to users in a foreign domain cannot be
encrypted. However, if the recipient of the mail uses Notes and the
sender has access to the recipient's public key, the sender can
encrypt the mail message. The recipient's public key can be stored
in the Domino Directory, in an LDAP directory to which the sender
has access, or in the sender's Personal Address Book. Notes users
can also use S/MIME to encrypt mail sent to recipients who use mail
applications that support S/MIME. Senders must have the recipient's
public key in order to encrypt the message for S/MIME. The
recipient's public key is stored in an Internet certificate in
either a Domino Directory or LDAP directory to which the sender has
access or in the sender's Personal Address Book. The sender must
also have a cross-certificate that indicates to Notes that the
recipient's public key can be trustedWhat are steps involved for
recertificationAns:-18. Before a user ID reaches its expiration
date, recertify the user ID using the original certifier ID. The
user ID is recertified without renaming the user.
Use the Certificate expiration view to determine which
certifiers need to be recertified. Access this view from Files -
Certlog.nsf - By Expiration date. All certifiers are listed by
expiration date.
Note To recertify a user ID using a certifier other than the
certifier used to create the user ID, see "Moving a user name in
the name hierarchy" in this chapter.
To recertify a user ID
Follow these steps to use the Administration Process to
recertify a hierarchical ID that is about to expire.
1.To recertify a user ID, you must have:
Author with Create documents access and the UserModifier role,
or Editor access to the Domino Directory
At least Author with Create documents access to the
Certification Log (CERTLOG.NSF)
2.From the Domino Administrator, click the People & Groups
tab.
3.Select the user to be recertified with the same certifier.
4.From the tools pane, select People - Recertify.
5.Complete these fields:
FieldAction
ServerDo one of these:
If you are using the Lotus Domino 6 server-based CA, choose the
server that is used to access the Domino Directory to look up the
list of certifiers.
If you are supplying a certifier ID, select the server that is
used to locate the list of certifiers so that the Certifier ID file
can be updated with the latest set of certificates for itself and
all of its ancestors. This is also the server on which CERTLOG.NSF
is updated.
Use the CA processChoose this option if you have configured the
Lotus Domino 6 server-based CA.
Select a CA configured certifier from the list and click OK.
Supply certifier ID and passwordChoose this option if you are
using a certifier ID and password.
Choose the certifier ID that certified the user's ID and click
Open. For example, to rename Joe Smith/Sales/NYC/ACME, use the
certifier ID named SALES.ID.
Click "Certifier ID" to select an ID other than the one
displayed.
Enter the password for the certifier ID and click OK.
6.Verify the certifying ID information and complete the
following fields:
FieldAction
New certificate expiration date(Optional) Specify a certifier ID
expiration date other than the default two years from the current
date.
Only renew certificates that will expire before(Optional) Enter
a date to recertify only a subset of selected user IDs, according
to their current expiration dates.
Edit or inspect each entry before submitting request(Optional)
Select the option to edit or inspect each entry before submitting
the request if you want to view each certificate before it is
renewed.
7. If you selected the option to view each entry prior to its
being submitted, the Recertify Person dialog box appears with
non-modifiable information in the primary and common name fields.
Review the information that displays, then select one of the
following:
OK - to submit the name change.
Skip - if you are recertifying more than one user ID and you
want to continue to the next without submitting a recertification
for the current name.
Cancel Remaining Entries - to cancel this recertification, as
well as those for any other names you selected and have not yet
submitted.
8.When the Processing Statistics dialog box appears, review the
information to verify that all name changes have succeeded. Click
OK. If any fail, check the Certifier Log (certlog.nsf) to determine
the reason for the failure.Ans:-20. Replication is the process of
synchronizing documents from the same databases on different
workstations or servers over time. Replication enables exchanging
modifications between special copies of databases called replicas
.
The following table describes the terms used for
replication.
Replication terms
TermDefinition
ReplicatorThe Replicator is a server task that is loaded, but
not initiated, at server startup. The replicator pulls data from,
or pushes data to, another server.
Replica IDThe unique number assigned to a database when it is
first created. Replicas of the same database share the same replica
ID. The Replicator looks for databases with the same replica ID to
synchronize.The replica ID is found on the tab in Database
Properties.
Replica ID
Note: A database copy does not share the same replica ID as the
original database. Only database replicas share the same replica
ID.
Unique Notes Identification Number (UNID)The unique number
assigned to a document when it is first saved. The Replicator looks
for documents with the same UNID to synchronize.The UNID is found
on the tab in Document Properties.
UNID
Replication HistoryA list of dates and times when two servers or
a server and workstation successfully replicated. The Replicator
uses Replication History to determine which documents are new,
changed, or deleted since the last time the two databases
replicated.
How does replication work?
In server-to-server replication, one or both server's replicator
task synchronizes the data. The diagram below shows how replication
works using a replication type called Pull-Pull where both servers
share the workload.
East01 initiates Pull-Pull replication with West01. In this
example, Pull-Pull is accomplished by configuring Pull Only
replication on both servers.
Server-to-server replication
The following table describes how information in databases is
kept updated on all servers during replication.
Server-to-server replication process
StageDescription
1The replicator compares its list of databases with the called
server's list of databases to determine which databases they have
in common.
2Working on one database at a time, the initiating server builds
a list of ACL, design, and document modifications that have
occurred since the last time these two servers replicated.
3The Replicator pulls (reads and writes) ACL and design and
document changes, based on permissions set in each server,
database, and document.
4Upon completion of replication with the first database, the
Replicator updates the replication history for that database and
moves on to the next database in common. It repeats Stages 2 and
3.
5When the initiating server has replicated all databases in
common with the called server, the Replicator will tag the called
server's replicator to repeat the same process in the other
direction.
Workstation-to-server replication works differently since the
workstation software does not have a Replicator. In
workstation-to-server replication, it is the workstation software
itself that reads changed documents from the database on the server
and writes those changes to the local replica. The workstation also
pushes its changed documents to the database on the server. The
server's Replicator is not involved in workstation-to-server
replication. As with server-to-server replication, the ACL, design,
and document changes are distributed based on server, database, and
document settings.Ans:-21. During configuration, Notes creates a
Connection document for your home server. Connection documents
reside in your Personal Address Book and store information Notes
needs to access a server, such as the server's full Domino name,
Internet address, or telephone number. One server may have multiple
Connection documents if you access it in multiple ways, for example
over the LAN at work and using a dialup modem from home
Ans:-22 & 23.YesAns:-24.Create Replica
Ans:-25. Following are several common reasons that replication
fails:
No changes have been made. Replication occurs only when there
are changes to replicate.
The database is not scheduled to replicate. See the topic on
scheduling replication.
Replication is temporarily disabled for the database you're
using. To enable replication, choose File - Replication - Settings,
click Other, and deselect "Temporarily disable replication."
The replica IDs of the two databases you want to replicate are
not the same. (Databases with different replica IDs cannot
replicate.) Examine the replica ID for each database and make sure
they match. If the replica IDs don't match, create a new replica
and then clear the replication history on any other replicas to
ensure that the next replication is a full replication. The access
control list on one of the replicas may have changed since the
replicas were created so that you no longer have the same access
level to both replicas. The destination server is out of hard disk
space.
You replicate at a Notes Direct Dialup or Network Dialup
location, and you see "Skipping replication due to previous call
failure" on the Replicator page. Check to see that your phone
connection has not been lost.Ans:-26. When Domino receives an
inbound SMTP message, it attempts to determine whether the message
is for a local recipient. When the Domino Directory does not
include a Global Domain document, Domino accepts only messages
addressed to users in the same Internet domain as the server, as
indicated in the Fully-qualified Internet host name that appears in
the Server document. But if the Domino Directory includes a Global
domain document, Domino can receive mail for multiple Internet
domains. To determine whether to accept a message, Domino compares
the domain part to the local primary Internet domain listed in the
Global domain document. If it does not find a match in this field,
it examines the secondary Internet domains -- the "alternate
Internet domain aliases" -- listed in that document.
The role of Global domain documents in determining whether to
accept inbound SMTP mail
If the Domino Directory contains multiple Global domain
documents, Domino uses a similar process to determine whether a
recipient is local: it first checks the primary Internet domain in
each Global Domain document, and then, if it still hasn't found a
match, it continues by checking the alternate Internet domains. If
the domain in the address does not match any of the domain entries
in any Global domain document, the message is considered an attempt
to relay, and Domino rejects the message.
Inbound address lookup when the Domino Directory contains
multiple Global Domain documents
After Domino accepts a message, the Router attempts to match the
recipient's Internet address to an entry in the Domino Directory.
When looking up the recipient in the Domino Directory, if the
domain suffix in the address matches an alternate Internet domain
aliases defined in a Global Domain document, and no Person document
includes this address, the Router performs a secondary lookup. In
this secondary lookup, the Router pairs the local part of the
address with the domain suffix of the primary Internet domain
specified in the Global domain document. For example, a server
receives a message for [email protected]. The Router
searches all of the Person documents in the Domino Directory for
this Internet address, but cannot find a match. However, in the
Domino Directory, there is a Global domain document that includes
the domain suffix acmewest.com as an alternate Internet domain
alias. In this same Global Domain document, the primary Internet
domain is acme.com. After the primary lookup fails, Domino performs
a secondary lookup, using the address [email protected]. Domino
performs secondary lookups only if the Router is configured to
perform fullname, or fullname, then local part lookups.
In cases where the Domino Directory contains multiple Global
domain documents, and a secondary lookup is required, when
replacing the domain suffix in the original address with the domain
suffix of the primary Internet domain, the Router only considers
Global domain documents that list the alternate Internet domain
alias. That is, Domino always replaces the domain suffix from
within a given document; it never replaces an alternate domain
listed in one document with a primary domain from another
document.
To prevent the Router from using domain aliases when looking up
addresses, do not include alternate Internet domain aliases in a
Global domain document. Instead, create multiple Global Domain
documents, each specifying a different primary Internet domain.
Controlling outbound addresses construction with multiple Global
domain documents When the Domino Directory contains a single Global
Domain document, the address construction rules in that document
determine how a server forms the sender's address in an outbound
SMTP message. However, if the Domino Directory contains multiple
Global Domain documents, when constructing the sender's address,
Domino uses the Internet domain specified in the Server document
and the address construction rules defined in the Global Domain
document listed last, alphabetically, in the directory. If you want
Domino to form the sender's outbound address from the primary
Internet domain and the address construction rules contained in a
particular Global domain document, designate that document as the
default Global Domain document.
Designating a default Global domain document When there are
multiple Global Domain documents in the Domino Directory, designate
one as the default so that when a servers construct a sender's
outbound Internet address, the addresses created are based on the
primary Internet domain and address construction rules specified in
the designated document.
1. From the Domino Administrator, click the Configuration tab
and then expand the Messaging section.
2. Choose Domains, and click Global Domain
3. Select the Global Domain document you want to designate as
the default and click Edit Domain.
4. On the Basics tab, complete following field, and then click
Save & Close:
FieldEnter
Use as default Global Domain (for use with all Internet
protocols except HTTP)Select Yes to designate this Global Domain
document as the default Global domain for this Domino
Directory.
Ans:-27. To set up a server to receive SMTP-routed messages, you
must enable the SMTP Listener. Then the server can "listen" for
SMTP traffic over the TCP/IP port (usually port 25) and receive
SMTP messages in the MAIL.BOX database(s). Enabling the SMTP
listener causes the server SMTP task to start up automatically
every time the server starts. Disabling the SMTP listener prevents
the SMTP task from starting up when the server starts. Note Do not
add SMTP as a task to the task list in the NOTES.INI file or this
feature will not work.
To enable or disable the SMTP Listener
1. From the Domino Administrator, click the Configuration tab
and then expand the Server section.
2. Select the Server document to be edited it and then click
Edit Server.
3. On the Basics tab, complete these fields:
FieldEnter
Fully qualified Internet host nameThe server's complete combined
host name and domain name, including the top-level domain. For
example, smtp.acme.com; smtp is the host name; acme is the
second-level domain; and .com is the top level domain. In the
absence of a Global Domain document, the Router uses the entry in
this field to determine the local Internet domain. Typically, the
fully qualified host name is added to the Server document during
server setup or by the Administration process (AdminP). A routing
loop can result if this field does not contain a valid entry.
SMTP listener taskChoose one:
Enabled to turn on the Listener so that the server can receive
messages routed via SMTP routing
Disabled (default) to prevent the server from receiving messages
routed via SMTP routing
4. Click the Ports - Internet Ports - Mail tab. 5. In the Mail
(SMTP Inbound) column, ensure that the TCP/IP port status is set to
Enabled, and then click Save and Close.
Refer to "Reconfiguring the SMTP port" for more information
about modifying the default SMTP port settings.Ans:-28.
Non-adjacent domains are Domino domains that are not directly
connected, but have an intermediary domain, adjacent to both of
them in common. For example, domain A and domain B are adjacent and
have Connection documents defining the route between them.
Similarly, domain B, in turn, is adjacent to domain C and mutual
Connection documents exist between them; and domains C and D are
likewise adjacent to each other and linked by Connection documents.
Domain B is thus adjacent to domain A on one side, and domain C on
the other; and domain C is adjacent to B and D, respectively. If no
direct connection exists between A and C, these two domains are
considered to be non-adjacent domains. Similarly if there is no
direct connection between B and D, these two domains are also
non-adjacent.
Because there is no direct connection between two non-adjacent
domains, you cannot define the routing path between them in a
Connection document. Connection documents can only be used between
two directly-connected, adjacent domains. However, users in
non-adjacent domains can send mail to each other by routing it
through the intermediary domain.
One way to do this is to use explicit addressing -- telling the
Router how to reach the destination domain through the intermediary
domain by placing the entire routing path in the address field. For
example, if Kathy Burke in domain A wants to send a message to
Robin Rutherford in the non-adjacent domain C, she addresses the
message by way of domain B, as follows:
Robin Rutherford@C@B
In processing the message, the Router on the domain A mail
server looks only at the last part of the address, and uses the
Connection document to determine the route to domain B. The domain
B server then uses the Connection document in its Domino Directory
to transfer the message to domain C.
Although the use of explicit addressing is an effective method
for directing mail to non-adjacent domains, because it relies on a
complete knowledge of the inter-domain routing topology, it's also
not a very practical solution. This information is not readily
available to a typical user. To simplify routing and addressing to
non-adjacent domains, you can create a Non-adjacent domain document
in the Domino Directory to define the path between the non-adjacent
domains.
Using a Non-adjacent domain document
Administrators can create a Non-adjacent domain document to
control message routing to a non-adjacent domain. A Non-adjacent
Domain documents serves three functions:
Specifies a routing path to the non-adjacent domain by supplying
next-hop domain information Restricts mail from other domains from
routing to the non-adjacent domain Defines the Calendar server used
to enable free time lookups between two non-adjacent domains.
Non-adjacent domain documents are only required to specify routing
restrictions to a non-adjacent domain. However, to simplify
addressing on messages destined for a non-adjacent domain, it's
useful to have a Non-adjacent domain document for that domain.
Without a Non-adjacent domain document in the Directory, the Router
has no defined routing path to the non-adjacent domain. The Router
can transfer a message to the non-adjacent domain if the recipient
address uses explicit path routing
(User@AdjacentDomain@NonAdjacentDomain), but cannot transfer a
message with a simple domain address (User@NonAdjacentDomain). When
explicit addressing is used the Router uses the Connection
documents between domains to calculate the path to the next-hop
domain.
But when a Non-adjacent domain document is available, the Router
obtains intermediary domain information from that document. This
eliminates the need for users sending mail to a non-adjacent domain
to use complex, explicit addressing. Thus, if domain A has a
Non-adjacent domain document for domain C, when Kathy Burke in
domain A sends mail to Robin Rutherford in domain C, she uses the
address Robin Rutherford@C (rather than Robin Rutherford@C@B).
Because the Router finds the intermediate domain information in the
Non-adjacent domain document, the message is transferred
successfully to domain C by way of domain B.
Using Non-Adjacent domain documents to restrict mail
Using Non-adjacent domain documents to simplify addressing makes
them valuable enough. But Non-adjacent domain documents play
another equally significant role. Although they are not strictly
required to enable routing between non-adjacent domains, they are
needed if you want to restrict routing of messages from certain
domains.
By default, any domains that can route mail to your domain can
also route mail to the destination domains named in a Non-adjacent
domain document. Mail routed from one domain to another through
your domain consumes your network resources. To prevent your
servers from being used to transfer mail between other domains, you
can selectively allow and deny mail routing through your
domain.
The Allow and Deny fields on the Restrictions tab of the
Non-adjacent domain document let you control the flow of messages
from other domains to the non-adjacent domain. Entries in these
fields must be the names of adjacent domains; the Router ignores
entries for non-adjacent domains beyond the previous hop. If you
deny a domain from sending mail through your domain, the Router
denies all mail received from that domain, including messages the
domain may have passed on from another, non-adjacent domain. The
"Deny mail from domains field" in a Non-adjacent domain document
does not block messages that use explicit domain addressing, that
is, addresses that explicitly name every domain on the routing
path. A Non-adjacent domain document can only block mail that
relies on information in the Non-adjacent domain document to supply
the name of a a missing intermediate domain. If the entire routing
path is contained in the recipient address, the Router doesn't need
to check the document to determine where to route the message, and
thus cannot block it. For example, if in the previous example, the
administrator in domain B creates a a Non-adjacent domain document
for domain D and adds domain A to the Deny mail from domains field.
Kathy Burke in domain A can still send mail to Judy Kaplan in
domain D by specifying the following explicit domain address: Judy
Kaplan@D@C@B. To prevent Kathy Burke from sending this message, the
administrator in Domain B would have to create an Adjacent domain
document for domain C that names domain A in the Deny mail from
domains field.
The settings in the Allow and Deny fields work in conjunction
with the Allow and Deny fields on the Router/SMTP - Restrictions
and Controls - Restrictions tab of the Configuration Settings
document. In the event of any conflict between settings, Domino
applies the most restrictive entry.
Messages may be further restricted by Adjacent Domain documents,
Non-adjacent Domain documents, and Configuration Settings documents
set up between domains along the routing path.
To create a Non-adjacent domain document1. From the Domino
Administrator, click the Configuration tab and then expand the
Messaging section.
2. Choose Domains.
3. Click Add Domain to create a new Domain document.
4. On the Basics tab, complete these fields:
FieldEnter
Domain typeChoose Non-adjacent domain
Mail sent to domainThe name of the non-adjacent Domino domain
you want to route mail to.
Route through domainThe name of the intermediary Domino domain
through which you want to route mail for the destination domain.
The current domain must have a Connection document to this
domain.
Also, the Domino Directory in the intermediary domain must have
a Connection document to the destination domain.
Domain descriptionAn optional description of the domain
5. Click the Restrictions tab, complete one or both of these
fields, and then save the document:
FieldEnter
Allow mail only from domainsEnter the names of Domino domains
adjacent to the current domain that are allowed to route mail to
this non-adjacent domain.
Leave this field blank to allow any domain to route mail through
the local domain to the non-adjacent domain.
Deny mail from domainsEnter the names of Domino domains adjacent
to the current domain that are not allowed to route mail to this
non-adjacent domain.
Leave this field blank to allow any domain to route mail through
the local domain to the non-adjacent domain.
Note You cannot use wildcards in the Restrictions fields. You
must enter explicit domain names.
6. Create a Connection document to specify how servers in the
current domain connect to the intermediary adjacent domain.
Note Since, by definition, all servers in a domain use the same
Domino Directory, only one Non-adjacent domain document is required
for each non-adjacent domain. You do not have to create a separate
document for each server.
Ans:-29. This process allows you to customize the type of
information you want to collect and store in the Mail Tracking
Store database (MTSTORE.NSF). For example, you can exclude certain
users' mail from being collected, or you can restrict messages from
being tracked by message subject.
1.Make sure you already have a Configuration Settings document
for the server(s) to be configured.
2.From the Domino Administrator, click the Configuration tab and
expand the Messaging section.
3.Click Configurations.
4.Select the Configuration Settings document for the mail server
or servers you want to administer, and click Edit
Configuration.
5.In the Configuration Settings document, click the Router/SMTP
- Message Tracking tab.
6.Complete these fields, and then click Save & Close:
FieldEnter
Message trackingChoose one:
Enabled to log message-handling activity information in the Mail
Tracking Store database.
Disabled (default) to not log any message-handling
information.
Don't track messages forThe names of users and/or groups whose
messages will not be logged and, therefore, cannot be tracked. This
field applies only to messages sent by the specified person or
group.
For example, to prevent administrators from tracking messages
sent by the Manager of Human Resources, enter the manager's name in
this field.
If you leave this field blank (default), authorized
administrators can track messages for all users and groups on all
servers that are enabled for mail tracking.
On servers running the ISpy task to test mail connectivity, this
task sends trace messages at 5-minute intervals. To prevent the
Domino MailTracker Store database from filling up with entries for
these trace messages, enter the name of the ISpy mail-in database
on the server in this field, for example, ISpy on MailHub1.
Log message subjectsChoose one:
Yes - The server records the subject of each message in the
MailTracker Store database.
No - (default) The server does not log message subjects.
Don't log subjects forThe names of users and/or groups whose
message subjects will not be logged and, therefore, cannot be
tracked. This field applies only to messages sent by the specified
person or group. The default is none.
Message tracking collection intervalA number that represents how
often, in minutes, you want to log message tracking activity in the
Mail Tracking Store database.
Note This number may affect server performance. Enter a number
appropriate to the size and speed of your system. The default 15
minutes is recommended.
Allowed to track messagesThe names of servers and/or users
allowed to track messages on this server.
If you leave this field blank (default), only members of the
LocalDomainServers group are authorized to track messages on this
server. If you add any entries to this field, you must list all
servers and/or users that are allowed to track messages on this
server.
Allowed to track subjectsThe names of servers and/or users
allowed to track messages by subject on this server.
If you leave this field blank (default), only members of the
LocalDomainServers group are authorized to track messages by
subject on this server. If you add any entries to this field, you
must list all servers and/or users allowed to track subjects on
this server.
Note If you list servers and/or users in this field, you do not
have to list them in the "Allowed to track messages" field.
If disk storage space is a concern, use database replication
settings to control how many days' worth of information the Mail
Tracking Store database retains. The number of days restricts how
far back in time messages can be tracked, so choose a value that
balances tracking needs and available disk storage. Ans:-30. A
passthru server is a Domino server that connects to other Domino
servers when a direct connection can not be made. For example, if
the server you are calling over a phone line does not have a modem,
the passthru server's modem can answer your call and connect to the
server.
A passthru server can:
Connect to multiple servers with a single phone call (if you use
a phone line and either a Notes Direct Dialup or Network Dialup
connection to access Notes from outside your organization)
Connect to servers behind a firewall at your organization (if
you use cable or DSL to access Notes from outside your
organization)
Connect to servers on your LAN that use a different network
protocol (for example, NETBIOS instead of TCP/IP) from your
computer, if the passthru server runs both protocols
Connect (hop) to other passthru servers as necessary until
reaching a target server
A hunt group is a bank of phone lines that you can access using
a single phone number. The phone lines that make up this hunt group
can be attached to several passthru servers. When you call a
server, the hunt group decides which phone line should take the
call, connects to a passthru server, and finally connects to your
intended destination server. Large organizations with many passthru
servers may use hunt groups to more efficiently balance the load on
servers.
For more information, ask your Domino administrator whether your
organization uses passthru or hunt group servers, and which
Connection documents you need to take advantage of them.
Tip If your organization has at least one passthru server,
specify it as your default server in your current Location
document. Create other passthru or Connection documents on the
advice of your administrator.
For information on replicating using a passthru server, see To
replicate with a selected server and To create a call entry.
To specify a default passthru server for the current
location
When Notes can't connect to a server directly, Notes tries to
use the default passthru server to connect.
1. From the menu, choose File - Mobile - Edit Current
Location.
2. Click the Servers tab.
3. In the "Passthru server" field, enter the name of a passthru
server.
4. Click "Save & Close."
To create a passthru server Connection document
automatically
1. Choose File - Mobile - Edit Current Location.
2. Near the top of the window, click the "Connection
Configuration Wizard" button.
3. Follow the steps in the wizard for a passthru server.
Tip You can also choose File - Preferences - Client
Reconfiguration Wizard to create a connection to a passthru server.
Before using the wizard, make sure you are using a location where
you want to use the server.
To create or edit a passthru server Connection document
manually
1. Ask your Domino administrator for the name of the passthru
server. 2. Choose File - Mobile - Server Phone Numbers.
3. Do one of the following:
To create a new Connection document, click the "New" button and
choose "Server Connection."
To edit an existing Connection document, select the server and
click the "Edit Connection" button.4. Click the Basics tab.
5. In the "Connection type" field, select "Passthru Server."
6. In the "Server name" field, enter the name of the destination
server to access. You can use an asterisk (*) as a wildcard to
represent all or part of a server name. For example, use */Acme to
connect to any server at Acme.
7. In the "Passthru server name or hunt group name" field, enter
the name of the passthru server.
8. (Optional) Click the Comments tab to add information for your
own reference.
9. (Optional) Click the Advanced tab to specify additional
settings such as a dedicated location for this connection, or login
scripts.
10. Click "Save and Close."
Ans:-31. Pull-Pull is a two-way process in which two servers
exchange updates. Using Pull-Pull, two replicators -- one on the
calling server and one on the answering server -- share the work of
replication.
Ans:-32. Compact B (In-place with file size reduction):- Uses
in-place compacting, recovers unused space and reduces file size,
unless there's a pending structural change in which case copy-style
compacting occurs. If you use transaction logging, do full database
backups after compacting completes.Compact C (Copy-style):- Uses
copy-style compacting. Use this option, for example, to solve
database corruption problems.
Ans:-34.Refer Answer:-4.
Ans:-35.SMTP Listener Task
Ans:-36&37. The Administration Process is a program that
automates many routine administrative tasks. For example, if you
delete a user, the Administration Process locates that user's name
in the Domino Directory and removes it, locates and removes the
user's name from ACLs, and makes any other necessary deletions for
that user. If you want to delete all replicas of a database, the
Administration Process finds the replicas on servers in the domain
and provides an interface for deleting them. The Administration
Process automates these tasks:
Name management tasks, such as rename person, rename group,
delete person, delete group, delete server name, recertify users,
and store Internet certificate.
Mail file management tasks, such as delete mail file and move
mail file.
Server document-management tasks, such as store CPU count, store
platform, and place network protocol information in Server
document.
Roaming user management, such as roaming user setup, move
roaming users to other servers, upgrade a nonroaming user to
roaming status, and downgrade roaming user to nonroaming
status.
User mail file management tasks, such as performing Access
Control List (ACL) changes and enabling agents. For example, the
"Out of Office" agent is enabled and disabled by Notes client
users. Person document management tasks, such as storing the user's
Notes version and client platform information.
Replica management tasks, such as create replica, move replica,
or delete all replicas of a database.Administration servers
Administration servers control how the Administration Process
does its work. You specify an administration server for the Domino
Directory and for specific databases. By default, the first Lotus
Domino server you set up in a domain is the administration server
for the Domino Directory. The administration server for the Domino
Directory maintains the Domino Directory's ACL, performs deletion
and name change operations in that Domino Directory, and these
changes are replicated to other servers in the domain. If you have
multiple directories in your domain -- not replicas of other
domain's directories, but more than one of your own -- you can
specify an administration server for each of the directories in
your domain. Do not specify an administration server in your domain
for a replica of another domain's Domino Directory.
All databases need an administration server to manage name
changes and deletions that apply to the database -- for example,
changes to the ACL, Readers and Authors fields, or Names fields. If
a database has replicas, you assign an administration server to
only one replica. Then the Administration Process makes all changes
to that replica, and replication for that database carries out the
changes in all other replicas.
You can also set up one or more extended administration servers
to distribute across multiple servers the processing of
administration requests that modify the Domino Directory. The
Administration Requests database
The Administration Requests database (ADMIN4.NSF) is created on
the administration server for the Domino Directory when that server
starts for the first time. Requests for work to be done by the
Administration Process are stored in the Administration Requests
database. The status of work done by the Administration Process is
also stored there as response Log documents to the requests, in the
form of Administration Request documents. To complete tasks, the
Administration Process posts and responds to requests in the
Administration Requests database. Domino servers use replicas of
this database to distribute requests made on one server to other
servers in the domain.
When other servers start, if the Administration Requests
database does not exist, the server creates a replica stub of the
Administration Requests database and waits for it to be initialized
from another server in the domain. Every server in the domain
stores a replica of the Administration Requests database and the
Domino Directory. The Administration Requests database also acts as
the interface to the Domino Certificate Authority requests. It is
the responsibility of the Registration Authority to monitor the
status of the Certification Authority (CA) Requests. The CA
requests can be removed from the view or resubmitted for processing
in the same manner as the Administration Process Requests. The
Certification Log
To use the Administration Process to perform name changes and
recertifications, the Certification Log (CERTLOG.NSF) must reside
on the server that stores the Domino Directory in which you will
initiate the name change or recertification. If the Certification
Log exists on another server, move the Certification Log to the
server containing the Domino Directory on which you are initiating
the name change or recertification. The Certification Log contains
a permanent record of how you register servers and users, including
information about the certifier ID. The Certification Log also
contains messages that describe the results of recertification
requests that the Administration Process is processing. Ans:-40.
Directory Assistance
Directory assistance is a feature a server can use to look up
information in a directory other than a local primary Domino
Directory (NAMES.NSF). You can configure directory assistance to
use a particular directory for any of these services:
Client authentication
Group lookups for database authorization
Notes mail addressing
LDAP service searches or referrals
You can set up directory assistance for a remote LDAP directory
or a Domino directory. A remote LDAP directory can be any remote
LDAP-compliant directory, either one on a foreign LDAP directory
server or one on a Domino server that runs the LDAP service.
A Domino directory is a directory created from the PUBNAMES.NTF
template and accessed via NAMELookup calls. Servers can use
directory assistance to do lookups in either local or remote
replicas of a Domino directory. A Domino directory configured for
directory assistance can be a secondary Domino Directory, an
Extended Directory Catalog, or a primary Domino Directory.
A secondary Domino Directory is any Domino Directory that is not
a server's primary Domino Directory. A secondary Domino Directory
can be a directory associated with another Domino domain. A
secondary Domino Directory can also be a Domino Directory created
manually from the PUBNAMES.NTF template that is not associated with
a Domino Domain, used, for example, to store and track Web user
information.
An Extended Directory Catalog contains documents aggregated from
multiple secondary Domino Directories. A server must use directory
assistance to look up information in an Extended Directory Catalog,
unless you integrate the Extended Directory Catalog directly into
the primary Domino Directory.
The primary Domino Directory is the directory a server searches
first that describes the Domino domain of the server. You can set
up directory assistance for a primary Domino Directory, usually to
specify which replicas of primary Domino Directories that servers
with Configuration Directories can use.Directory Catalogs
A directory catalog is an optional directory database that
typically contains information aggregated from multiple Domino
Directories. Clients and servers can use a directory catalog to
look up mail addresses and other information about the people,
groups, mail-in databases, and resources throughout an
organization, regardless of the number of Domino domains and Domino
Directories the organization uses. A directory catalog includes the
type of information that is important for directory services, and
excludes other types of information that are part of a Domino
Directory, for example Domino configuration information, such as
information in Connection documents.
You use a directory catalog in conjunction with, rather than
instead of, the primary Domino Directory and the Personal Address
Book. A server searches its primary Domino Directory, and a Notes
client searches its Personal Address Book, before searching a
directory catalog.
There are two types of directory catalogs: condensed Directory
Catalogs and Extended Directory Catalogs. Condensed Directory
Catalogs use a unique design based on the DIRCAT5.NTF template that
enables them to be extremely small. Condensed Directory Catalogs
are designed for use on Notes clients. A condensed Directory
Catalog on a Notes client is also known as a Mobile Directory
Catalog.
Extended Directory Catalogs use the same design as the Domino
Directory, which is based on the PUBNAMES.NTF. They are larger than
condensed Directory Catalogs, but are the recommended directory
catalog for server use because they allow faster and more flexible
directory lookups.
Servers can use a directory catalog for mail addressing, for
processing LDAP service operations, to look up client
authentication credentials, and to look up the members of groups in
database ACLs when authorizing users' database access.
Ans:-41.Calcon task is to view the free time information of a
particular user.Ans:-42&43.Refer Answer 40
Ans:-46. The Agent Manager ( Amgr) is an internal Domino task
responsible for the execution of various Domino agents. Although
agents are highly convenient, they are also very powerful and must
be tracked. Agent Manager debugging provides a more granular level
of auditing than Agent Manager logging does. By enabling Agent
Manager debugging, a more in-depth audit trail of Agent execution
will be recorded.
The Agent Manager debugging process will also report information
on database activity in some cases. This will include the creation
of new documents, the modification of existing documents, and new
mail delivery.
Rather than being reported to a database, Agent Manager
debugging information is reported to the console only by default.
Administrators have the option to report debugging information to a
text file by setting the "Debug_Outfile" console variable.
It is recommended that certain Agent Manager debugging options
be enabled. These options include:
'c': Debug control information.
'e': Agent Manager event information.
'l': Loading information.
'm': Memory manager information
's': Scheduling informationAns:-47. In addition to the
possibility that there are errors in the agent code, an agent may
fail to run properly because the agent has insufficient access or
because the agent is not set to run on the given server.
1.Insufficient access in the database ACL can prevent an agent
from running properly. For example, a user may design an agent that
copies selected documents from database A to database B. If the
user -- and by extension, the agent -- doesn't have Author access
in the ACL of database B, the agent runs, but it is not allowed to
copy the documents. To determine if this problem exists, examine
the Agent Log for access errors after the agent runs
unsuccessfully.
2.If an agent won't run on a particular server, check the Agent
Restrictions on the Security tab of the Server document. This
section contains the "Run personal agents," "Run restricted
LotusScript/Java agents," and "Run unrestricted LotusScript/Java
agents" fields that specify who has access to run agents on the
server. Although a user who has the appropriate access in the
database ACL may be able to create an agent on the server, without
the appropriate access in the Server document, the user can't run
the agent.
You should also check the Server Access section on the Security
tab of the Server document. This section contains the "Only allow
server access to users listed in this Directory," "Access server,"
and "Not access server" fields, which allow and deny access to the
server. Because an agent inherits the access privileges of the
person who creates it, the agent can't run on a server for which
its creator does not have access.
3.Scheduling conflicts may prevent an agent from running. In the
Server document, click the Server Tasks - Agent Manager tab and
check the "Daytime Parameters Start time/End time" and "Nighttime
Parameters Start time/End time" fields. Any time not specified in
these fields represents downtime; if a user creates a scheduled
agent and specifies that it run during the server's Agent Manager
downtime, the agent will not run. Compare these fields in the
Server document to the time the agent is scheduled to run. If a
conflict exists, change the Agent Manager schedule on the server,
or ask the user to reschedule the agent.
4.If a LotusScript or Java agent terminates before completing
its tasks, check the "Max LotusScript/Java execution time" fields
in the Server document. If a complex agent requires more time than
is scheduled, the Agent Manager terminates the agent before
completion.
Ask the user to reschedule the agent to run at night, when the
default maximum execution time is longer; or increase the value of
the "Max LotusScript/Java execution time" field in the Server
document, as needed. If neither of these solutions is practical,
ask the user to rewrite the agent as several smaller
agents.Ans:-48. Shows server status information including the
server name, data directory on the server, time elapsed since
server startup, transaction statistics, and the status of shared,
pending, and dead mail.Ans:-49.Show Server
Ans:-50. Replicate servername [databasename]
Description: Forces replication between two servers (the server
where you enter this command and the server you specify). Use the
server's full hierarchical name. If the server name is more than
one word, enclose the entire name in quotes. To force replication
of a particular database that the servers have in common, specify
the database name after the server name. The initiating server
(where you're currently working) first pulls changes from the other
server, and then gives the other server the opportunity to pull
changes from it. You can use this command to distribute changes
quickly or to troubleshoot a replication or communication
problem.
Ans:-51. Tell Router QuitAns:-52. Fixes suspected corrupt Domino
databases. These options can be combined as needed:
load fixup [database] -F
When fixup runs against multiple databases, by default it checks
only documents with the last modified date since its last run. This
parameter then forces the fixup task to check all documents in all
databases being checked.
load fixup [database] -i
Checks only new documents in the database since the last run of
fixup.
load fixup [database] -J
Runs fixup against databases that have transaction logging
enabled. If this parameter isn't used, fixup doesn't check these
databases.
load fixup -L
When used without specifying the database to check, logs every
database suspected of being corrupted. The default is to log only
when a database problem is found and needs to be corrected.
load fixup [database] -N
Changes the way that fixup operates when a corrupted document
within a database is encountered. When this parameter is specified,
any corrupted documents found are not deleted. A typical use of
this is to allow documents to be copied to another database before
fixup deletes them in an effort to retrieve documents from a
corrupted database.
load fixup [database] -Q
Instructs fixup to be less thorough in its checking for
corrupted documents in the database.
load fixup [database] -U
Changes unread document lists to the older R4 format. (Lotus
recommends that you do this only when requested by Lotus
Support.)
load fixup [database] -V
Specifies to not check views for corruption. Ans:-53. Maintains
changed views and full text indices as the data changes within the
Domino database.
load updall [database] -A
Performs an incremental update of an R4 site search
database.
load updall [database] -B
Performs a full update of an R4 site search database.
load updall database -C
Rebuilds the full text indexes and any unused views in the
database.
load updall [database] -F
Updates full text indexes but not views. load updall [database]
-H
Updates full text indexes that are configured to be updated
immediately.
load updall [database] -L
Updates full text indexes that are configured to be updated
immediately, hourly, or daily.
load updall [database] -M
Updates full text indexes that are configured to be updated
immediately or hourly.
load updall [database] -R
Rebuilds all full text indexes and all views in the
database.
load updall database -T view
Rebuilds the out-of-date view in the database.
load updall database -T view -R
Rebuilds the view in the database whether or not it is out of
date.
load updall [database] -V
Updates view but not full text indexes.
load updall [database] -X
Displays the number of user appointments and resource
reservations in the free time database.
Ans:-54. UPDATE is usually scheduled to run continuously on the
server, UPDALL will be scheduled to run overnight, and can also be
run on demand. The main differences between them are
UPDALL will refresh the full-test indexes on all databases,
UPDATE only refreshes those which are set to immediate or
hourly
UPDALL will purge deletion stubs
UPDALL can be run manually with options
UPDALL will delete unused view indexes
To run UPDALL (maybe to fix a corrupt index), enter the
command
LOAD UPDALL PATH OPTIONS from the server console. PATH is the
pathname to the database or databases you want refreshed. Options
include
-F only update full-text indexes
-V only update views
-X only rebuild views
-R rebuild both full-text indexes and view indexes. Use
carefully, it will use loads of resource
There are loads of other options, which restrict the actions
depending on database refresh settings.
Ans:-56. A Domino cluster is a group of two or more servers that
provides users with constant access to data, balances the workload
between servers, improves server performance, and maintains
performance when you increase the size of your enterprise. The
servers in a cluster contain replicas of databases that you want to
be readily available to users at all times. If a user tries to
access a database on a cluster server that is not available, Domino
opens a replica of that database on a different cluster server, if
a replica is available. Domino continuously synchronizes databases
so that whichever replica a user opens, the information is always
the same.
IBM Lotus Notes clients can access all Domino cluster servers.
HTTP clients (Internet browsers) can access only Domino Web servers
in a Domino cluster.
How do clusters help you?
The main benefits of clusters are:
High availability of important databases
When a hardware or software problem occurs, clustered servers
redirect database open requests to other servers in the cluster to
provide users with uninterrupted access to important databases.
This process is called failover. Clusters provide failover for
business-critical databases and servers, including passthru server
failover to other servers in the cluster. Failover also lets you
perform server maintenance, such as hardware and software upgrades,
with little negative effect on users.
Workload balancing
When users try to access databases on heavily used servers,
Domino can redirect the user requests to other cluster servers that
aren't as busy so that the workload is evenly distributed across
the cluster. Workload balancing of cluster servers helps your
system achieve optimum performance, which leads to faster data
access.
Scalability
As the number of users you support increases, you can easily add
servers to a cluster to keep server performance high. You can also
create multiple database replicas to maximize data availability,
and you can move users to other servers or clusters as you plan for
future growth. As your enterprise grows, you can distribute user
accounts across clusters and balance the additional workload to
optimize system performance within a cluster.
Data synchronization
A key to effective clustering is setting up replicas on two or
more cluster servers so that users have access to data when a
server is down or is being used heavily. Cluster replication
ensures that all changes, whether to databases or to the cluster
membership itself, are immediately passed to other databases or
servers in the cluster. Thus, databases are continuously
synchronized to provide high availability of information.
Analysis tools
Using the cluster analysis tools, as well as the log file, the
Monitoring Configuration and Monitoring Results databases, and the
server monitor, you can analyze cluster activity and make any
changes necessary to improve performance.
Ease of changing operating systems, hardware, or versions of
Domino
When you want to change your hardware, operating system, or
Domino release, you can mark the clustered server as RESTRICTED so
that requests to access a database on the server fail over to other
cluster servers that contain replicas. This lets you make changes
without interrupting the productivity of your users.
Data backup and disaster planning
You can set up a cluster server as a backup server to protect
crucial data. You can prevent users from accessing the server, but
cluster replication keeps the server updated at all times. You can
even do this over