A colleague reached out with a problem, that one of his customers is using Windows Mail (no judging please) to fetch mails from Domino via IMAP4. And they see no mails in their Inbox. Intrigued by this tech puzzle on a Monday morning, I set out to recreate in my sandbox environment, and lo and behold, I had the same issue and even got an "0x8007274d" error:
Image:Domino IMAP for Windows Mail or When Millenials use Internet Protocols

Image:Domino IMAP for Windows Mail or When Millenials use Internet Protocols

So I tested with Mozilla Thunderbird and that worked like a charm. So I dug deeper and created some pcaps (because "pcap or it didn't happen").

Thunderbirds implementation to fetch mails in the inbox, it first selects the Inbox, then does an "UID fetch 1:*" (get all UIDs from message #1 onwards) and then downloads the individual mails.

IMAP        73        Request: 93 select "INBOX"

IMAP        365        Response: 93 OK [READ-WRITE] SELECT completed

IMAP        79        Request: 94 getquotaroot "INBOX"

IMAP        136        Response: 94 OK GETQUOTAROOT completed

IMAP        80        Request: 95 UID fetch 1:* (FLAGS)

IMAP        133        Response: 95 OK FETCH completed

IMAP        238        Request: 96 UID fetch 1:2 (UID RFC822.SIZE FLAGS BODY.PEEK[HEADER.FIELDS (From To Cc Bcc Subject Date Message-ID Priority X-Priority References Newsgroups In-Reply-To Content-Type Reply-To)])

IMAP/IMF/IMF        1015        subject: Testmail 001, from: Domino_Administrator/EXAMPLE%EXAMPLE@example.com, subject: Test 002, from: Domino_Administrator/EXAMPLE%EXAMPLE@example.com,  (text/plain)

IMAP        102        Request: 97 UID fetch 1,2 (UID RFC822.SIZE BODY.PEEK[])

IMAP/IMF/IMF        2760        subject: Testmail 001, from: Domino_Administrator/EXAMPLE%EXAMPLE@example.com, subject: Test 002, from: Domino_Administrator/EXAMPLE%EXAMPLE@example.com,  (text/plain)

Whereas at Microsoft apparently the Millenials never got beyond the "SEARCH" chapter in
RFC 3501. They decided to rely on ldap's computational expensive "SEARCH" command. Which in itself might not be bad, but as Microsoft does not surface the servers response, the admin will be kept in the dark as to why Windows Mail does not fetch any mails. If you look at the pcap, Domino correctly reports "NO SEARCH Database is not full text indexed" which Windows Mail does not show anywhere.
IMAP        93        Request: A8 SEARCH UNDELETED SINCE 15-Aug-2021

IMAP        102        Response: A8 NO SEARCH Database is not full text indexed

So to fix this issue,
create a full-text index on the mail database. Once that is completed, Windows Mail will "work":
IMAP        74        Request: A12 SELECT "Inbox"

IMAP        366        Response: A12 OK [READ-WRITE] SELECT completed

IMAP        94        Request: A13 SEARCH UNDELETED SINCE 19-May-2021

IMAP        93        Response: A13 OK SEARCH completed


IMAP/IMF/IMF        1055        subject: Test 002, from: Domino_Administrator/EXAMPLE%EXAMPLE@example.com, subject: Testmail 001, from: Domino_Administrator/EXAMPLE%EXAMPLE@example.com,  (text/plain)

IMAP        74        Request: A15 SELECT "Inbox"

IMAP        366        Response: A15 OK [READ-WRITE] SELECT completed

IMAP        94        Request: A16 SEARCH UNDELETED SINCE 19-May-2021

IMAP        93        Response: A16 OK SEARCH completed


IMAP/IMF/IMF        1055        subject: Test 002, from: Domino_Administrator/EXAMPLE%EXAMPLE@example.com, subject: Testmail 001, from: Domino_Administrator/EXAMPLE%EXAMPLE@example.com,  (text/plain)

Image:Domino IMAP for Windows Mail or When Millenials use Internet Protocols

Thank you, Microsoft.


Back to top

According to the documentation in HCL Notes 12, admins can use the notes.ini setting "NetworkSpeedInMbps" to "boost network performance" of Notes clients, when the network speed drops below a specified level.

Put "NetworkSpeedInMbps=value" into notes.ini, where value is the network speed in megabytes1 per second (Mbps) below which network performance will be "boosted".
For example, to boost performance when the network speed falls below 8 Mbps, specify "NetworkSpeedInMbps=8". Per default, this setting is not added, so disabled by default.

"Boosting Network Performance" was a little bit to vague for me, so I opened a case and asked for more details. After some back and forth, this is what emerged:

If the Notes client notices that the network speed (calculated via the avarage time taken to send and receive date from server) falls below given speed in the notes.ini setting, "partial replication" will be enabled automatically for the mail database.
In addition, when this ini setting is set, the additionally option “Full documents if network bandwidth available” will appear in “Replication Options” of the Notes Client.

User can force the download of complete documents by selecting Actions -> Receive entire document.

Debugging settings:
TRACE_BCUPDATES=5 => All logs of this feature are added console log
DEBUG_REPL=5 => Logs replication information
DEBUG_REPL_TIME=1 => Logs replication start, end and elapsed time

which will create entries like these:

[01B8:0006-53F8:wrepl] 05/24/2021 12:20:29.07 PM CBCDCtrl::Run> Partial replication is enabled. NetworkSpeedThresholdInMbps: 8, CurrentSpeedInMbps: 56.
[01B8:0006-53F8:wrepl] Mailbox -> replication setting -> full documents.

I think that should be MegaBit.


Back to top

I already put together a list of IBM certifications and trainings I would currently recommend to an administrator new to IBM Connections for older versions of IBM Connections.. As this served me well and I was able to reuse it in several customer situations, I updated that list for Connections 6.0.

Being an Connections 6.0 Administrator requires a broad set of skills. You should/need to know or have the skills in:

(IBM) trainings that will help you with these skills (based on the Connections 6.0 product set):
Course code
Duration (Days)
Linux Basics and Installation The objective of the course is to teach students enough about Linux to successfully install, configure, and run Linux on the student's personal workstation and be productive with it.
Linux System Administration I – Implementation The purpose of this course is to teach experienced Linux users the techniques, methods, and policies used in Linux system administration.

If you are enrolling in a Self Paced Virtual Classroom or Web Based Training course, before you enroll, please review the Self-Paced Virtual Classes and Web-Based Training Classes on our Terms and Conditions page, as well as the system requirements, to ensure that your system meets the minimum requirements for this course. http://www.ibm.com/training/terms

Learning Journeys or Training Paths that reference this course:

  Linux System Administrators


The intended audience for this course is experienced Linux users who want to become administrators of one or more Linux servers.
DB2 11.1 Administration Workshop for Linux This is an intermediate level course for students that will perform Database Administration tasks, who plan, implement, and maintain DB2 10.5 for Linux, UNIX, and Windows databases.

This course teaches database administrators to perform basic database administrative tasks using DB2 11.1 for Linux, UNIX, and Windows. These tasks include creating database objects like tables, indexes and views, and loading data into the database with DB2 utilities like LOAD and INGEST. Various diagnostic methods will be presented, including using db2pd command options, and monitoring with SQL statements that reference DB2 monitor functions. Students will learn how to implement automatic archival for database logs and how to recover a database to a specific point in time using the archived logs. The course covers using EXPLAIN tools to review the access plans for SQL statements, adding indexes to improve SQL performance. We will cover the locking performed by DB2 and the effect the application isolation level has on locking and lock wait conditions. Students will learn how to implement database security, including adding a security administrator, SECADM user, and implement database roles to simplify security management. We will also describe implementing DB2 native encryption for a database.
DB2 SQL Workshop his course provides an introduction to the SQL language.

This course is appropriate for customers working in all DB2 environments, that is, z/OS, VM/VSE, iSeries, Linux, UNIX, and Windows. It is also appropriate for customers working in an Informix environment.
Directory Integrator Courses IBM Directory Integrator (IDI) is a generic data integration tool suitable for a wide range of scenarios that usually require custom coding and significantly more resources than traditional integration tools. https://www.securitylearningacademy.com/local/navigator/index.php?level=iadi01
IBM Security Directory Integrator Administration and Deployment This course focuses on the basic concepts of the IBM Security Directory Integrator application. Students learn about the components of IBM Security Directory Integrator and how the application integrates with different systems. Students also learn how to build IBM Security Directory Integrator solutions.

This course is designed for solution developers, deployers, and system administrators who are responsible for the deployment and administration of IBM Security Directory Integrator solutions.
WebSphere Application Server V8.5.5 Administration This course teaches you the skills that are needed to install and administer IBM WebSphere Application Server V8.5.5. This release offers users enhanced support for standards, emerging technology, and a choice of development frameworks.

In this course, you learn how to install, configure, and maintain IBM WebSphere Application Server V8.5.5 base, Network Deployment (ND), and the Liberty profile. You learn how to deploy enterprise Java applications in a single computer or clustered configuration. In addition, you learn how to work with features of WebSphere Application Server V8.5.5, such as IBM Installation Manager, WebSphere Customization Toolbox, security enhancements, Intelligent Management, and centralized installation.

Throughout the course, hands-on exercises and demonstrations reinforce lecture content and give you practical experience with WebSphere Application Server V8.5.5. You complete tasks such as installing and assembling applications, applying problem determination techniques, configuring a clustered environment, and working with fine-grained administrative security.
WebSphere Application Server V8.5.5 Problem Determination This course teaches you how to manage WebSphere Application Server problems more skillfully within your organization by using problem determination tools and techniques. The instructor and students explore common scenarios that you might face in your daily activities. You also learn methodologies and techniques for problem determination, including how to use online IBM support tools to resolve problems. In addition, you learn how to communicate more effectively with IBM support teams so they can identify a problem and find its solution.

The course covers problems that are associated with Java virtual machine (JVM) tuning and memory management, database connectivity, connection pool configuration, security configuration, server start and stop failures, application deployment, web requests, and default messaging.

In hands-on lab exercises throughout the course, you gain practical experience with problem determination techniques by using your newly acquired skills within various scenarios. These scenarios include hung threads, OutOfMemory errors, crashes, data source configuration, security-related issues, server start and stop failures, web requests, and Java Message Service (JMS) message flow issues.
What's new in IBM Connections 4.5 As there is no new offering for Connections 6.0:
IBM Connections V4.5, social software for business, provides an exceptional social software solution that is designed to help enable users to access the right people and internal and external content in your professional networks and communities. IBM Connections is designed to help users engage with networks of expertise in the context of critical business processes in order to act with confidence and anticipate and respond to emerging opportunities.

In this workshop you will learn about the new features in IBM Connections 4.5, the capabilities provided by IBM Connections Content Manager and how to leverage the social Business toolkit SDK to socialize existing applications.

This advanced course is designed for Solution architects and social networking administrators.
LDAP Essentials This course consists of a set of videos related to basic LDAP topics. The course is focused on IBM Security Directory Server, but the concepts are applicable to any LDAP v3 compliant directory. You learn about LDAP suffixes, directory information tree, object classes and attributes. The videos demonstrate basic LDAP commands: search, add, modify and delete. The video also explains concept of LDIF flies.
IBM Directory Server Administrator As a Directory Server Administrator, you learn how to install and configure Directory Server Suite, and how to use local management interface (LMI) and command line interface (CLI) to administer the appliance, how to manage directory entries and configure the replication. You also learn how to configure Federated Directory Server (FDS) and how to configure Pass-through authentication (PTA).
IBM Connections 5.0 Administration BM connections installations configuration and troubleshooting. Learning different components of connections and also other product which can interact with the IBM connections for social collaboration.

This intermediate course is for IBM Connections administrators who need to deploy, manage and support IBM Connections 5.0 in an enterprise environment.
Changing IBM Connections behavior with IBM Connections Customizer Using extensions to support new business processes
Docker: A boon for the modern developer The role of Docker as a sort of Swiss Army knife for DevOps is well documented. But Docker-managed application containers are useful for more than deploying servers in the cloud. Docker containers can also aid in development and increase productivity dramatically in many common development scenarios. This tutorial focuses on how Docker can be useful from a developer's perspective. I introduce Docker, explain basic concepts and terminology, and present a series of hands-on development examples. https://www.ibm.com/developerworks/web/library/wa-docker-polyglot-programmers/index.html?ca=drs-
ZooKeeper fundamentals, deployment, and applications Let's start with why you would want to use ZooKeeper. ZooKeeper is a building block for distributed systems. When designing a distributed system, there is typically a need for designing and developing some coordination services https://www.ibm.com/developerworks/analytics/library/bd-zookeeper/index.html?ca=drs-
Get started with MongoDB on IBM Power Systems running Linux IBM® POWER8 processor-based systems were designed for various big data and analytics workloads by providing 4X more threads per core, memory bandwidth, and cache than other platform options. These benefits translate into superior performance gains for NoSQL solutions like MongoDB making it an ideal solution for managing your big data workloads on Power Systems running Linux. This article describes how to get started. https://www.ibm.com/developerworks/linux/library/l-mongodb-getstart-trs/index.html?ca=drs-
Build highly scalable applications with Node.js and Redis I will show how to build a chat application that allows users to send messages in real time to other users, scaling the application across multiple instances to handle the load. https://www.ibm.com/developerworks/cloud/library/cl-bluemix-node-redis-app/index.html?ca=drs-
Next-generation search and analytics with Apache Lucene and Solr 4 I began writing about Solr and Lucene for developerWorks six years ago (see Related topics). Over those years, Lucene and Solr established themselves as rock-solid technologies (Lucene as a foundation for Java™ APIs, and Solr as a search service). For instance, they power search-based applications for Apple iTunes, Netflix, Wikipedia, and a host of others, and they help to enable the IBM Watson question-answering system. https://www.ibm.com/developerworks/java/library/j-solr-lucene/index.html?ca=drs-#artrelatedtopics
Learning Path: Kubernetes If you're new to Kubernetes and container orchestration and want to begin learning about it, this learning path covers everything from basic prerequisites to more advanced skills needed for containerization.
Kubernetes Helm 101 Everything you need to know about Kubernetes Helm
Learning Path: The Road to Elasticsearch Learn all you need to know about Elasticsearch and get started with the new Elastic Stack.


Back to top

If you are running, for example, IBM Connections as a "large deployment", you got at least 18 JVMs with their corresponding SystemOut.log files to monitor for errors, issues and the likes. Always stating them explicitly was -- for me -- too cumbersome. So I thought of an easier way. This is what I came up with.

According to the documentation, the WebSphere Application Server (WAS) log files are located in the following directories on each node in your WAS installation:

where path is the WebSphere Application Server installation path. By default, path is the following:

So in an IBM Connections 5.5 environment, there would be these log files:




















So to get them all in one continuous log stream the following one-liner comes in handy:

find /opt/ibm/WebSphere/AppServer/profiles/node01/logs -name SystemOut.log -print0 | xargs --null tail -F

Of course, there are other solutions to this as well. One of them would be multitail, logcheck, Simple Log Watcher or lnav, but you would have to install them, which more often then not, ism't possible in a customer environment.


Back to top

Yes, I am available starting 2019-10-01.
Feel free to contact me any means available (except WhatsApp) or via email at job4martinleyrer.priv.at for my CV or any other information.

You may have heard that IBM sold the products I am currently working with (Notes/Domino, Sametime, Connections) to HCL. As a result of that move, IBM and I recently decided, amicably, to go seperate ways by end of September. This, luckily, coincided with my desire to change and do something new/different.

Which is where you, my dear reader, come into play. Because I am currently at loss what the „next big thing”, the next cool technology or solution to learn, develop and work with, is. I caught the Web in the 1990ties, the .com boom around 2000 and the Social Media/Web 2.0 thingy around 2010s. But right now, I am stumped and my gut feeling is not making a beep.

I already looked at topics like Security, Agile, DevOps, DevSecOps, IoT, Cyber, Blockchain, AI, etc. I pondered the Gartner Hype cycle (just for completeness ;)). I read a ton of input from the RSS feeds I subscribe to. And still nothing sticks out to me with a big, flashing „THIS IS IT” sign plastered over it like I experienced it in my career several times already. I am currently, for the first time in my life, stumped by the question of what I want to work with in the next 3-5 years.

So my question to you is: What IS the „Next Big Thing” in your opinion?

Where should I look for an interesting, well paying, challenge that will keep me galvanized for the next few years?

I would love to get your input!
(or even a job offer)


Back to top

After installing the usual client security updates on my Microsoft Windows Client Virtual Machine I was suddenly no longer able to connect to the customers Windows Servers. First, I had suspected a server security update shutting out my VM (which would have been understandable). But further investigation pointed to a client issue. Especially the specific error message (if you read it *ahem*) helps:

An authentication error has occurred.
The function requested is not supported.
Remote computer:
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660

So if you read upon that link, it appears that a Windows Update on my client installed and activated the CredSSP fix for CVE-2018-0886 in "Force Updated Clients" mode which hindered me to connect to the unpached (*ahem*) servers.

In order to "fix" my access problem, I had to modify the behaviour of the client fix via this command line:
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 2

/via Remote desktop connection error after updating Windows 2018/05/08 - CredSSP updates for CVE-2018-0886 - Super User


Back to top

To activate the new Newsletter design in Connections 6.0 to CR4, you’ll first need to update the notification config.

In the properties section of the notification-config.xml you have to add the following line:

<!-- New notification design -->
<property name="globalNotificationTemplateTheme>notifications_v2</property>

Via Martti Garden.


Back to top

Although every communication is (rightfully) moving to TLS, the cleartext tool "telnet" is still quite handy on a Windows based server to check if a port is open and/or basic network connectivity is working. Unfortunately, the telnet client (NOT the server) is no longer part of a Windows default install.

To install the telnet client (NEVER install the server), you could either click through the GUI (Server Manager -> Add roles and features -> ..) or you could use the fast way via the command line:

Enabling the telnet client through command prompt

dism /online /Enable-Feature /FeatureName:TelnetClient

Enabling the telnet client through PowerShell

Install-WindowsFeature -name Telnet-Client

And now a simple
telnet localhost 80
just works :D.


Back to top

 Usually, the filter for syncing LDAP users into IBM Connections using the Tivoli Directory Integrator (TDI) looks something like this:


If you are using Microsofts Active Directory (AD), this also syncs users that are "disabled" in AD, which is usually not what you want.
Fortunately, there is a Microsoft Knowledgebase entry called "How to query Active Directory by using a bitwise filter" that sheds some light on this:
An example is when you want to query Active Directory for user class objects that are disabled. The attribute that holds this information is the userAccountControl attribute. This attribute is composed of a combination of different flags. The flag for setting the object that you want to disable is UF_ACCOUNTDISABLE, which has a value of 0x02 (2 decimal). The bitwise comparison filter that specifies userAccountControl with the UF_ACCOUNTDISABLED bit set would resemble this:

So all we habe to do is to incorporate this attribute into our filter statement (of course negated), to only sync "active" users:


Back to top

In my current project, we had the issue that the logs were flooded with CWWIM4564I warnings like the one below

[10/1/18 18:36:21:401 CEST] 00000443 LdapConnectio I com.ibm.ws.wim.adapter.ldap.LdapConnection getDirContext CWWIM4564I  The user registry is now connected to 'ldaps://activedirectory.example.com:636' LDAP Server. Or, the user registry is able to ping the LDAP server successfully.

and the ISC was very unresponsive when switching to the list of servers or the list of nodes (in an environment with 59 application servers on 13 different nodes).
Even with the workaround found by Dave Hay​, the warnings were flooding the logs (but only for the secondary Active Directory LDAP, the IBM Domino LDAP just worked).

What we did was twofold. As the context pool for the Domino based repository was already enabled, we also activated the context pool for the Active Directory repository, which cut down the number of CWWIM4564I warnings dramatically.

In addition to that, we also followed the steps Martijn de Jong outlined in his blog entry. As the transport memory size was already set to 200 and the IBM_CS_WIRE_FORMAT_VERSION was also already set to 6.1.0, we just had to add the IBM_CS_HAM_PROTOCOL_VERSION custom coregroup property with a value of

With those two changes and a reboot, we experienced a dramatic increase in performance when using the ISC and the logs were a lot easier to read without the CWWIM4564I warnings.


Back to top

This is the Blog of Martin Leyrer, currently employed as an Senior Lab Services Consultant at HCL Digital Solutions.

The postings on this site are my own and do not represent the positions, strategies or opinions of any former, current or future employer of mine.