Five Domino domain default server settings you should change and why

In this article, Lotus Notes Domino expert Andy Pedisich gives five default settings in your Domino domain that you should change, including the Message Recall setting and the 'use more secure Internet Passwords' setting. Modifying these settings will improve server performance, enhance Domino security and will give you tighter control of your Domino domain.

Just because you don't immediately notice a default setting on your Domino server, doesn't mean there isn't one. I once asked a Lotus Domino system administrator what the default setting was for disconnecting an idle user from a Domino server. He replied, "There is no default setting." This is incorrect; there are defaults for all settings, regardless of whether they're apparent or hidden.

Some default settings, however, can be completely incorrect for your Domino domain. Here are five of my least-favorite default settings and why changing them can improve Domino server performance, tighten security and help you monitor your Domino domain.

  1. Default idle user disconnect time is four hours  

By default, an idle Lotus Notes user will remain connected to your Domino server for four hours. Keep in mind that idle users are taking up valuable resources, without doing anything. I have been using a 30-minute idle time disconnect for many years without any problems. IBM's article, How the notes.ini file parameter affects server performance, explains why it's good practice to use this parameter.

You'll want to set Notes.ini parameter on your servers so that it looks like this:

Server_session_timeout = 30

Tip: It's best to use server configuration documents to control these settings.

If you stick with your default setting of four hours, it makes it really hard to get a reading on the number of concurrent users.

  2. Message Recall defaults to on  

If you've upgraded to Lotus Notes R8 and haven't explicitly turned off Message Recall, it's on by default.

By default, Lotus Notes 8 users can recall mail that they've sent up to 14 days ago, as long as it hasn't been read yet. Recalling a message that has been in someone's mail file for 14 days could create some issues.

If you want to turn off Message Recall or change the number of days that a sent message can be recalled, there are a few options. You can create a server configuration document, edit the default one, or edit each server configuration document. Whichever option you decide to use, go to the Message Recall tab on the Router/SMTP tab to take control.

Mail Recall

If you have no server configuration documents, then Message Recall is automatically on and set for 14 days.

  3. Insecure storage of Internet passwords is on  

Check your Domino domain's directory profile by going to Actions -> Edit Directory Profile.

Directory Profile

If "Use more secure Internet Passwords" is set to "No," then a clever hacker could run a dictionary attack against your address book to obtain address book content.

Domino Directory Configuration Profile

If your HTTP password looks like the one below -- with all capital letters and numbers -- then you've got a problem.

HTTP Password

Use the menu options Actions -> Upgrade to More Secure Internet Password to fix existing person docs.

Upgrade to More Secure Internet Password

  4. The default number of cluster replicators is set to '1'  

Related resources from SearchDomino.com:
Log off idle Lotus Notes users for better Domino Server performance

Copy Lotus Notes databases from the Domino Server console command line

Notes.ini and mail.boxes transaction logging -- a cautionary tale

Clustered servers only use a single cluster replicator by default. Cluster replication is an event-driven process. When changes occur on one Domino server in a cluster, the changes are pushed to the other servers as well. If many changes occur, cluster replication can fall behind. If there is a failover while the databases are out of sync, users will call help desk to ask, "Where are all the meetings I arranged this morning?" or "The mail I sent this morning isn't in my Sent folder."

Adding another cluster replicator using the above parameter will help avoid this. Your clustered servers will run with two cluster replicators if you add this parameter to the Notes.ini file of the clustered servers:

Cluster_Replicators = 2

You can tell if you still need more by looking at the statistic Replica.Cluster.SecondsOnQueue, which should generally show a time under 15 seconds when the server has a light load. It should be under 30 seconds when the server is operating with a heavy load. Be sure to look at the Replica.Cluster.SecondsOnQueue.Avg and Replica.Cluster.SecondsOnQueue.Max statistics to get a better feel for whether or not everything is in sync.

  5. Change Domino server console colors  

This last one is one of those personal things that I've picked up in the last decade of working with the Domino server. To make things easier, change the default colors of your console so that you can see what's going on in one quick glance. Here's what I use on every Domino server I monitor:

Change Domino server console colors

Green is good; red is bad. The white-on-black color theme seems old fashioned. Ditch it for a color scheme that's simple to read and will easily tell you what's happening with your Domino servers.

Do you have comments on this tip? Let us know.

Please let others know how useful it is via the rating scale below. Do you have a useful Lotus Notes/Domino tip or code snippet to share? Submit it to our monthly tip contest and you could win a prize.

ABOUT THE AUTHOR:   
Andy Pedisich
Andy Pedisich is President of Technotics, Inc. He has been working with Lotus Notes and Domino since Release 2. Technotics provides strategic consulting and training on collaborative infrastructure projects for customers throughout the world. You can contact Technotics through their Web site at www.technotics.com.

This was first published in November 2008

Dig deeper on Notes.ini

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchDataCenter

SearchExchange

SearchContentManagement

Close