BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 06-11-2008, 11:29 AM   #1 (permalink)
New Member
 
Join Date: Jun 2008
Location: Rockville, MD
Model: 8320
PIN: N/A
Carrier: Tmobile
Posts: 6
Post Thanks: 0
Thanked 0 Times in 0 Posts
Cool BES and Domino on different Notes domains - problem

Please Login to Remove!

I apologize for the long story but I need to explain it properly and that is the reason why this post became a novel.

I have two Domino servers in different Notes domains. The server A is Domino 7.0.3 (the name is ServerA/Acme1) and the server B is 6.5.4. (the name is ServerB/Acme2). Both servers are on Win2003 standard.
The servers are cross-certified, the replication of NABs and mail routing between the domains is working without any problem.
The third Domino server (7.03 on Win2003R2) is server which name is Blackberry/Acme1 (in the same domain with the Server A) and it hosts BES ver. 4.1.5.33.
The Blackberry Manager I use for BES administration is ver. 4.1.5.26

The BES is working almost perfectly with the ServerA/Acme1.
(Later on, I will explain why I said almost perfectly)

Following the documentation, which says that BES 4.1 versions support Domino multi domain environment, I set the Blackberry/Acme1 and the ServerB/Acme2 to be cross-certified, I set ACLs on both sides and I have done all the things according to the administration guide.. and finally I have added the first user from the domain Acme2 to BES. The whole process passed smoothly and that user account still works perfectly.
A week later, I wanted to add another user from the domain Acme2 to the BES and then I faced the problem.

When I tried to add the user and when I tried to choose the ServerB/Acme2 (I actually typed the server name) I got the message:
"Unable to find path to server. To trace this connection, use File - Preferences - User preferences - Ports - Trace (Notes client) or Trace command (Domino server)"

I checked the Domino servers, both of them (Blackberry/Acme1 and ServerB/Acme2) were working OK, the connection documents were there, the replication between them was OK, trace command on both servers was OK ... and the user from the domain Acme2 who was previously added works fine.

I tried to make a simulation and to add the user from the ServerA/Acme1 (from the same Domino domain). I chose the server from drop-down list but I got the same error message:
"Unable to find path to server. To trace this connection, use File - Preferences - User preferences - Ports - Trace (Notes client) or Trace command (Domino server)"

Next, instead of to choose the ServerA/Acme1, I typed the IP address of the ServerA, the Blackberry Manager found the ServerA and I could pick the user from that server. After that, I could enter ServerA name and I could get the user list but just until I am in the same session with Blackberry Manager. If I close Blackberry Manager and open it again, I get the same message “Unable to find path to server…” Entering the IP address instead of the name “fixes” that problem.
That is the reason for why I said above, that the ServerA/Acme1 is working almost perfectly with Blackberry/Acme1.

When I tried to do the same with the ServerB/Acme2 (to type the IP address instead of the ServerB name) I got the message:
"Your Address Book does not contain any cross certificates capable of authenticating the server."

I checked all the things again on both Domino servers, recertified them, checked connection documents, restarted them several times, and nothing shows me that the problem is with the connection or cross-certification. The servers work OK, and they “see” each other. The trace command is working OK as well.
And interesting thing is that the user from domain Acme2, who was added at the first attempt (a week ago) runs without any problem… but I cannot add any user again from the domain Acme2.

The guys from local BES support could not find the solution so I decided to post this problem here.
Everyone with the idea how to fix this problem is very welcome!

Last edited by Mikle : 06-11-2008 at 12:00 PM. Reason: Mistake in the title
Offline  
Old 06-11-2008, 10:46 PM   #2 (permalink)
x14
BlackBerry Extraordinaire
 
Join Date: Jul 2005
Location: NYC
Model: 9800
OS: 6.0.0.546
Carrier: AT&T
Posts: 2,344
Post Thanks: 0
Thanked 17 Times in 16 Posts
Default

For ServerA/Acme1 you should be able to just use the Domino server name. Check your personal address book for connection doc. Also if at one point ServerA/Acme1 had another IP address the Lotus Notes client will have the old IP in cache.

As for accessing ServerB/Acme1 and getting the cross-certification error. You did not mention at what level did you cross-cert. If you only cross-cert the two server with each other you will get the cross-cert because your ID is accessing the other domain.
__________________
Exchange 2007/BES 5.0.2 MR2
Offline  
Old 06-12-2008, 06:10 AM   #3 (permalink)
Thumbs Must Hurt
 
kerry6's Avatar
 
Join Date: May 2005
Location: US
Model: 9860
Carrier: AT&T
Posts: 72
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

Make sure your Windows DNS entries for all servers list all domains.
Offline  
Old 06-12-2008, 06:27 AM   #4 (permalink)
Talking BlackBerry Encyclopedia
 
boma0021's Avatar
 
Join Date: Jan 2005
Location: LE
Model: Pearl
Carrier: T-Mobile
Posts: 202
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Have you ever tried to do a trace on the BES domino server console to both servers?
Have you installed a seperate Notes Client on the BES Server?
Offline  
Old 06-12-2008, 07:57 AM   #5 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

Why would he want to put a notes client on BES?

(Edit: maybe I misunderstood, and you're not actually recommending that as an action...)
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year

Last edited by Jadey : 06-12-2008 at 08:00 AM.
Offline  
Old 06-12-2008, 08:05 AM   #6 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

I agree with x14 here...

Check that none of your Domino servers have recently changed IP addresses
Check that the DNS records (if they exist) are correct
Let us know what IDs/levels you cross-certified

Also, it might be interesting to see whether the Domino Console throws anything into the mix that BlackBerry manager is not reporting.

On BlackBerry/Acme1 try issuing "repl ServerB/Acme2 names.nsf" (I am assuming from your original post that you are using a common domino directory across domains? If not, don't do this.)
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year
Offline  
Old 06-12-2008, 09:10 AM   #7 (permalink)
New Member
 
Join Date: Jun 2008
Location: Rockville, MD
Model: 8320
PIN: N/A
Carrier: Tmobile
Posts: 6
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks guys for the responses.
Let me pass through all the ideas and to give the answers:

1. The connection documents on both servers (Blackberry/Acme1 and ServerB/Acme2) are OK. The possibility of old IP address of one of them is zero because the servers have the same IP addresses forever. Anyway I cleared DNS cache on both servers but no change.

2. First, I cross-certified the servers at domain level and when I got the error regarding cross-certification, I recertified them but I have done it at both levels now - Domain and Server level.

3. Trace command works good on both servers and I can trace one from each other.

4. I installed notes client on the server which hosts Blackberry/Acme1 and can connect to ServerB/Acme2 from that server without problem.

5. Replication is working properly, it is set to push names.nsf from ServerB/Acme2 to Blackberry/Acme1 each 120 minutes. The replication log don't give any error, updates are there, and also when I force the replication using the console, everything is going through.. so the replication works.

6. Domino logs on both servers are not giving me any notifications or errors regarding the other one.

7. DNS records. I must check it with the DNS admin, but if all above is working, I doubt that DNS is making troubles.

9. Again, I must repeat, that the user from the server ServerB/Acme2, who was previously added, is still running fine on BES. I asked her today if there are any troubles with messages on her Blackberry and she confirmed that everything is OK. Also, log on BES is telling me the same.

Pretty weird situation....

Anyway, I will check the DNS today and will report of any change.
Offline  
Old 06-12-2008, 10:29 AM   #8 (permalink)
New Member
 
Join Date: Jun 2008
Location: Rockville, MD
Model: 8320
PIN: N/A
Carrier: Tmobile
Posts: 6
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

A short update..

I have checked with the DNS admin and we have done the following.
We added the ServerA/Acme1 and ServerB/Acme2 entries to Windows 2003 server's host file (the server which hosts the Blackberry/CIG and BES).
Now, when I try to choose the ServerA/Acme1 from the list, I do not get any error and the users are listed. But when I try to type down the ServerB/Acme2 name, I get the message:
"Your Address Book does not contain any cross certificates capable of authenticating the server."
But the servers are cross-certified and they are communicating each other ..

Obviously, BES doesnxxx8217;t figure out that the Domino servers are cross-certified.

Any ideas?
Offline  
Old 06-13-2008, 03:06 AM   #9 (permalink)
Talking BlackBerry Encyclopedia
 
boma0021's Avatar
 
Join Date: Jan 2005
Location: LE
Model: Pearl
Carrier: T-Mobile
Posts: 202
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

as Jadey already said my question with the notes client was not a recommendation.
it is from the domino point not recommended. you get various weired error messages.

here is the IBM statement to that: "Although IBM does not encourage running the server and client on the same machine, we do support it and there are cases where it makes sense (for example, an API program on the same machine running on top of a Notes client and data directory that is separate from the server install)."

the error message with the cross certification could be a problem with names of the client - would be my guess

i would say get rid of the notes client on the bes server...
Offline  
Old 06-13-2008, 04:30 AM   #10 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

Agreed boma0021.


And Mikle, have you tried restarting BES? You never know, sometimes in Domino-world a reboot fixes all.
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year
Offline  
Old 06-13-2008, 06:39 AM   #11 (permalink)
Talking BlackBerry Encyclopedia
 
boma0021's Avatar
 
Join Date: Jan 2005
Location: LE
Model: Pearl
Carrier: T-Mobile
Posts: 202
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Another problem could be the view in the names for the cross certificates. ($CrossCertByName) and ($CrossCertByRoot)

Run the following commands to update the two views:

Load Updall names.nsf -t "($crosscertbyroot)" -r
Load Updall names.nsf -t "($crosscertbyname)" -r
Offline  
Old 06-13-2008, 07:49 AM   #12 (permalink)
New Member
 
Join Date: Jun 2008
Location: Rockville, MD
Model: 8320
PIN: N/A
Carrier: Tmobile
Posts: 6
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

1. As for Lotus client, I have installed it at the server the same day I have posted this problem. I mean, the problem appeared before I installed Lotus client and I have done it in order to try if I am able to access ServerB/Acme2 from that machine. And everything was OK with that..

2. BES and Lotus have been restarted a lot of times since problem appeared. Every time I change something I restart both Domino and BES.

3. As for the hidden views $CrossCertByName and $CrossCertByRoot .. I indexed them on both servers. I am sorry, I did not mention it and a bunch of other things I tried in order to fix this weird problem but nothing helps.

Thanks for keep trying to help me guys!
Offline  
Old 06-13-2008, 09:43 AM   #13 (permalink)
Thumbs Must Hurt
 
Join Date: Feb 2005
Location: Canada
Model: 8830
Carrier: BELL
Posts: 65
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by boma0021 View Post
the error message with the cross certification could be a problem with names of the client - would be my guess
i would say get rid of the notes client on the bes server...
100% Agree!
Install notes on a separate pc and then install BES manager on top of it
Create connection doc for the 2 servers, access them, ccept the cross-certification
Then try to add users
__________________
7 Bes Servers on Domino
4000 Satisfied Users
Offline  
Old 06-13-2008, 04:07 PM   #14 (permalink)
New Member
 
Join Date: Jun 2008
Location: Rockville, MD
Model: 8320
PIN: N/A
Carrier: Tmobile
Posts: 6
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

That was the solution!

I installed the Blackberry manager on my computer which already had Notes client and everything works OK. I am able to add the user from the other domain! No single problem!
I cannot believe that BB Manager installed on the server made me such problems.

Thank you guys 100 times!
You are No 1!!!
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright © 2004-2014 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.