When ID Vault seems to stop working properly

Andy Pedisich  May 20 2013 08:38:57 PM

Had a situation recently where a user kept getting the message that their certificate had expired.  But we were using ID vault and had recertified the person doc.

Certificate still expired?  I had just two words for that.  Im possible.

But it was true.  When we downloaded the ID from ID Vault it clearly was expired, in spite of the fact that it looked like we had re-certed successfully.  The villain? A public key on the ID file that was not the same as the one in the Domino directory.  The recert doesn't happen if the public keys don't match.  There's a myriad of stuff that breaks when the keys don't match.

That's not the first time I have seen this occur, although I am not sure of how it actually happens.  Let's forget about the "how" for a second and let's just say, "Shoot, it just happens."

More importantly, how can you detect that it happens so you can avoid the repercussions?  You can detect it by setting the server document to log key mismatches.


That setting will alert you to the fact that there is a mismatch between the public key in a person document in the address book and the actual public key that's in the ID file.  It will log it in the Domino server log like this:

05/15/2013 23:51:07   Jack Torrance/OverlookHotel from host [10.254.138.5:61250] encountered non-fatal problem during authentication: Your public key does not match the one stored in the Address Book
05/15/2013 23:51:07   Opened session for Jack Torrance/OverlookHotel (Release 8.5.2FP2)
05/15/2013 23:51:07   Closed session for Jack Torrance/OverlookHotel Databases accessed:     1   Documents read:     0   Documents written:     0

If you want to comb through the logs looking for the error, then leave it at that.  Just walk away from the keyboard.  If you just have a couple of servers to worry about, then you're probably good to just search the logs for "public key" occasionally and you'll find it.  But if you'd rather be notified via email, create an event handler in the events4.nsf Monitoring Configuration database.  Make it look like this:

You'll be notified by email of public key mismatches before it causes a problem. Then all you need to do is fix the problem by making a copy of the user's public key from their ID file:

...and pasting it into the Public Key field of their person document:
Done deal. Take the rest of the day off. And you'll be set to be the caretaker of the domain for another season.  

-Andy

Location: Home after a long day at the keyboard

• Comments [0]

Speaking at Medford Leas

Andy Pedisich  May 1 2013 08:02:48 PM

This Friday, May 3rd, I'm going to be speaking at Medford Leas. It's a retirement community for people over 55. The title of the session is, "Embrace Technology."  I am really looking forward to it!

I was invited to speak in the fall of 2012 and have been collecting facts, stories, pictures, and links ever since.  It's brought out the geek in me, as I take a step back and observe what we in the techno-world take for granted.

I'm turning the crowd onto Facebook, Twitter, Dropbox, and XKCD. We're exploring the fact that the Pope not only has a Twitter account, but has over 6 million followers. I'm encouraging folks to get a grip on new technology, not previously used stuff, and to explore it like it contains the antidote.  I'm asking the audience to re-assess their own comfort zones and see how easy it is to look outside of their own world.

Heck, I'm just pleased that I get to share a point of view about all of this stuff.  It's something I never anticipated.  I hope to have more speaking adventures like this one.  It's going to be fun!

-Andy

Location: Home - Philly, PA

• Comments [0]

Boston retrospective

Andy Pedisich  April 21 2013 04:34:46 PM

Boston and the Admin conference were very much like a dream at first.  Rob and I were on Amtrak near Providence on our way to Boston when we heard the news.  I got a text from my wife Linda, and we immediately surfed to news stations. It was horrific. We than had several hours of news reports to pour over before arriving in bean town, which was plenty of time to worry about all the aspects of the attack.  

We were then isolated in Boston.  I had no real context for the national and international impact of what was going on.  I only knew that there were a myriad of helicopters, police cars, and military personnel everywhere I turned.  And our hearts were badly broken with every news report I watched and every article in the Times I read.

Conference presentations were like mini-vacations from the stress of the reality.  But they only lasted as long as the slide deck, and we were once again faced with the sirens and the really tragic images.  We didn't have to look very far, since MIT was only a mile away.  Thursday night a conga line of police cars flashing with blue and red lights rushed past my hotel window going south to the MIT campus.

Friday saw Boston completely shut down.  I'm from Long Island originally, and one of the things that I found humor in was the blizzard of last winter, when Long Islanders went out on the expressway against everyone's recommendations and ended up being being road blocks for the cleanup crews. Not so with Boston residents in this situation.  They followed the instructions to the letter.  There were no stores open, no cars on the road, and nothing was going on.  It was the will of Boston as a community to apprehend the remaining alleged perpetrator.

With Amtrak shut down, Rob rented a car and we left our dear friends at the conference.  Rob drove us back to Philly in 6 hours with the help of a pair of iPhone GPS.

Here is what Memorial Drive in Boston looked like at rush hour on that Friday afternoon at 4:30 PM in Boston. It was quite surreal.


Everyone made it home eventually, although Susan Bulloch had to fly home in a near tornado and Francie had to deal with rough seas.  My hope is that Norman Cox, Andrew Kelly, Chris Miller, Gab and Tim Davis, and everyone else is back with their families.  Although I did read something about a won trivia game by a team of Admin errants in a gin mill in Maine.

Thank you Celia, Benny and the View Crew for keeping it together.

-Andy

Location: Home - recovering from Admin2013

• Comments [3]

Finished Jumpstart session

Andy Pedisich  April 16 2013 03:50:10 PM

I just posted the sessions that I am doing this week at the Admin conference in Boston.  Follow the link to Admin 2013 resources on the top right of the webpage.

There's still time to get here.  Lots of nice attendees and speakers who are in the trenches every day.

Tomorrow will be a busy day.  I'm doing 2 sessions, a hands-on lab, and then there is a an "Ask the Drunken Experts" where they feed us beer and hors d'oeuvres.

Have trouble pronouncing that last word?  Here's an excerpt from a Pronunciation Manual that will help you out.

">

-Andy

Location: On the road in Boston for View’s Admin 2013

• Comments [0]