This manual provides information necessary to install and configure the RoomWizard Domino Synchronization Software in a Domino environment. It is intended for the use of system administrators of Steelcase customers who are responsible for configuring the IBM Lotus Domino server environment.
ROOMWIZARD SYNCHRONIZATION SOFTWARE REQUIREMENTS
This configuration overview outlines the required components for running the RoomWizard Domino Synchronization Software on Domino servers. The chapters that follow contain references and sample installation procedures required for each component. Additional detailed Lotus installation and configuration documents can be viewed and/or downloaded from:
http://www-306.ibm.com/software/lotus/
DOMINO SERVERS SUPPORTED
The RoomWizard Domino Synchronization Software requires one of the following environments:
- Domino Release 7.0.x
- Domino Release 8.0.x
- Domino Release 8.5.x
- Domino Release 9.0.x
- Domino clustered & domain environments, with limitations
The Lotus Domino synchronization software is supported for Windows, Linux and IBM environments only.
DOMINO HTTP SERVER
The RoomWizard Domino Synchronization Software requires that the same Domino server that runs the Calendar and Scheduling Server Tasks also run (utilizing the Resource Reservation database) the Domino HTTP process. It is also the location for installing the RoomWizard synchronization software database.
The HTTP task must be added to the ServerTasks line of the Notes.ini file. Refer to the Lotus Administrator’s help database for specific instruction on configuring the Domino HTTP server. The server home page should be accessible from any browser within the Domain by typing in the FQDN or IP address.
NOTE
In order to (1) display attendee information on the RoomWizard front panel, or (2) accomplish One-Click Publishing by harvesting whiteboard notes from a CopyCam™ or Thunder™, the user's mail files must be accessible to the account by which the synchronization software was signed. See Synchronization Software Agent and Attendee Email Retrieval.
SYNCHRONIZATION SOFTWARE AGENT AND ATTENDEE EMAIL RETRIEVAL
This sections describes:
- Configuring user mail files for retrieval of attendee
- Setting up a limited access account for script/agent execution for improved
The limited access account for executing scripts/agent may be helpful even if you won’t be using the attendees feature for One-Click Publishing.
The RoomWizard Domino Synchronization Software is a Domino agent, which is like a small program in a Domino database. Agents need to be “signed” by an ID file. When the agent runs, it has the database access rights of the signing ID. An agent is signed by editing and saving it, or by signing the database using Domino Administrator. After an agent is signed, it does not require access to the ID file to execute, so it is not necessary to store the ID file on the server. There are also server settings that can limit the IDs that can execute certain types of agents on the server.
In the end, the ID that signs the agent must have “read” access to all mail files for the retrieval of attendee email addresses from the host’s calendar.
It works best to have an administrator group (a group is not a security entity, but rather it’s a list of user IDs), with “Manager” access to every database on the server, including mail files. In this scenario, the recommended way to implement the RoomWizard Domino Synchronization Software is to sign the agent with one of these IDs. This is how other Domino add-ons are typically setup when they need access to resources such as mail files. It is a safe and easy method. In many instances organizations create an ID file just for running agents, add it to the administrators group, and limit the server to only allow this ID to execute agents. By limiting who has access to this ID file, the organization can limit who can execute agents on the server.
A workaround is to create an ID for the RoomWizard Domino Synchronization Software, grant it “read” access to all mail files, and sign the RoomWizard Domino Synchronization Software agent with this ID. That requires some updating every time a Domino server is upgraded.
Before beginning these steps, make sure your ID has “Manager” access to all mail files and the RoomWizard Domino Synchronization Software database, or that you have “Full Access Administration” rights. You also need access to register new users, which is usually done from the Primary domain server or an Administration server.
- Create an ID file for the RoomWizard Domino Synchronization Software; it does not need a mail file. In this example, the user is “RoomWizard Domino Synchronization Software/Your ”
- Update the ACLs of all existing mail files on all mail servers using Domino Complete this on all mail servers as follows:
- On the “Files” tab, open the mail directory on the By default this is named “mail.”
- Select all mail
- Select “Database - Manage ”
- Click “Add.”
- Configure the options as follows
- Name: the ID that signed the synchronization software “Room- Wizard synchronization software/Your Domain.”
- User Type: “Person.” c Access: “Reader.”
- Deselect all checkboxes that can be deselected
- Click “OK.” This may take a few minutes.
- Update the mail template ACL. This updates future mail users. This is completed on all registration servers and needs to be repeated every time Lotus Domino is upgraded on a server. If the administrator uses a local mail template, it also requires updating.
- Within Domino Administrator, select the “Files"
- Change “Show Me” to “Templates ”
- Find your mail template. Ask your Domino administrator which mail file is currently
- Select “Database - Manage ”
- Click “Add.”
- Name: “[RoomWizard Synchronization Software/Your Domain]” including the brackets [ ].
- User Type: “Person.”
- Access: “Reader.”
- Deselect all checkboxes that can be deselected.
- Click “OK.”
- Update the ACL in the synchronization software database to include “RoomWizard Synchronization Software/Your Domain” as “Designer.”
- Find the database in
- Select “Manage ”
- Click “Add.”
- Name: “RoomWizard Synchronization Software/Your Domain.”
- User Type: “Person.”
- Access: “Designer.”
- Select “Create LotusScript/Java agents.”
- Click “OK.”
- Allow “RoomWizard Synchronization Software/Your Domain” to run restricted
- From Domino Administrator, select Configuration > Server > All Server document.
- Double-click the server document for the web
- Click “Edit ”
- Click the “Security”
- Add “RoomWizard Synchronization Software/Your Domain” to “Run restricted LotusScript/Java ”
- Save and close the server
- It may take several minutes for the server to pick up this change.
- Sign the synchronization software agent with “RoomWizard Synchronization Software/Your ”
- Switch to the “RoomWizard Synchronization Software/Your Domain” ID file created in step
- Locate the RoomWizard Domino Synchronization Software in Domino
- Right click.
- Sign…
- Active Users ID.
- All Design documents
- Uncheck ‘update existing signatures only (faster)’ as this is the only signature needed.
INSTALLING ROOMWIZARD SYNCHRONIZATION SOFTWARE
The RoomWizard Domino Synchronization Software is designed for implementation on a Domino Domain configured for normal delivery of email amongst one or more Domino servers. While the RoomWizard Domino Synchronization Software database should work nominally in a clustered Domino environment, this requires additional configuration steps for optimization and security.
DOMINO 7.0 THROUGH 9.0 with RoomWizard FW 4.6
- Select the latest version of the RoomWizard Domino Synchronization Software (nsf).
- From the native operating system, copy the nsf database to the data subdirectory of the Domino server (i.e. c:\lotus\domino\data). The RoomWizard Domino Synchronization Software database can also be placed in a subdirectory (i.e. c:\RoomWizard) for convenience.
- Verify the RoomWizard Domino Synchronization Software database does not have “read only” attributes selected on the File > Properties.
- From a Domino Administration workstation, launch the Domino Administrator. Navigate to the “Files” tab for the server the RoomWizard Domino Synchronization Software has been installed
- Select the nsf database by right clicking on it.
- Select Access Control > Manage.
- You may receive a message saying “This database cannot be opened because a consistency check of it is ”
- Add the server’s hierarchical name to the ACL as “user type = server” and “access = manager.” Also add any other groups such as “Administrators” with appropriate access levels. It is recommended that the default access is set to “No Access,” but “Reader” will allow the RoomWizard to connect without an access account in the synchronization page.
- Remove the “Delete Documents” option from each ACL entry because the RoomWizard Domino Synchronization Software database contains a configuration document that should not to be deleted.
-
- Close the dialog window to save changes by clicking “OK.”
- From the same Administrator window, select the nsf database by right clicking on it
- Select “Sign.” Sign the RoomWizard Domino Synchronization Software database with a valid user ID file with access to the databases mentioned Domain administrator will not require adding ACL. Make sure the user ID that signs the RoomWizard Domino Synchronization Software database has access rights to the necessary databases.
-
- From Domino Administrator, navigate to the “Configuration” tab for the current server. Within the “Current Server Document,” navigate to the “Security” tab. Be sure that the hierarchical name of the ID that signed the RoomWizard Domino Synchronization Software database and domain servers appear in the “Run restricted Lotus Script/Java Agents” field either by name or via inclusion in a
-
- If the ID that signed the RoomWizard Domino Synchronization Software database does not appear, click “Edit Server” and manually enter the hierarchical name of both the Server and valid user
- While in the “Security” tab of the Current Server Document, check the “Trusted servers” so that each server that needs to share information has an entry for the other
NOTE
IMPORTANT: Servers must ‘trust’ each other in each server document if the synchronization software, resource, names, busy and mail databases are not on the same server. The ID that signed the RWConnector.nsf must have ACL rights for each of these databases across the Domino Topology and Domain.
- Open the database from Domino A Manage the ACL according to your company’s policy. LocalDomainServers should have “Manager Access.”
- There is one document in the RoomWizard Domino Synchronization Software database, the “configuration” document. Do not delete this document or allow anyone delete rights in the ACL. Open the document in the Select document and click on the “Edit Document” button.
- Fill in the file name of the “Resource Reservation” database that was created on the server (i.e. nsf). Also, enter the hierarchical name of the Domino server, which contains the resource reservation database into the “Server Name” field (Servername/Organization, i.e. Dominotest/Steelcase).
- Save and close the document. Close the
ROOMWIZARD CONFIGURATION
Each RoomWizard appliance needs to be configured with the URL of the synchronization software, the user id and password of the access account, as well as the mailbox ID and password for the room it synchronizes with.
The URL of the synchronization software, and the user ID and password of the access account can be the same for a group of RoomWizards. You can apply these settings to all RoomWizards you have added to the RoomWizard Admin Console. Configure the room ID and password for each RoomWizard individually.
NOTE
If default access is set to “reader” within the ACL for the RoomWizard Domino Synchronization Software, the web access account information is not needed. In the ACL for the synchronization software advanced tab – effective web access – will prohibit account access with access above this setting. So if your access account has manager and the setting is editor then web access will be prohibited.
To configure RoomWizard appliances Please refer to the RoomWizard Administration Console link at the bottom of this page.
- The Base URL for synchronization software installed in the root Domino x data directory use: http://dnsservername.mycompany.com/rwconnector_2_04.nsf/connector?openagent.
- If the synchronization software was placed into a subdirectory named RoomWizard, amend the URL: http://dnsservername.mycompany.com/RoomWizard/nsf/connector?openagent.
As an option, you may use the IP address of the server in place of the FQDN.
TROUBLESHOOTING
- The RoomWizard Domino Synchronization Software is not synchronizing with the Domino
- Can the server be accessed in a web browser by typing the ‘server access URL’?
- If this does not produce an XML page, but rather a login prompt, attempt to login with the access account information. The server document has an option for more name
- If an error retrieving page or not accessible error occurs, try typing in FQDN or IP for the This should produce the RoomWizard homepage. If not, check server task for HTTP running.
- If the HTTP task is running but still not able to access the homepage, try restarting
- If the RoomWizard homepage is still not appearing, check the IP address on the server and DNS
- Does the “access account” have higher access then allowed in the advanced tab within the synchronization software’s ACL?
- Placing the synchronization software and nsf on different servers.
- Check the server document (Security > Trusted Servers), on both.
- Are the location, name, server, and organization entered correctly into the synchronization software document?
- Are the servers accessible across the domain and from the same certification process?
- The Server is busy with requests slowing down other user activities.
- Decrease the “Poll interval” on the RoomWizard Setup > Device > Synchronization
- Place fewer RoomWizards on the server and have the other RoomWizards sync through another
TECHNICAL NOTES
More information is available from IBM Lotus site:
http://www-306.ibm.com/software/lotus/
The “Extract calendar details” option in the Domino Configuration document is available after selecting “Use these settings for all servers” for Domino R6 and later.
WARNING
IMPORTANT: There are significant changes between Domino R6 and R7 in how the resource reservation database updates busytime and autoprocesses meeting requests. These need to be identified during or after upgrading from R6 to R7 for accurate scheduling to occur, specifically updating the resourceDB with the R7 template.
DOMINO CALENDARING AND SCHEDULING
RoomWizard integrates with the Resource Reservations template (resrcXX.ntf where XX is the version number for Domino). You can create a new database (typically named resource.nsf) based on the resrcXX.ntf template. This database must be located on the same server that has the RoomWizard Domino Synchronization Software database. HTTP must be configured on this server as well, test web access by typing the FQDN or IP address into a web browser. Take all necessary security precautions for the server and its databases.
- Configure the Room Reservation database according to Lotus specifications.
- Complete at least one “Site” document and one “Room” document. Write down these names precisely for use in the RoomWizard configuration. Domino refers to each room by a hierarchical name that combines the room name and the site
For example if the room was named “Executive Briefing Room” and the site was “New York”, Domino would view the name as “Executive Briefing Room/New York”. This hierarchical name for the room must exactly match the name of the RoomWizard in its setup pages.
- Verify that Domino has completed setting up the room reservation system by opening the Lotus Administrator and looking in the Domino Directory (Name and Address Book) under the “People and Groups” tab. Select the icon on the left navigator for “Mail-In Databases and Resources.” Expand the “Rooms” twisty and see if the name of the Room is listed. If not, open the server’s console window and execute the command on the server, “tell adminp process all”. This should result in the addition of the Room into the previous “Mail-In Databases and Resources”
- Test by creating a reservation in a user’s calendar and schedule the room as well. This meeting (if successful) will appear in the user’s calendar and in the default view of the Resource database created. It should be noted that creating a reservation in the Reservation Database itself is not a valid test of the system. The RoomWizard Domino Synchronization Software has been tailored to integrate with the Room Reservation database and its creation of “Reservation” documents from a Lotus client. Creation of “Reservation” documents within the Reservation database is not supported.
NOTE
Room scheduling may not be available immediately and may take some time before reservations can be set for testing. Console command ‘tell adminp process all’ or restarting the server, may resolve this immediately.
SECURITY CHANGES IN DOMINO
Security changes in Domino 8.5.1 (Fix Pack 5 and later), Domino 8.5.2(Fix Pack 4 and later), Domino 8.5.3(Fix Pack 6 and later) and Domino 9.0.1 (Fix Pack 3 and later)
The later versions of Domino Server with the Fix Packs described above now utilize a TLS authentication handshake when connecting to secure (https) Webpages in a Domino environment. This change affects all https based Lotus Connectors but not unsecure (http) Lotus Connectors.
RoomWizards running Firmware 4.5.1.0 and earlier utilize an SSL based handshake that is incompatible with the later versions of Domino with the Fix Packs mentioned above. RoomWizards running these Firmware versions with fail to authenticate with https based Lotus Connectors residing on Domino Servers with these later Fix Packs.
RoomWizards running Firmware 4.6 and earlier utilize a TLS based handshake that is compatible with the later versions of Domino with the Fix Packs mentioned above. RoomWizards running Firmware 4.6 and later versions with successfully authenticate with https based Lotus Connectors residing on Domino Servers with these later Fix Packs.
This change in the handshake protocol should be a determining factor in what version of Firmware the RoomWizards should run on in Domino Server environments that utilize https based connectors.
TIMEZONE VALUE IN NOTES.INI FILE
The UseNotesTimeZone value in the notes.ini file and how it functions with the Domino Service
Domino Servers that run the service through a Windows Server will have the notes.ini value UseNotesTimeZone set to "0" by default. With this setup the Time Zones, DST Laws, and DST Value will be configured automatically through the Windows environment and the notes.ini file will be updated accordingly to reflect this. Running the Domino Server service through Windows will ensure that all Date and Time settings will never require manual editing of any sort as long as the UseNotesTimeZone in the notes.ini file is set to "0" by default.
Note: If the UseNotesTimeZone value is missing this implies a "0" value.
Domino Servers that do not run the Domino Server service via Windows will often have notes.ini value UseNotesTimeZone set to "1". This occurs often in Linux and IBM environments, as well as Windows environments where the Domino Server service is not run directly through Windows. When this value is set to 1 the Time Zones, DST Laws, and DST Value will not be configured automatically through the operating system and will need to be edited manually. Using this value is considered a legacy feature and is not recommended.