When you face server error, there are not enough errors in the certificate table on your PC. Check out these troubleshooting ideas.
Thanks for answering the server error!
- Be sure to answer the question. Please provide details and share your research!
But avoid …
- Ask for help, clarify or answer other answers.
- Make statements based on opinions; Support them with links or personal experiences.
For more information, check out our tips for writing good answers.
What Does A Lotus Notes Certificate Contain?
- The name of the certifier who issued the certificate.
If The Public Key In The Notes Address Book (NAB) Does Not Match The Key In The Identity File, Processes Will Fail, Including Email Encryption, Renaming And Re-certification, Password Verification And Public Key Verification And Sent Requires AdminP Task. However, Recovering Lotus Notes IDs With A Public Key Inconsistency Is Easy If You Know These Four Steps.
To ruleLearn how to apply best practices and optimize your processes.
- Andy Pedisich
Release date: 26 Apr 2007
To be honest, these are not exactly four easy steps. These are really three easy steps and a rather tedious step. But public key mismatches in Lotus Notes and Domino are so important to fix that you still want to do all four of them, even if the latter is a little inconvenient.
General information about Lotus Notes public keys
Each Lotus Notes user ID file contains two very important security keys: a private key and a public key. These keys are mathematically related and unique to each user ID.
The public key is stored in your user ID and in the Domino Directory. Your private key is a closely guarded secret that is only stored in your identity file User’s name. These two security keys have the same mathematical origin, but differ slightly in content and function. Think of them as fraternal twins, not identical twins.
Private and public keys are used by Lotus Notes and Domino servers in various security situations, such as B. when authenticating with the server, when signing e-mail, or when signing, sending and receiving encrypted mail. When someone sends you an encrypted email, their Lotus Notes client reads your public key from the Notes Address Book (NAB) and uses it to encrypt the message. When you receive a message, your Lotus Notes client will use your private key to decrypt the message.
Sometimes, most often by mistake or by not following best practices, the public key of the Lotus Notes ID file is different from the key in the Notes address book.
If the public key in the address book does not exactly match the public key in your identity file, many Lotus Notes processes will work, for example: B. better email encryptionthrone mail.
But that’s not all. Rename and recertification fails, as does password and public key validation. Requests sent to the AdminP task are also aborted because the requester’s public key does not match the NAB key.
IBM Lotus has published many documents with instructions on how to copy the public key from an identifier to a personal document in the address book. But how can you take the initiative and find Notes users whose public keys do not match?
This is especially important if this is your first time implementing password or public key verification. You don’t want to enable these features just to find that you’ve accidentally blocked access to servers for several hundred users. It would be a very uncomfortable day.
How to troubleshoot Lotus Notes user IDs with public key inconsistencies
Luckily, if you know these four steps, the solution is easy:
- Know what to look for.
In Notes / Domino 5.x and 6.x, an event is logged when a user with an authentication incompatibilityis stored on the server. The error in the log and on the console looks like this in the following versions:
WARNING: Liam's public keyMichaels / Technotics found in catalognames.nsf on Mail01 / Servers / Technoticsdoes not match the one used duringAuthentication.
In ND7, server documents must be configured to log this event. You can find the setting under the Security tab.
Here is the ND7 version of the public key mismatch message:
Mark McGurk of Host / Technotics[10.200.100.163:1731] was not fatalThe Authentication Challenge: Your AudienceThe key was not found in the name or addressDelivered.
Now that you know what is displayed in the log, you can collect and analyze information to find out which users are having a problem.
- Create a database that stores all errors.
You don’t really need to log all your errors to the database. You can use historical analysis to find all occurrences. This works when you only have three or five servers.
However, if you have 20, 50, or 100 servers, deleting thesex incidents from logs are very slow and tiring. Notes / Domino administrators like us are usually too busy looking at every log of a Lotus Domino server in a large domain.
Instead, select your preferred server and create a database using the monitoring results template (statrep.ntf). Give the database a name and filename indicating what it contains, eg. B. Public Key Mismatch Repair Tool (pkstatrep.nsf).
- Set up an event handler to capture the logged event and place it in the database you created.
Open the monitoring configuration database (events4.nsf) on one of the Lotus Domino servers in your domain and create an event handler.
I want to select “all servers” in the discovery process. I also choose Any Event because we don’t care about the type of event. We will be interested in a specific text string that will appear in the server console and, therefore, in the log.
For R5 / 6, configure the “Events must contain this text in the message” option to include part of the error message onexample B. the following:
WARNING: public key
This screenshot shows the Event tab of the event handler for R5 / 6.
If you are using ND7 you can use this line instead:
public key not found
Finally, configure the action as “Connect to Database” and enter the filename of the created database and the server where it resides.
By default, the event handler is enabled.
Then sit back and let the collection unfold. As soon as possible, the database will fix the error and you will find out which key is not public.
- To solve the problem.
This is the tedious part. Follow the instructions at this link to the Lotus Knowledge Base article on fixing public keys in your address book. This is the R6.5 method, but other versions are very similar.
Unfortunately, I do not know of an automated way to solve this problem. If you have one and share it with me, I will in turn share it with the extended family of Notes / Domino administrators here at SearchDomino.com, and give you your credit. You can writeContact me on AndyP at Technotics dot com.
About the Author: Andy Pedisich is President of Technotics, Inc. He has worked with Lotus Notes and Domino since version 2. Technotics provides strategic advice and training on collaborative infrastructure projects to clients around the world. You can contact Technotics through www.technotics.com.
Do you have any comments on this tip? Let us know.
Tell others how helpful this tip is by using the rating scale below. Do you have a tip or piece of code for Lotus Notes, Domino, Workplace, or WebSphere? Submit it to our competition and you can win a prize
Learn more about Domino access, permissions and authentication for Lotus Notes
- Andy Pedisich
Release date: 26 Apr 2007