Search This Blog

Sunday, November 6, 2011

Five Domino domain default server settings you should change and why

Just because you don't immediately notice a default setting on your Domino server, doesn't mean there isn't one. I once asked a Lotus Domino system administrator what the default setting was for disconnecting an idle user from a Domino server. He replied, "There is no default setting." This is incorrect; there are defaults for all settings, regardless of whether they're apparent or hidden.
Some default settings, however, can be completely incorrect for your Domino domain. Here are five of my least-favorite default settings and why changing them can improve Domino server performance, tighten security and help you monitor your Domino domain.
  1. Default idle user disconnect time is four hours  
By default, an idle Lotus Notes user will remain connected to your Domino server for four hours. Keep in mind that idle users are taking up valuable resources, without doing anything. I have been using a 30-minute idle time disconnect for many years without any problems. IBM's article, How the notes.ini file parameter affects server performance, explains why it's good practice to use this parameter.
You'll want to set Notes.ini parameter on your servers so that it looks like this:
Server_session_timeout = 30
Tip: It's best to use server configuration documents to control these settings.
If you stick with your default setting of four hours, it makes it really hard to get a reading on the number of concurrent users.

  2. Message Recall defaults to on  
If you've upgraded to Lotus Notes R8 and haven't explicitly turned off Message Recall, it's on by default.
By default, Lotus Notes 8 users can recall mail that they've sent up to 14 days ago, as long as it hasn't been read yet. Recalling a message that has been in someone's mail file for 14 days could create some issues.
If you want to turn off Message Recall or change the number of days that a sent message can be recalled, there are a few options. You can create a server configuration document, edit the default one, or edit each server configuration document. Whichever option you decide to use, go to the Message Recall tab on the Router/SMTP tab to take control.
Mail Recall
If you have no server configuration documents, then Message Recall is automatically on and set for 14 days.

  3. Insecure storage of Internet passwords is on  
Check your Domino domain's directory profile by going to Actions -> Edit Directory Profile.
Directory Profile
If "Use more secure Internet Passwords" is set to "No," then a clever hacker could run a dictionary attack against your address book to obtain address book content.
Domino Directory Configuration Profile
If your HTTP password looks like the one below -- with all capital letters and numbers -- then you've got a problem.
HTTP Password
Use the menu options Actions -> Upgrade to More Secure Internet Password to fix existing person docs.
Upgrade to More Secure Internet Password
  4. The default number of cluster replicators is set to '1'  

Related resources from
Log off idle Lotus Notes users for better Domino Server performanceCopy Lotus Notes databases from the Domino Server console command line
Notes.ini and mail.boxes transaction logging -- a cautionary tale
Clustered servers only use a single cluster replicator by default. Cluster replication is an event-driven process. When changes occur on one Domino server in a cluster, the changes are pushed to the other servers as well. If many changes occur, cluster replication can fall behind. If there is a failover while the databases are out of sync, users will call help desk to ask, "Where are all the meetings I arranged this morning?" or "The mail I sent this morning isn't in my Sent folder." Adding another cluster replicator using the above parameter will help avoid this. Your clustered servers will run with two cluster replicators if you add this parameter to the Notes.ini file of the clustered servers:
Cluster_Replicators = 2
You can tell if you still need more by looking at the statistic Replica.Cluster.SecondsOnQueue, which should generally show a time under 15 seconds when the server has a light load. It should be under 30 seconds when the server is operating with a heavy load. Be sure to look at the Replica.Cluster.SecondsOnQueue.Avg and Replica.Cluster.SecondsOnQueue.Max statistics to get a better feel for whether or not everything is in sync.

  5. Change Domino server console colors  
This last one is one of those personal things that I've picked up in the last decade of working with the Domino server. To make things easier, change the default colors of your console so that you can see what's going on in one quick glance. Here's what I use on every Domino server I monitor:
Change Domino server console colors
Green is good; red is bad. The white-on-black color theme seems old fashioned. Ditch it for a color scheme that's simple to read and will easily tell you what's happening with your Domino servers.
Andy Pedisich

No comments:

Post a Comment