BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   BES and Domino od different Notes domain - problem (http://www.blackberryforums.com/bes-admin-corner/134582-bes-domino-od-different-notes-domain-problem.html)

Mikle 06-11-2008 10:29 AM

BES and Domino on different Notes domains - problem
 
I apologize for the long story but I need to explain it properly and that is the reason why this post became a novel.

I have two Domino servers in different Notes domains. The server A is Domino 7.0.3 (the name is ServerA/Acme1) and the server B is 6.5.4. (the name is ServerB/Acme2). Both servers are on Win2003 standard.
The servers are cross-certified, the replication of NABs and mail routing between the domains is working without any problem.
The third Domino server (7.03 on Win2003R2) is server which name is Blackberry/Acme1 (in the same domain with the Server A) and it hosts BES ver. 4.1.5.33.
The Blackberry Manager I use for BES administration is ver. 4.1.5.26

The BES is working almost perfectly with the ServerA/Acme1.
(Later on, I will explain why I said almost perfectly)

Following the documentation, which says that BES 4.1 versions support Domino multi domain environment, I set the Blackberry/Acme1 and the ServerB/Acme2 to be cross-certified, I set ACLs on both sides and I have done all the things according to the administration guide.. and finally I have added the first user from the domain Acme2 to BES. The whole process passed smoothly and that user account still works perfectly.
A week later, I wanted to add another user from the domain Acme2 to the BES and then I faced the problem.

When I tried to add the user and when I tried to choose the ServerB/Acme2 (I actually typed the server name) I got the message:
"Unable to find path to server. To trace this connection, use File - Preferences - User preferences - Ports - Trace (Notes client) or Trace command (Domino server)"

I checked the Domino servers, both of them (Blackberry/Acme1 and ServerB/Acme2) were working OK, the connection documents were there, the replication between them was OK, trace command on both servers was OK ... and the user from the domain Acme2 who was previously added works fine.

I tried to make a simulation and to add the user from the ServerA/Acme1 (from the same Domino domain). I chose the server from drop-down list but I got the same error message:
"Unable to find path to server. To trace this connection, use File - Preferences - User preferences - Ports - Trace (Notes client) or Trace command (Domino server)"

Next, instead of to choose the ServerA/Acme1, I typed the IP address of the ServerA, the Blackberry Manager found the ServerA and I could pick the user from that server. After that, I could enter ServerA name and I could get the user list but just until I am in the same session with Blackberry Manager. If I close Blackberry Manager and open it again, I get the same message “Unable to find path to server…” Entering the IP address instead of the name “fixes” that problem.
That is the reason for why I said above, that the ServerA/Acme1 is working almost perfectly with Blackberry/Acme1.

When I tried to do the same with the ServerB/Acme2 (to type the IP address instead of the ServerB name) I got the message:
"Your Address Book does not contain any cross certificates capable of authenticating the server."

I checked all the things again on both Domino servers, recertified them, checked connection documents, restarted them several times, and nothing shows me that the problem is with the connection or cross-certification. The servers work OK, and they “see” each other. The trace command is working OK as well.
And interesting thing is that the user from domain Acme2, who was added at the first attempt (a week ago) runs without any problem… but I cannot add any user again from the domain Acme2.

The guys from local BES support could not find the solution so I decided to post this problem here.
Everyone with the idea how to fix this problem is very welcome!

x14 06-11-2008 09:46 PM

For ServerA/Acme1 you should be able to just use the Domino server name. Check your personal address book for connection doc. Also if at one point ServerA/Acme1 had another IP address the Lotus Notes client will have the old IP in cache.

As for accessing ServerB/Acme1 and getting the cross-certification error. You did not mention at what level did you cross-cert. If you only cross-cert the two server with each other you will get the cross-cert because your ID is accessing the other domain.

kerry6 06-12-2008 05:10 AM

Make sure your Windows DNS entries for all servers list all domains.

boma0021 06-12-2008 05:27 AM

Have you ever tried to do a trace on the BES domino server console to both servers?
Have you installed a seperate Notes Client on the BES Server?

Jadey 06-12-2008 06:57 AM

Why would he want to put a notes client on BES?

(Edit: maybe I misunderstood, and you're not actually recommending that as an action...)

Jadey 06-12-2008 07:05 AM

I agree with x14 here...

Check that none of your Domino servers have recently changed IP addresses
Check that the DNS records (if they exist) are correct
Let us know what IDs/levels you cross-certified

Also, it might be interesting to see whether the Domino Console throws anything into the mix that BlackBerry manager is not reporting.

On BlackBerry/Acme1 try issuing "repl ServerB/Acme2 names.nsf" (I am assuming from your original post that you are using a common domino directory across domains? If not, don't do this.)

Mikle 06-12-2008 08:10 AM

Thanks guys for the responses.
Let me pass through all the ideas and to give the answers:

1. The connection documents on both servers (Blackberry/Acme1 and ServerB/Acme2) are OK. The possibility of old IP address of one of them is zero because the servers have the same IP addresses forever. Anyway I cleared DNS cache on both servers but no change.

2. First, I cross-certified the servers at domain level and when I got the error regarding cross-certification, I recertified them but I have done it at both levels now - Domain and Server level.

3. Trace command works good on both servers and I can trace one from each other.

4. I installed notes client on the server which hosts Blackberry/Acme1 and can connect to ServerB/Acme2 from that server without problem.

5. Replication is working properly, it is set to push names.nsf from ServerB/Acme2 to Blackberry/Acme1 each 120 minutes. The replication log don't give any error, updates are there, and also when I force the replication using the console, everything is going through.. so the replication works.

6. Domino logs on both servers are not giving me any notifications or errors regarding the other one.

7. DNS records. I must check it with the DNS admin, but if all above is working, I doubt that DNS is making troubles.

9. Again, I must repeat, that the user from the server ServerB/Acme2, who was previously added, is still running fine on BES. I asked her today if there are any troubles with messages on her Blackberry and she confirmed that everything is OK. Also, log on BES is telling me the same.

Pretty weird situation....

Anyway, I will check the DNS today and will report of any change.

Mikle 06-12-2008 09:29 AM

A short update..

I have checked with the DNS admin and we have done the following.
We added the ServerA/Acme1 and ServerB/Acme2 entries to Windows 2003 server's host file (the server which hosts the Blackberry/CIG and BES).
Now, when I try to choose the ServerA/Acme1 from the list, I do not get any error and the users are listed. But when I try to type down the ServerB/Acme2 name, I get the message:
"Your Address Book does not contain any cross certificates capable of authenticating the server."
But the servers are cross-certified and they are communicating each other ..

Obviously, BES doesnxxx8217;t figure out that the Domino servers are cross-certified.

Any ideas?

boma0021 06-13-2008 02:06 AM

as Jadey already said my question with the notes client was not a recommendation.
it is from the domino point not recommended. you get various weired error messages.

here is the IBM statement to that: "Although IBM does not encourage running the server and client on the same machine, we do support it and there are cases where it makes sense (for example, an API program on the same machine running on top of a Notes client and data directory that is separate from the server install)."

the error message with the cross certification could be a problem with names of the client - would be my guess

i would say get rid of the notes client on the bes server...

Jadey 06-13-2008 03:30 AM

Agreed boma0021.


And Mikle, have you tried restarting BES? You never know, sometimes in Domino-world a reboot fixes all.

boma0021 06-13-2008 05:39 AM

Another problem could be the view in the names for the cross certificates. ($CrossCertByName) and ($CrossCertByRoot)

Run the following commands to update the two views:

Load Updall names.nsf -t "($crosscertbyroot)" -r
Load Updall names.nsf -t "($crosscertbyname)" -r

Mikle 06-13-2008 06:49 AM

1. As for Lotus client, I have installed it at the server the same day I have posted this problem. I mean, the problem appeared before I installed Lotus client and I have done it in order to try if I am able to access ServerB/Acme2 from that machine. And everything was OK with that..

2. BES and Lotus have been restarted a lot of times since problem appeared. Every time I change something I restart both Domino and BES.

3. As for the hidden views $CrossCertByName and $CrossCertByRoot .. I indexed them on both servers. I am sorry, I did not mention it and a bunch of other things I tried in order to fix this weird problem but nothing helps.

Thanks for keep trying to help me guys!

MikeB 06-13-2008 08:43 AM

Quote:

Originally Posted by boma0021 (Post 969298)
the error message with the cross certification could be a problem with names of the client - would be my guess
i would say get rid of the notes client on the bes server...

100% Agree!
Install notes on a separate pc and then install BES manager on top of it
Create connection doc for the 2 servers, access them, ccept the cross-certification
Then try to add users

Mikle 06-13-2008 03:07 PM

That was the solution! :)

I installed the Blackberry manager on my computer which already had Notes client and everything works OK. I am able to add the user from the other domain! No single problem!
I cannot believe that BB Manager installed on the server made me such problems.

Thank you guys 100 times!
You are No 1!!!


All times are GMT -5. The time now is 10:20 PM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.