Lotus Domino DNS Timeout Issue

Domino Server causes intermittent email bouncing

On a Domino Server to 8.5FP1

After upgrading a Domino Server to 8.5FP1 we noticed intermittent email bouncing even though the emails were correctly delivered to the email server. The server response was:
451 Unable to complete command, DNS not available or timed out

This message is misleading. What it really means that Domino wasn’t able to verify the sender domain’s RDNS (reverse DNS) entry.
IBM Domino Server and Collaboration Suite

Disabling Reverse DNS Check

If your Domino infrastructure already has a security mail gateway, then this extra protection on the Domino server isn’t needed and disabling it will speed up the SMTP operations of the Domino Server. Here are steps on how to turd this feature off.

Steps to turn off rDNS checking on the Domino Server

  1. Make sure you already have a Configuration Settings document for the server(s) to be configured.
  2. From the Domino Administrator, click the Configuration tab and expand the Messaging section.
    Click Configurations.
  3. Select the Configuration Settings document for the mail server or servers you want to restrict mail on, and click Edit Configuration.
  4. Click the Router/SMTP – Restrictions and Controls – SMTP Inbound Controls tab.
  5. Set the field “Verify sender’s domain in DNS” in the Inbound Sender Controls section do “Disabled,” and then click Save & Close

More information on Domino Server SPAM prevention

For more articles from the NewPush Managed Domino Server Team see Domino Server Support and Collaboration Services.


Migrating Data Between DB2 Servers

DB2 Support for Data Migration

When it is time to upgrade from DB2 on Intel to DB2 on Power for example, taking a backup/restore approach isn’t possible as DB2’s backups are platform dependent. The solution is to use a DB2 command called db2move.

Basics of db2move

db2move allows to export data from DB2 at different levels of granularity. It also has a very simple syntax to allow exporting all of the data and structure of a database.

Exmaple of db2move


su - db2inst1
mkdir /tmp/db2export
cd /tmp/db2export
db2move sample export

Where db2inst1 is the db2 instance owner, /tmp/db2export is where the DB2 data and structures are being exported, and sample is the database name.

For more DB2 Support hints, please visit our DB2 category.


Planning for Storage, Server, and Network Infrastructure

Questions to ask when planning storage and server infrastructure

Storage Requirements

  • What our their current storage environment? (What technology do we use? NetApp, EMC, HP, Hitachi, Compellant?)
  • What is our current amount of usable storage?
  • What is our current data in GB / TB? How much of that data is deemed critical as opposed to 2nd tier, or even archivable?
  • What growth increase are we seeing from year to year? (25%? 30%? 40%? More?)
  • Is this our largest variable IT cost within our overall budget?

Server Infrastructure

  • How many servers do we have within our overall Infrastructure environment?
  • What percentage is comprised of Power, Linux or “Wintel”?
  • Do we have a vendor standard? (HP, Dell, IBM?)
  • What is our overall server utilization (7%? 10%? 20%? 50%? More?)
  • Do we utilize virtualization in our server infrastructure environment?
  • If so, what percentage of our environment is virtualized?
  • What version / type of virtualization do we use?
  • Are we looking to do a server consolidation project to help us save on additional software maintenance and energy costs?

Network Infrastructure

  • Do we have (primarily) our own data center or do we store all of our equipment at a co-location / managed services location? (and if so, whom?)
  • What is our current network environment (Cisco? Avaya?)
  • Do we standardize on a vendor?
  • How old / new is their network environment?
  • What kind of connectivity do they have? (T1? T3? DS?)

Security Solutions

  • Do we have a set standard for our security environment?
  • Do we do quarterly security assessments? (PCI and/or FFIEC Assessments?) (Who do we use?)
  • Are there areas we need to improve?

Software Maintenance

Do we have a goto partner we standardize on for software and hardware maintenance contracts?

Projects

  • What are there next three primary projects?
  • What is our IT budget?
  • What is our Calendar year? Jan – Dec? July – June? Etc.

For more information about planning for storage, servers, and network infrastructure, look at our data warehouse pages.


Remove old or bogus address form Outlook email auto-complete address book

Problem

As a result of people changing their email address, or just simple typos, the MS Outlook auto-complete list ends up with a number of bogus queries.

Solution

To remove a name or email address from Outlook’s auto-complete list, simply follow these 4 steps:

  • Create a new email message in Outlook (don’t worry, you can cancel it as soon as the task is complete)
  • Start typing the name or address you want to remove
  • Use the down arrow key to highlight the desired (undesired) entry — make sure you actually use the arrow keys on the keyboard: if you use the mouse, the address will be selected in your recipient list, and you have to start over
  • Press the Del key on your keyboard, et voilà, the unwanted entry is gone

NetApp downgrade firmware

Downgrading firmware on a NetApp SAN

If you have just reclaimed a shelf from a NetApp SAN that you would like to use with an older head, you will notice that the drives are not recognized. This is due the the fact that DataOntap upgrades the drives automatically when you plug them in to an updated shelf, but it won’t downgrade or even recognize correctly drives that come from an higher level revision.

Downgrading drives while keeping the contents is actually impossible.

Actually downgrating the firmware on NetApp SAN drives

Chances are that you don’t really need to downgrade the firmware on the drives, and you can just skip to the next section.

If you are sure you need to downgrade the drives, here are the basic steps:

  • Get a linux box, with a qlogic HBA, and cables that can attach to the shelf that has the drives to downgrade
  • Make sure only the drives that you want to downgrade are in the shelf
  • Make sure the proper disk qualification package is on the filer (if not, download the Disk Qualification Package as a zip file from: http://now.netapp.com/NOW/download/tools/diskqual/ and extract it to the /etc directory of the NetApp)
  • Download all current disk firmware from http://now.netapp.com/NOW/download/tools/diskfw/
  • Get the right firmware for your disk (the new you just downloaded, or an old one, if you need to downgrade) — the old firmware is already on the root volume of the netapp
  • Use the proper firmware upgrade tool from your manufacturer to flash the firmware from the Linux box

Wiping labels on NetApp SAN drives

If you simply can’t get the old filer head to recognize the drives that had new labels, the only viable solution to get the drives to work is to reconnect the shelf to the old filer head that was running a newer firmware.

Erasing labels on NetApp SAN drives

  • Boot into maintenance mode (CTRL+C at boot and then Option 5)
  • list the drives: label summary
  • erase the labels: label wipe 4.23 where 4.23 is the drive number to wipe
  • exit maintenance mode: halt

Chances are that this will still not allow the older filer to see the drives properly. The next step always works: zero the drives.

Zeroing spares on NetApp filer

  • Boot into maintenance mode (CTRL+C at boot and then Option 5)
  • list the drives: label summary
  • force the drives to become spares: label makespare 4.23 where 4.23 is the drive number
  • exit maintenance mode and boot:
    > halt
    ok boot
  • zero the spare drives: drive zero spares
  • remove the shelf or the drives from the new filer, and you can now put them back into the old filer, as they will be recognized just fine.

For more information about our SAN support, look at NetApp SAN.


SPAM Filter Upgrade

Thoughout the week of October 25th, 2010, we will be upgrading our customers from the Postini/Google SPAM filter to the Red Condor SPAM and Virus filter. As a result of the upgrade, former Postini/Google customers will have more flexibility and more ease of use to access automatically their quarantine. If you have any questions, please do not hesitate to contact our support team.


NetApp route add default gateway

NetApp SAN default gateway setup

DataOntap is a FreeBSD based operating system built by NetApp. However, most of the command line interface commands differ from the usual FreeBSD commands. When a new NetApp installation is performed, or a NetApp migration is needed, typically the IP address needs to be changed, as well as the default gateway. The first step before changing the network configuraiton is to check if the current configuration, and capture it in case you need to back out of the migration. The following paragraphs show how to check existing configuration, and how to set the new gateway. NetApp SAN

Show NetApp SAN network config

To print the current network config, run:
ifconfig -a

To set a new network IP, run:
ifconfig e0 192.168.1.2 netmask 255.255.255.0

Where e0 is your network interface name, and 192.168.1.2 is the new IP of the NetApp.

Show NetApp SAN route config

To print the current routes, run:
route -ns

Setup NetApp SAN default route

Delete NetApp SAN current default route

route delete default

Add NetApp SAN new default route

route add 0.0.0.0 IP_OF_DEFAULT_GW 1
For example, if the fedault gateway is 192.168.1.1:
route add 0.0.0.0 192.168.1.1 1
For more information about our SAN support, look at NetApp SAN.


High Availability Asterisk

Problem

If you have tried to set up high availability for an asterisk VoIP PBX, you probably notices that it is easy to do in theory, but in practice, it isn’t quite always working as expected. For example, Trixbox has ways to set up high availability (HA), but when it comes down to it, the configuration adds too much complexity, and the system overall becomes less stable.

Solution

Generation D has come out with a clustering product for Asterisk that cost $2,000 for two nodes and the web interface. They claim 7s to fail over completely, and provide an API to enable integration with other systems. If we manage to secure a demo, we will provide more details on setup and performance.


Online fax service with SSL API

Problem

You need to create an online application that is capable of sending a FAX securely (PCI, HIPAA or other compliance).

Solution

After trying trustfax and eFax, neither of which has a secure API, Ralph found that Metro Fax has a SSL API for developers and the cost is reasonable.

The following SDK as well as some supporting documentation below will help you get started: WsfSDK

The MetroFax webservice gateway is available at:

https://wsf.metrofax.com/webservice.asmx

And there is supporting documentation (NDoc) available below:

https://wsf.metrofax.com/doc

The attached SDK contains sample implementations of numerous common methods.


How to limit access to a web site on an IIS web server by IP address

Problem

You have a private web site for management purposes, and you want to limit access to it by IP address.

Solution

  • Open the IIS management MMC.
  • In the left hand treeview, drill down to the website in question.
  • The main window of the IIS7 MMC will now display all the familiar management icons.
  • Under the ‘IIS’ group you will find one named ‘IP Address and Domain Restrictions’.
  • Open this and you will see an empty list.
  • Step one here is to select ‘Edit Feature Settings’ From the right-hand menu and select the ‘Deny’ option. (this block all -undefined- IP ranges)
  • Step two will be to ‘Add Allow Entry’ for your defined remote user’s IP range.