03-19-2013 12:42 PM
Hi All, we have newly setup environment of Ev 10SP1 and Lotus Domino 8.5.2. And we are able to archive emails from users mailfile.
The only problem is that, when user clicks on search from lotus notes client more menu, it asks for account credentials but does not accept any users password.
Invalide credentials is the error message pops up. I restarted domino http task but it did not change anything.
I dont see any event logged on gateway server, and http task is running there as well.
Any logs should I be looking for?
Solved! Go to Solution.
03-20-2013 12:35 AM
Also check if SSO has been configured correctly...
How to configure Domino to use Single Sign-On for the Enterprise Vault browser-based archive search
To enable authentication for the archive search feature, you need to set up Single Sign-On on the Enterprise Vault Domino Gateway.
The following procedure assumes that you are not using Internet Sites documents. If you are, then use the procedure outlined in the Lotus Domino documentation.
For more detail on how to configure Single Sign-On using Web Configuration, see the following IBM article: http://www-1.ibm.com/support/docview.wss?rs=2272&context=SSTJRP&dc=DA400&uid=swg27002760&loc=en_US&c...
To configure Single Sign-On:
1. In the Domino Administrator client go to Configuration tab and select Server > All Server Documents view. Select (but do not open) the server document for the Enterprise Vault Domino Gateway.
2. Click Web and select Create Web SSO Configuration from the drop down box.
3. While the server document for the Enterprise Vault Domino Gateway is selected, click Edit server.
Confirm SSO is configured properly
To confirm that SSO is configured correctly, check that the user can log in to names.nsf on the Enterprise vault Domino Gateway using a web browser by using the following URL:
http://<EVDG>:port/names.nsf, for example
http://deserver1.evtraining.local:8080/names.nsf
Web browser search available at the following URL:http://<EnterpriseVaultServer>/enterprisevaultdomino
Note: You must specify the FQDN of the server in the URL because the LTPA token is tied to the particular DNS domain.
The GetUser agent is used to lookup the full canonical name of the user and should return it as an XML page. To run the agent type the following URL into a browser:
http://<EVDG>:8080/ev/evdomino.nsf/getuser?openagent for example
http://deserver1.evtraining.local:8080/ev/evdomino.nsf/getuser?openagent
03-19-2013 10:43 PM
Firslty Make sure you have added EVServer name too Intranet Zone in you browser. You need to add FQDN, as well as the allias.
03-20-2013 12:15 AM
Additionally, check and confirm if the password you use is "Internet Password"
I hope , this can be different password than normal notes client id password. Try resetting the internet password for test user and check if you can login to search. If you are using Domino web access then its the same password you use while logging in to web access.
I hope this helps..
03-20-2013 12:35 AM
Also check if SSO has been configured correctly...
How to configure Domino to use Single Sign-On for the Enterprise Vault browser-based archive search
To enable authentication for the archive search feature, you need to set up Single Sign-On on the Enterprise Vault Domino Gateway.
The following procedure assumes that you are not using Internet Sites documents. If you are, then use the procedure outlined in the Lotus Domino documentation.
For more detail on how to configure Single Sign-On using Web Configuration, see the following IBM article: http://www-1.ibm.com/support/docview.wss?rs=2272&context=SSTJRP&dc=DA400&uid=swg27002760&loc=en_US&c...
To configure Single Sign-On:
1. In the Domino Administrator client go to Configuration tab and select Server > All Server Documents view. Select (but do not open) the server document for the Enterprise Vault Domino Gateway.
2. Click Web and select Create Web SSO Configuration from the drop down box.
3. While the server document for the Enterprise Vault Domino Gateway is selected, click Edit server.
Confirm SSO is configured properly
To confirm that SSO is configured correctly, check that the user can log in to names.nsf on the Enterprise vault Domino Gateway using a web browser by using the following URL:
http://<EVDG>:port/names.nsf, for example
http://deserver1.evtraining.local:8080/names.nsf
Web browser search available at the following URL:http://<EnterpriseVaultServer>/enterprisevaultdomino
Note: You must specify the FQDN of the server in the URL because the LTPA token is tied to the particular DNS domain.
The GetUser agent is used to lookup the full canonical name of the user and should return it as an XML page. To run the agent type the following URL into a browser:
http://<EVDG>:8080/ev/evdomino.nsf/getuser?openagent for example
http://deserver1.evtraining.local:8080/ev/evdomino.nsf/getuser?openagent
03-20-2013 02:13 AM
As per Advisor's suggestions, your problem will inevitably be a configuration issue, either using the wrong password, incorrectly configured Domino SSO on the EVDG server and / or an incompatibile URL (the URL needs to be fully qualified with the DNS domain as your SSO config)
So, you do need to first confirm that you can login to http://<FQDNofEVDG>:port/names.nsf to ensure that you have all of your SSO config on the Domino side correct before starting to worry about the EV side of things
If you cannot achieve that login, then all bets are off as far as EV search working and a useful thing to do to troubleshoot your SSO setup is to turn on SSO logging on the EVDG server by adding DEBUG_SSO_TRACE_LEVEL=2 to the notes.ini for that server (http://www-10.lotus.com/ldd/dominowiki.nsf/dx/DEBUG_SSO_TRACE_LEVEL). That will generate additional output to the server console that should help you determine what is going wrong with your SSO config. If you get to this stage of troubleshooting though, I would also suggest opening a support case for additional assistance, though feel free to post any output back here too for comment
Regards
Paul
03-20-2013 10:16 AM
Thanks you RahulG, Advisor and Paul for your helping hand. much appreciated. The server has already been added into intranet zone from policy configuration itself.
Advisor, special thanks to you for providing detailed steps to configure SSO for gateway server. Indeed it was related to configuration of SSO and these steps helped us out. After configuring SSO, reset Internet password of one of the users and was able to access http://<EVDG>:port/names.nsf
Paul, I will make a note of this debugging setting for future use.
03-21-2013 12:13 AM
I'm glad that we were able to help you out. Thanks Paul for certifying my steps. ;)