Lotus Domino 8.5.2 SMTP Issue causes spike in CPU utilization

Lotus Domino 8.5.2 was released after much development and testing. IBM appears to be going very slowly through the iteration numbers since 8.5.0.  Many thanks to all the early adopters who install it at first download!

As such, those early adopters are also the first to discover bugs that can really only be captured in a true production environment. There is one known bug out there, and I would caution against upgrading to 8.5.2 until the hotfix is available or possibly until Fix Pack 1 is available in Q4. The hot fix should be available on September 8th.

The issue is that SMTP will spike the CPU utilization, and has been shown on AIX, AIX 64bit, Linux, Windows, Windows 64bit, and i5/OS.

Here is the current IBM technote:
http://www-01.ibm.com/support/docview.wss?uid=swg21445280&myns=swglotus&mynp=OCSSKTMJ&mync=R

And here are a few other blog posts about the issue:

http://www.andypedisich.com/blogs/andysblog.nsf/dx/more-information-on-smtp-spike-domino-8.5.2.htm
http://connections.vss-inc.com/blogs/askgreenstein/entry/domino_8_5_2_smtp_bug?lang=en_us

7 Lucky tips you should know about Rational Functional Tester (RFT)

1 - Get all the latest fix packs after you install

You should be prepared to update RFT at least once per quarter. Web browsers are always being patched, and RFT integrates tightly into the browsers. For example, if you download the latest edition of RFT and you have Firefox 3.6, you will not be able to test with it because you have not updated to the latest fix pack. Update to the latest fix pack as soon as you install it. To update the environment, go to the IBM Installation Manger and click the big "Update" button.

2- Turn off UAC, or use virtualization

If you are on Windows 7 or Windows Vista, I recommend you turn off User Access Control. You can get by with UAC, but its honestly a complete PITA to deal with it.  If UAC is a corporate requirement for your desktop environment, then install RFT into a Windows virtual machine with UAC turned off.  VMware has product call VMWare View that is great for test labs. You could also use a test environment inside a VMWare workstation virtual machine on your local system if your organization is not yet ready to stand up a virtual environment. Keep in mind you can also run RFT on a Linux operating system. This is an ideal environment for testing Firefox, JDK based applications, Eclipse Rich Client apps, and terminal based apps.

3 - Enable Environments for Testing

After you install, you MUST enable your environments for testing. This simple step is the difference between having a critical tool and having expensive shelf-ware. You need to have Administrator rights on the computer you are trying to enable. This will fail if you don't (see technote 21320037). As part of this enablement you should also go ahead and disable the next-generation plugin for the browser. It is somewhat safe to assume that you will be running a JDK above 1.60_18, or you probably will be. This issue is really a Sun/Oracle issue because Oracle changed some identifiers in the JDK to replace the SUN name with Oracle. This wreaked havoc with Eclipse based environments (beyond just RFT). Here is the IBM technote. Follow closely before continuing.

Enabling Environments for Testing

4 - Test your environments before testing

Click 'Configure - Enable Environments for Testing'. In the next screen, you will need to enable any browsers you intend to test with as well as the associated JDK's. I recently had an issue at a client where clicking on 'View Results' in the browser would crash the browser, and the browser always failed the enablement test. In that instance there were several JDK's installed, and by removing the ones not needed and installing the latest JDK, we were able to resolve the issue.

5 - Test the environments before creating any scripts

In the same 'Enable Environments' dialog, go ahead and perform all the tests on all the UI's you will be testing with. Highlight each browser and each JDK, and click the 'Test' button. A successful test on a JDK should like the image shown here.
When you test your browser, you will typically get an alert about script execution. Allow it to run and view the results. A successful browser test should look like the next image. If it fails, try disabling the browser and re-enabling the browser.

6 - Go through the built in tutorials

RFT has some excellent built in tutorials on the product. Click on 'Help - Tutorials' to view them. They come with the product. Navigate to the 'Tutorials' link. Go get a big cup of coffee, turn off your phone, turn on instant messaging, and go through some healthy tutorials. You will be much more productive with the tool afterwards.

7 - Participate in the forums

As part of your learning, participating in user forums is enormously valuable. The communities are always eager to help. As you become more adept at the product, be sure to help some others who are also getting started.

Lastly, I'll leave you with a healthy list of links to help you get started. This del.icio.us link covers them all, and will include more in the future:

• http://www.delicious.com/klenny/rft

Setting up an SSL Reverse Proxy in Apache on Linux

This one I'm writing so I don't forget it. It is highly valuable info and spent a few hours wrangling with Linux to figure it out. This is a great way to proxy an Ajax web service so you avoid any cross domain scripting issues. Note, that if you also have WebSphere App Server, you could use the Web 2.0 Feature Pack and the Ajax Proxy Servlet which is included with it. These instructions assume either you are not using it and have some other implementation. The instructions below will also work with IBM HTTP Server since its based on Apache.

Let's say you have a web service that you have secured in SSL. Now you want to call that web service with an Ajax call (i.e. Dojo, JQuery, etc), and from either a static HTTP page, or a JSP that is may or may NOT be secured (i.e. HTTPS).

Let's say the web service URL is
https://webservice.strongbackconsulting.com/mywebservice

and the web page the audience is viewing is
http://portal.strongbackwidgets.co.uk/myorders.htm

On Apache, set up SSL. If the SSL modules have not been installed you can call one of the following commands to do most of the heavy lifting for you.
yum install mod_ssl (for Fedora, Red Hat)
yast -i apache2-worker (for Suse, OpenSuse)

Then in your httpd.conf files enter the following stanzas:

<VirtualHost 0.0.0.0:443>
   ServerName portal.strongbackwidgets.co.uk
   SSLEnable
   SSLServerCert selfSigned  
   SSLProxyEngine on

   SSLEngine on

   SSLCAProxyCertificateFile /etc/pki/tls/certs/localhost.crt

   SSLCAProxyCertificatePath /etc/pki/tls/certs
</VirtualHost>

<IfModule mod_proxy.c>
<Proxy *>
   SSLProxyEngine on
   Order deny,allow
   Allow from all
</Proxy>

RewriteEngine on

ProxyPass /mywebservice/ https://webservice.strongbackconsulting.com/mywebservice
ProxyPassReverse /mywebservice/ https://webservice.strongbackconsulting.com/mywebservice
RewriteRule ^/mywebservice$ /mywebservice/ [R]
</IfModule>

Note that you need the SSLProxyEngine statement for both the *:80 and *:443 virtual hosts. That way the user can be in either HTTP or HTTPS. The SSLCAProxyCertificatePath should suffice. You will need to create your certificate file if it does not already exist. It should already be there if you are using Fedora or OpenSuse. The directories for SSLCAProxyCertificatePath  anhd SSLCAProxyCertificateFile above are explicit to Fedora Linux. On OpenSuse, the default directory is /etc/apache2/ssl/.

Solving the dreaded winmail.dat issue in Lotus Notes

So your users are getting these "winmail.dat" attachments in Lotus Notes and can't open them, nor can they see any special formatting that the sender had added (and the sender is ALWAYS from Outlook).


Quick solution:

1. Make sure you are on the latest fix pack of Lotus Domino. That should be 6.5.6, 7.0.3, 8.0.2, or 8.5.x.
2. Open Lotus Domino Administrator and issue the following commands (copy and paste one at a time):

Set config TNEFKeepAttachment=1 

tell router update config


The problem is that Outlook is tunneling rich text formatted information in an attachment through the Internet using a proprietary format (concocted by Microsoft), rather than MIME (an Internet standard). It (wrongly) assumes the recipient is also using Outlook.

Microsoft opened up the format so other vendors could read the content, and IBM and other vendors have included that ability in later patches. You should not have this problem at all on Domino 8.5x, but will have to issue these commands on older versions of the server. If you need help upgrading we (Strongback Consulting) offer upgrade services on all platforms (System i, Unix, Windows, Linux).

http://www-01.ibm.com/support/docview.wss?uid=swg21093342

IBM Rational Cafe's have moved!

If you (like me) used the Cafe's (such as the HATS Hotspot), you should be aware that IBM has moved those over to Developerworks. Its is fitting, as that is where the forums are for all the other products. If you work on System z or i, these are great forums to visit to post questions or comments. There are solid business partners (us included) that frequent those sites and post answers to questions and advice. You'll also find 3rd level help desk support teams visiting those sites as well,  this might be faster and if you are savvy enough to navigate through the IBM support matrix and know that your question is beyond the capabilities of a level 1 support team.

• EGL Forum: https://www.ibm.com/developerworks/forums/forum.jspa?forumID=2275.
• RPG Forum: http://www.ibm.com/developerworks/forums/forum.jspa?forumID=2284
• C/C++ Forum: http://www.ibm.com/developerworks/forums/forum.jspa?forumID=2277.
• COBOL Forum: http://www.ibm.com/developerworks/forums/forum.jspa?forumID=2281
• HATS Forum: http://www.ibm.com/developerworks/forums/forum.jspa?forumID=2280.
• RDp Forum: http://www.ibm.com/developerworks/forums/forum.jspa?forumID=2285.
• RDz Forum:  http://www.ibm.com/developerworks/forums/forum.jspa?forumID=2282.
• RDz UT: http://www.ibm.com/developerworks/forums/forum.jspa?forumID=2283.