cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

EV search not working from Lotus client

Go to solution
Alikh
Level 3

‎03-19-2013 12:42 PM

Hi All, we have newly setup environment of Ev 10SP1 and Lotus Domino 8.5.2. And we are able to archive emails from users mailfile.

The only problem is that, when user clicks on search from lotus notes client more menu, it asks for account credentials but does not accept any users password.

Invalide credentials is the error message pops up. I restarted domino http task but it did not change anything.

I dont see any event logged on gateway server, and http task is running there as well.

Any logs should I be looking for?

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Arjun_Shelke
Level 6
Employee Accredited

‎03-20-2013 12:35 AM

Also check if SSO has been configured correctly... 

How to configure Domino to use Single Sign-On for the Enterprise Vault browser-based archive search

To enable authentication for the archive search feature, you need to set up Single Sign-On on the Enterprise Vault Domino Gateway.

 The following procedure assumes that you are not using Internet Sites documents. If you are, then use the procedure outlined in the Lotus Domino documentation.

 For more detail on how to configure Single Sign-On using Web Configuration, see the following IBM article:  http://www-1.ibm.com/support/docview.wss?rs=2272&context=SSTJRP&dc=DA400&uid=swg27002760&loc=en_US&c...

To configure Single Sign-On:

1. In the Domino Administrator client go to Configuration tab and select Server > All Server Documents view. Select (but do not open) the server document for the Enterprise Vault Domino Gateway.

2. Click Web and select Create Web SSO Configuration from the drop down box. 

  • In the Configuration Name field, change the default name to EVLtpaToken.
  • In the DNS Domain field, enter the DNS domain of the participating Domino servers.
  • In the Domino Server Names field, add all the Enterprise Vault Domino Gateways. If you want Single Sign-On to cover DWA users, then you also need to add the target Domino mail servers.
  • Click Keys and in the drop down menu select Create Domino SSO Key. Click OK.
  • Save and Close the Web SSO Configuration.

 3. While the server document for the Enterprise Vault Domino Gateway is selected, click Edit server. 

  • Click Internet Protocols tab and then Domino Web Engine sub-tab.
  • Change the Session Authentication field to Multiple Servers (SSO).
  • In the Web SSO Configuration field select EVLtpaToken.
  • Save and close the server document.

Confirm SSO is configured properly

To confirm that SSO is configured correctly, check that the user can log in to names.nsf on the Enterprise vault Domino Gateway using a web browser by using the following URL:

 http://<EVDG>:port/names.nsf,  for example

http://deserver1.evtraining.local:8080/names.nsf

 Web browser search available at the following URL:http://<EnterpriseVaultServer>/enterprisevaultdomino

Note: You must specify the FQDN of the server in the URL because the LTPA token is tied to the particular DNS domain.

The GetUser agent is used to lookup the full canonical name of the user and should return it as an XML page. To run the agent type the following URL into a browser:

 http://<EVDG>:8080/ev/evdomino.nsf/getuser?openagent    for example 

http://deserver1.evtraining.local:8080/ev/evdomino.nsf/getuser?openagent

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
RahulG
Level 6
Employee

‎03-19-2013 10:43 PM

Firslty Make sure you have added EVServer name  too Intranet Zone in you browser. You need to add FQDN, as well as the allias.

0 Kudos

Go to solution
Arjun_Shelke
Level 6
Employee Accredited

‎03-20-2013 12:15 AM

Additionally, check and confirm if the password you use is "Internet Password"

I hope , this can be different password than normal notes client id password. Try resetting the internet password for test user and check if you can login to search. If you are using Domino web access then its the same password you use while logging in to web access.

I hope this helps..

0 Kudos

Go to solution
Arjun_Shelke
Level 6
Employee Accredited

‎03-20-2013 12:35 AM

Also check if SSO has been configured correctly... 

How to configure Domino to use Single Sign-On for the Enterprise Vault browser-based archive search

To enable authentication for the archive search feature, you need to set up Single Sign-On on the Enterprise Vault Domino Gateway.

 The following procedure assumes that you are not using Internet Sites documents. If you are, then use the procedure outlined in the Lotus Domino documentation.

 For more detail on how to configure Single Sign-On using Web Configuration, see the following IBM article:  http://www-1.ibm.com/support/docview.wss?rs=2272&context=SSTJRP&dc=DA400&uid=swg27002760&loc=en_US&c...

To configure Single Sign-On:

1. In the Domino Administrator client go to Configuration tab and select Server > All Server Documents view. Select (but do not open) the server document for the Enterprise Vault Domino Gateway.

2. Click Web and select Create Web SSO Configuration from the drop down box. 

  • In the Configuration Name field, change the default name to EVLtpaToken.
  • In the DNS Domain field, enter the DNS domain of the participating Domino servers.
  • In the Domino Server Names field, add all the Enterprise Vault Domino Gateways. If you want Single Sign-On to cover DWA users, then you also need to add the target Domino mail servers.
  • Click Keys and in the drop down menu select Create Domino SSO Key. Click OK.
  • Save and Close the Web SSO Configuration.

 3. While the server document for the Enterprise Vault Domino Gateway is selected, click Edit server. 

  • Click Internet Protocols tab and then Domino Web Engine sub-tab.
  • Change the Session Authentication field to Multiple Servers (SSO).
  • In the Web SSO Configuration field select EVLtpaToken.
  • Save and close the server document.

Confirm SSO is configured properly

To confirm that SSO is configured correctly, check that the user can log in to names.nsf on the Enterprise vault Domino Gateway using a web browser by using the following URL:

 http://<EVDG>:port/names.nsf,  for example

http://deserver1.evtraining.local:8080/names.nsf

 Web browser search available at the following URL:http://<EnterpriseVaultServer>/enterprisevaultdomino

Note: You must specify the FQDN of the server in the URL because the LTPA token is tied to the particular DNS domain.

The GetUser agent is used to lookup the full canonical name of the user and should return it as an XML page. To run the agent type the following URL into a browser:

 http://<EVDG>:8080/ev/evdomino.nsf/getuser?openagent    for example 

http://deserver1.evtraining.local:8080/ev/evdomino.nsf/getuser?openagent

0 Kudos

Go to solution
Paul_Honey
Level 5
Employee Accredited

‎03-20-2013 02:13 AM

As per Advisor's suggestions, your problem will inevitably be a configuration issue, either using the wrong password, incorrectly configured Domino SSO on the EVDG server and / or an incompatibile URL (the URL needs to be fully qualified with the DNS domain as your SSO config)

So, you do need to first confirm that you can login to http://<FQDNofEVDG>:port/names.nsf to ensure that you have all of your SSO config on the Domino side correct before starting to worry about the EV side of things

If you cannot achieve that login, then all bets are off as far as EV search working and a useful thing to do to troubleshoot your SSO setup is to turn on SSO logging on the EVDG server by adding DEBUG_SSO_TRACE_LEVEL=2 to the notes.ini for that server (http://www-10.lotus.com/ldd/dominowiki.nsf/dx/DEBUG_SSO_TRACE_LEVEL). That will generate additional output to the server console that should help you determine what is going wrong with your SSO config. If you get to this stage of troubleshooting though, I would also suggest opening a support case for additional assistance, though feel free to post any output back here too for comment

Regards

Paul

0 Kudos

Go to solution
Alikh
Level 3

‎03-20-2013 10:16 AM

Thanks you RahulG, Advisor and Paul for your helping hand. much appreciated. The server has already been added into intranet zone from policy configuration itself.

Advisor, special thanks to you for providing detailed steps to configure SSO for gateway server. Indeed it was related to configuration of SSO and these steps helped us out. After configuring SSO, reset Internet password of one of the users and was able to access http://<EVDG>:port/names.nsf

Paul, I will make a note of this debugging setting for future use.

0 Kudos

Go to solution
Arjun_Shelke
Level 6
Employee Accredited

‎03-21-2013 12:13 AM

I'm glad that we were able to help you out. Thanks Paul for certifying my steps. ;)

0 Kudos