Notes/Domino/Traveler 11.0.1 available

As HCL announced during version 11.0.1 has been released today. And as promised we get:

  • HCL Client Application Access 3.0.1 with all G1 language packs
  • HCL Domino Server 11.0.1 with all G1 language packs
  • HCL Notes 11.0.1 ( Full and Basic Client ) in all G1 languages
  • HCL Traveler 11.0.1 for Windows, Linux and System i
  • New InstallShield Tuner Kits for Standard Clients
  • HCL NiceTool

An overview about the system requirements of V11.0.1 take a look at the following links:

HCL Domino 11.0.1

HCL Notes 11.0.1

HCL iNotes 11.0.1

HCL CAA 3.0.1

Also take a look of what´s new in 11.0.1 and in Sametime V11:

  • New command to run Domino Server Setup from Windows for IBM i
    • On IBM i, Flexera InstallAnywhere 2018 is the platform used for the Domino Server Setup wizard on a Windows computer. As a result, the command to run setup from a Windows computer on IBM i is now domwzd.bat. Previously it was domwzd.exe. In other respects, installation and setup on IBM i remain the same as in Domino 11.0.
  • Domino for Linux Docker container
    • HCL Domino 11.0.1 includes a Docker-compatible Red Hat Universal Base Image (UBI) of Domino that is part of your entitlement and available for download through the HCL Licensing Portal. HCL Domino 11.0.1 is pre-installed on this image, allowing you to deploy Domino servers as containers with just a few commands.
  • Auto Update (AUT) supports future HCAA upgrades
    • Domino 11.0.1 Auto Update (AUT) servers support future upgrades of HCL Client Application Access (HCAA) clients.
  • Configuration enhancements for DAOS tier 2 storage
    • Domino 11.0.1 introduces the following enhancements to DAOS tier 2 storage.
  • Support for Subject Alternative Name (SAN) field in X.509 certificates
  • Domino 11.0.1 now supports the use of X.509 certificates that contain a Subject Alternative Name (SAN) field. Certificates with a SAN field (extension) no longer require a Subject field containing a distinguished name for TLS connections.
    Domino Web server support for Server Name Indication (SNI)
  • Domino 11.0.1 Web servers now support the Server Name Indication (SNI) extension to the Transport Security Layer (TLS) protocol.
  • New Notes IDs must have 1024-bit or stronger RSA keys
    • When you register new Notes users, you must select at least a 1024-bit RSA key size for their Notes IDs.
  • Register multiple Active Directory users in Domino
    • When you use the Directory Sync feature, in Domino 11.0.1 you can now select multiple Active Directory users to register in Domino. Previously you needed to select and register each Active Directory user individually.
  • Configuring a custom image for the Notes Workspace background
    • Use the notes.ini setting Load_Workspace_image to deploy a custom image to display in your users’ Notes Workspace background.
  • Disabling SwiftFile
    • SwiftFile is integrated with HCL Notes starting in Notes 11.0.1. However, you can use the notes.ini setting DisableSwiftFile=1 to prevent your users from using it.
  • MarvelClient Essentials version 11.0.3
    • The version of MarvelClient Essentials from panagenda that comes with Notes and Domino has been updated. The installer is version 11.0.3 which contains template version 20200204 and binary version 11.0.6.
  • New Java Runtime Environment
    • The Java Runtime Environment (JRE) that comes with Domino 11.0.1 and Domino Designer 11.0.1 is updated from that provided in release 11.0.
  • Documentation updates article on the Support site
    • See the article Domino 11 documentation updates for any significant corrections or other updates to this documentation.

My download has already finished with the new Download Manager and is waiting to be installed 😉

Prevent upgrading the NAMES.NSF after Domino migration

First of all it´s not recommended to run a Domino Server with an older design on the Domino Directory but for some reasons it´s necessary.

To prevent the question to upgrade your Domino Directory after installing a new release you simply can put the following entry in the NOTES.INI of the server:



Which program/task is using port .. on Windows

Today I ran into the issue that the SMTP server of my beloved Domino server was not able to startup due to the following error message after a reboot of the Windows server:

06.03.2020 08:02:38 SMTP Server: Another application is already listening on port 25: 220 NOTES02 SMTP Server ready
06.03.2020 08:02:38 SMTP Server: Started
06.03.2020 08:02:38 SMTP Server: Listener failure, TCP/IP port number [25] is already in use on this system
06.03.2020 08:02:38 Suspending listen task for 20 seconds due to network errors

So what was causing the SMTP to startup ? To find out just enter the following command in a command prompt window:

netstat -aon | findstr 25

Then you will get all services listening to port *25*


With this information you just have to search for PID “8” in the Task Manager and either kill the task or end the service.


There´s also another way I received from Harald Reisinger:

With Powershell: Get-NetTCPConnection -LocalPort 25 | Select-Object -Property @{ Name=’Id’; Expression={$_.OwningProcess}} | Get-Process

Thanks to Harald for sharing this great information !

Installing Domino V11 on CentOS 8.1

If you plan to install Domino V11 on CentOS 8.1 you have to do some steps before because there are some requirements:

Install CentOS 8.1.x ( without any graphical interface – you won´t need it )

  • Install perl
    • To run the Domino console installation you need perl to run it
    • yum install perl
  • I don´t exactly know if the libXp library is also needed ( it was in the last releases ) but I installed it
    • yum install libXp

Afterwards I created the default user und group for the Domino Server:

  • sudo groupadd notes
  • sudo adduser notes
    • To add the user “notes” to the group
      • sudo usermod -g notes notes
  • Set up the notes user to use DOMINO_LINUX_SET_PARMS:
    • # vi /home/notes/.bashrc
    • Add to the end of the file: export DOMINO_LINUX_SET_PARMS=1
  • Update the Security/Limits File:
    • Edit /etc/security/limits.conf using root and add or modify the lines:
      • notes soft nofile 65535
      • notes hard nofile 65535
    • (Use 65535 for 64 bit Linux for both soft and hard limits, per HCL 2019/12.
  • Update SELINUX:
    • $ vi /etc/selinux/config
      Change to SELINUX=disabled and save.

Then you have to check if the firewall is active – you can do this with the following command:

  • firewall-cmd –state
  • If it´s running you can stop and disable it with
    • systemctl firewalld stop
    • systemctl disable firewalld
  • or you have to add the rules for running your Domino V11 server for the required ports
    • 1352
    • 80/443
    • 25
    • 389

Afterwards you just have to install your Domino V11 server, implement the perfect start/stop scripts of Daniel Nashed ( which are extremely well documentated ), configure your Domino server and run a great collaboration tool !!

Extracting Private Key from PFX file and generating a KYR file

Today I had to create a new certificate at customer site because of a Shitrix attack and had to extract the private key from the PFX file.

It´s quite easy running the following command:

openssl pkcs12 -in path:/myfile.pfx -nocerts -out path:/private-key.pem -nodes

Enter Import Password: password

With this command you extract the private key AND the certificate which you can use for creating the KYR file needed for your Domino environment. You can find your private key and the certificate in the file “path:/private-key.pem” and can copy the text between and encluding —BEGIN PRIVATE KEY— and —END CERTIFICATE—.


Domino V11 Compact Options

Today I saw a program document from a customer environment with different compact options and to be honest >> I haven’t seen some of them for a while ( -W, -X, -x ). Those options are not mentioned in the official documentation ( ) but you can get a complete list of the options when using the following command in your Server Console ( the following is from our Domino V11 server ):

lo compact -?

Please note the additional information after this listing !!!

-A Archive and delete documents without compacting.
-a Archive and delete documents, then compact database.
-B Recover space and reduce file size (inplace-style).
-b Recover space without reducing file size (inplace-style).
-C Copy-style compaction.
-D Discard view indexes (copy-style).
-daos on Enable ‘Use Domino Attachment and Object Service’ database
property. (Use with -C to move current objects into DAOS)
-daos off Disable ‘Use Domino Attachment and Object Service’ database
property. (Use with -C to move current objects out of DAOS)
-e No-execute: Show effective arguments only, since some arguments
affect others.
-F Enable ‘Document table bitmap optimization’ database property
-f Disable ‘Document table bitmap optimization’ database property
-g Copy-style compact the DB2 group associated with this database
or databases (for directories).  Recovers disk space in DB2.
-G Copy-style compact the DB2 group name passed in as a parameter.
Recovers disk space in DB2.
-H Enable ‘Don’t support specialized response hierarchy’ database
property (copy-style).
-h Disable ‘Don’t support specialized response hierarchy’ database
property (copy-style).
-i Ignore errors (for copy-style only).
-j Just Delete (must specify -a or -A to be valid).
-K Enable large UNK table (>64 KB).
-k Disable large UNK table (>64 KB).
-L Don’t lock users out during compaction (for copy-style only).
-M Set maximum database size to 4 GB.
-N Disable ‘Compress database design’ database property.
(Use -C with -N to uncompress current database design documents)
-n Enable ‘Compress database design’ database property.
(Use -C with -n to compress current database design documents)
-nifnsf on Enable ‘Move views out of database’ database
property. (Use with -C to move current views out of database)
-nifnsf off  Disable ‘Move views out of database’ database
property. (Use with -C to move current views into database)
-o Check for overlapping objects.
-p Convert to an NSFDB2 database.
-pirc on Enable ‘Purge Interval Replication Control’ on database.
-pirc off Disable ‘Purge Interval Replication Control’ on database.
-r Revert to previous ODS format (e.g. on an R8 system,
keep/convert back to R7 format).
-R Revert one ODS based on the current ODS of the database.
(e.g. Converts an R8 (ODS48) database to R7 (ODS43) format)
-S nnnK Compact database if unused space estimate >= nnn KB.
-S nnnM Compact database if unused space estimate >= nnn MB.
-S nn Compact database if unused space estimate >= nn percent.
-T Enable transaction logging.
-t Disable transaction logging.
-U Enable ‘Don’t maintain unread marks’ database property.
-u Disable ‘Don’t maintain unread marks’ database property.
-upgrade Upgrade databases created with older DB classes to the
most recent class.
-V Disable ‘Compress document data’ database property.
(Use -C with -V to uncompress current document data)
-v Enable ‘Compress document data’ database property.
(Use -C with -v to compress current document data)
-W nn Only compact databases which haven’t been compacted successfully
in last nn days. Ordered by last compact time.
-w Exclude system databases (e.g. log.nsf, names.nsf).
-X nn Limit each database compaction to no more than nn minutes.
(applies to in-place compaction only)
-x nn Limit total compaction time to no more than nn minutes.
-Y Recurse through subdirectories (default).
-y Do not recurse through subdirectories.
-ZU Enable ‘Use LZ1 compression for attachments’ database property.
(Use -C with -ZU to compress existing attachments using LZ1.)
-0 Process NSFDB2 databases only.  This will ignore NSF databases
and is to be used with other switches.
-* Include *.ntf and *.box when processing a directory
-# nn Execute up to nn compactions in parallel using different threads.
Up to a maximum of 20 Threads with a default of 1.
-ODS Perform a copy-style compact only if the current ODS is less than
desired default ODS.
-IDS_FULL What percentage full of IDs to create a new replica (optional).
-REN_WAIT Number of minutes to wait for rename (optional).
-RESTART Restart server if rename does not succeed and complete rename
on startup (optional).

I received an information from the HCL Grandmaster Daniel Nashed that

  • there are troubles with the option “-REPLICA” in Domino V10 and also in Domino V11. When using the option “lo compact db.nsf -REPLICA” some profile documents are removed and this bug is reproducable !! Therefore >> DON´T USE THIS OPTION !!!
  • Also don´t use the option “-ZU” at already DAOS enabled databases !!! > In earlier releases -ZU was ignored for DAOS enabled databases. Now it works but gets attachments out of DAOS into the NSF to recompress, which is increasing the physical database size and duplicates data. You should only use -ZU before you enable DAOS. And this needs to be a two step process.

HCL Launch Tokyo – my personal summary

Yesterday HCL presented the upcoming releases of

  • HCL Domino/Notes V11
  • HCL Sametime V11 and
  • HCL Connections 6.5
  • HCL Domino Volt
    • A brand new Low-Code Development Tool

and we had a great event here in Austria/Vienna with almost 70 “Yellow Bleeders” !!

It was a great announcement from Richard Jefts, Andrew Manby, Danielle Baptiste and Francois Nasser !! A lot of long requested features are included in the newest releases. Take some time and check the videos available on YouTube:

HCL Live from Tokyo


Introducing HCL Domino Volt


HCL Domino V11 – what´s new


HCL Sametime V11 – what´s new


HCL Connections 6.5 already is available for download.

HCL Domino/Notes V11, HCL Sametime V11, HCL Traveler V11 have been announced for December 20th – a perfect Christmas Present from the great HCL Dev Team !! Thanks a lot for your great work in the last months.