Lotus Nut

 This is definitely an age-old recommendation, but it is something that most customers have problems with. OS-level Antivirus. IBM has finally published a technote (1417504) Recommendations for exclusions when running Operation (sic) System Antivirus. This will definitely be handy to be able to show a customer direct instructions from IBM and not "just" recommendations from a third party (who sees this all the time). Also, you need to disable any specific Lotus Notes scanning on your desktop AV software if it's enabled.

First of all, not setting the exclusions will cause performance issues as the AV software has to scan/check the database/application prior to letting Domino use it. Your disk I/O will be abysmal. Trust me. Secondly, it can cause other random problems (see below) or database corruption.

If you are running a Domino server that also has AV for the OS, you need to get this technote to your Security Administrators and make sure they enable these exclusions! And also, don't just get *.nsf excluded. This technote is very timely because I just had a customer today with some exclusions in place who didn't just have the entire data directory excluded. When a 16GB mail db was going through a copy-style compact, the *.tmp file that was created for the compact couldn't get renamed back to the proper *.nsf file because the AV software had a lock on the tmp file. I just searched for this while writing this blog post (so that you could see how compact -c works in general) and there is also a technote from IBM (1102756) on a similar scenario when running AV software for Domino.

In a nutshell, if you are running OS-level AV on your Domino servers, you need to exclude the following from being scanned:

• Domino Data directory
• View rebuild directory
• Transaction Log directory
• DAOS directory
• Directory links
  

One of the nice tricks with the Domino Administrator Client Files tab is the ability to update ACL's and properties for all databases in a folder and sub-folders. To do this, just right-click the folder and choose from the list of available options. Such as Access Control > Manage:
 
At which point you will receive this window where you can see that all 87 databases are selected and you can Add, Modify, or Remove entries from the ACL of all databases (applications). Note, if you're Adding entries you may have to go back in a second time and also Modify that entry in case the entry previously was listed with a different level of access.


This can also work for Advanced Properties for databases. The trick to this window is that if you choose something in the "Select" column and leave the "Enable or disable" option blank, then it will set that property to OFF for all of the databases. If you check the option to enable, then it will turn it ON. Remember this and don't assume that if you just select it that it will enable it. If you don't select an option, it will not be touched. Note the properties I'm selecting below and that many of them can also be done via the Compact task. But this is a nice UI way to do this.


Also note that any of the options in the right-click list that are not greyed-out are available for this - such as compact, quotas, etc...

And completely unrelated, but if you're a Star Wars geek, try to telnet to towel.blinkenlights.nl...

Earlier today I was renewing the SSL certificate for BleedYellow's IHS server. But I ran into a slight issue in that the IBM SSL Key Management utility (ikeyman) was only giving me the choice of 512 or 1024 bit key length. But now, 2 years later (wow, time flies!), GoDaddy requires 2048 or 4096 bit requests and does not accept a 1024 bit request. This is good to know, for sure! After a quick use of my google-fu, I was able to find this technote and after installing the Java SDK 1.5 SR6 Cumulative Fix for WebSphere Application Server I was immediately able to create the 2048 bit request. Happy SSL'ing!