Index:
Pre-Install Considerations
Part 1 - Set Up Domino Web Access on a Domino Server
Part 2 - Set Up the Sametime Server
Part 3 - Create Connection Documents for Replication
Part 4 - Specify the Sametime server for Domino Web Access users
Set up authentication between the DWA and Sametime server by completing the steps in either Part 5 or Part 6:
Part 5 - Set up Domino Web SSO authentication between the DWA server and Sametime server
Part 6 - Configure DWA to use Sametime's Secrets and Tokens for Authentication
Part 7 - Verify the IM Settings in the Configuration Settings document for Domino Web Access
Part 8 - Verify that Instant Messaging works with Domino Web Access
Configuration Settings replaces Notes.ini parameters
Troubleshooting Problems
Pre-Install Considerations
1. DWA 7.x supports integration with Sametime 7.0. Integration with Sametime 6.5.1 is supported during the upgrade process only.
2. The Sametime server must be installed on a supported version of Domino. See Part 2 below for details.
3. The Sametime server should be installed on a dedicated server. See Part 2 below for details.
4. Prior to Notes/Domino 6.5.1, the Sametime server and DWA server had to be in the same Domino Domain. Beginning with Notes/Domino 6.5.1, the Sametime server and the DWA server can exist in different Domino domains. Please refer to the Notes/Domino 7.0 Administrator Help for more information on how to configure across Domino domains.
Note: There are two versions of Sametime available for Domino 7.0; however, these instructions apply to both versions. References to the Sametime server also apply to installing the limited use version. The two versions are:
- IBM Lotus Instant Messaging Limited Use -- the default instant messaging capability that is included with some licensing options for Domino 7.0.
- IBM Lotus Sametime® -- the full instant messaging product that includes Web conferencing capabilities. It is available only if your organization purchased it.
Part 1 - Set Up Domino Web Access on a Domino Server
1. Set up Domino Web Access on a server by making the appropriate selections during Domino Server setup.
2. Register users with the Domino Web Access (DWA7.NTF) mail template.
Note: When you upgrade any Domino server to 7.0, including DWA and Sametime servers, the STLinks files that are installed in the \stlinks directory are overwritten. (For example, <server_data_directory>\domino\html\sametime\stlinks) If you have modified STLinks files on either the DWA or Sametime server (for example, if the Sametime server is configured for tunneling or if you have installed interim fixes), these files will be replaced. When you are upgrade to 7.0, these files are backed up in a directory called stlinks.save (Windows and Unix platforms) or stlinks.sav (iSeries platform.)
For more information, see technote "Domino upgrade may break Stlinks on Sametime or DWA server" (#1225540 ).
Part 2 - Set Up the Sametime Server
Follow the instructions in the Sametime Installation Guide for installing Sametime in a Domino domain on a dedicated server; see the Details below.
Details
Lotus strongly recommends that Sametime be configured on its own dedicated Domino server. This recommendation is documented in both the Sametime Installation Guide and the Sametime Administrator's Guide:
It is best if the Sametime server is dedicated to supporting the real-time, interactive communication services of Sametime. A Sametime server should not be used for other high-demand Domino services such as mail storage and routing, application and database storage, or centralized Directory and administration services.
An iSeries or pSeries server can run multiple partitioned Domino servers on the same physical server. Adding Sametime to an existing production Domino server is not supported for Sametime 7.0. Instead, create a new Domino server for running Sametime. The new Domino server can reside on the same system as your existing production server. Using separate servers allows you to tune the servers individually for optimal performance. In addition, you can stop one of the servers for maintenance without affecting the other.
The Sametime server must be installed on a supported version of Domino. Refer to the following document for supported versions:
"Which versions of Domino are recommended when installing a Lotus Sametime server?" (#1096416)
Part 3 - Create Connection Documents for Replication
Connection documents need to be created for the Domino Web Access and the Sametime server if the Sametime server is not in the same domain as the Domino Web Access server. Also, if the Sametime server is in the same domain as the Domino Web Access server, but is not clustered with the registration server, a Connection document is required in order to replicate the Domino Directory.
The steps below configure two connection documents, one on each server. For more information on Connection documents and replication, refer to the Domino 7.0 Administrator Help.
Steps to Create Two Connection Documents
On the Domino Web Access server:
- Enter the Sametime server's name in the "Destination server" field. For example: Sametime/Acme.
- Enter the Domino Web Access server's name in the "Source domain" field.
- Enter the Sametime server's name in the "Destination domain" field.
On the Sametime server:
- Enter the Domino Web Access server's name in the "Destination server" field.
- Enter the Sametime server's name in the "Source domain" field.
- Enter the Domino Web Access server's name in the "Destination domain" field.
Part 4 - Specify the Sametime server for Domino Web Access users
There are two ways to specify a Sametime server for Domino Web Access users. You can edit the Configuration Settings document for the Domino Web Access server, or you can edit the Person document for each user who uses Instant Messaging.
Method 1:
To enable instant messaging and set the Sametime server for all Domino Web Access users at one time, use the Instant Messaging settings in the Configuration Settings document, Domino Web Access tab. After you have done this, the HTTP task needs to be restarted and then individual users can enable or disable instant messaging on their local Domino Web Access clients by setting a User Preference.
Method 2:
If you choose not to enable instant messaging for all users, then you must edit the Person document for each user who will use instant messaging, To do this, administrators can either:
1. Manually edit each user's Person document to populate the "Sametime server" field. Use the hierarchical format for the server name. For example:
2. Create and run an agent that populates the "Sametime server" field in all the appropriate Person documents.
Part 5 - Set up Domino Web SSO authentication between the DWA server and Sametime server
Domino Single Sign-on (SSO) is the preferred authentication method. Domino SSO authentication allows Web users to log in once to a Domino or IBM WebSphere server, and then access any other Domino or WebSphere server in the same DNS domain that is enabled for SSO without having to log in again.
For more information about Domino Web SSO authentication, see the topic "Multi-server session-based name-and-password authentication for Web users (single sign-on)".
Configure the Domino Web Access server for Web SSO
Complete the steps in this section if your DWA server is not configured for Web SSO, and you want to use the Web SSO document that Sametime created to configure it.
1. Ensure that the Domino Directory has replicated throughout the Domino domain since you installed Sametime.
2. Update the Web SSO Configuration document that was created when you installed Sametime (LtpaToken):
a. Open the Domino Directory and select the Configurations - Web - Web Configurations view.
b. From within this view, expand the list of Web SSO Configurations.
c. Open the "Web SSO Configuration for LtpaToken" document in edit mode. (If you are unable to edit the document, record the settings in the document, and then delete it and create a new one.)
d. Update these fields if necessary:
- Domino Server Names -- make sure this field contains the name of all of the DWA servers and Sametime servers that should participate in Single Sign-on.
- DNS Domain -- make sure this is the fully-qualified domain name of the DWA and Sametime server
e. Click Save & Close.
3. Enable single sign-on and basic authentication in the Server document for the DWA server. When you update the Web SSO Configuration field, select LtpaToken from the list.
4. Ensure that the updates replicate to all of the servers in the domain.
Update Domino Web Access server Web SSO configuration
Complete the steps in this section if your DWA server is already configured for Domino Web SSO. You must add the Sametime server to your configuration:
1. Update your existing Domino Web SSO Configuration document.
a. Open the Domino Directory and select the Configurations - Web - Web Configurations view.
b. From within this view, expand the list of Web SSO Configurations.
c. Open the Domino Web SSO document that you are using for your DWA server in edit mode.
d. Update these fields if necessary:
- Domino Server Names -- make sure this field contains the name of all of the DWA servers and Sametime servers that should participate in Single Sign-on.
- DNS Domain -- make sure this is the fully-qualified domain name of the DWA and Sametime server
e. Click Save & Close.
2. Update the Server document for the Sametime server.
a. Open the server document.
b. Click Internet Protocols - Domino Web Engine, and select the Web SSO Configuration field.
c. From the drop-down list, select the Web SSO Configuration that you are using for the DWA server.
d. Click Save & Close.
3. Ensure that the updates replicate to all of the servers in the domain.
Although Domino SSO is the preferred authentication method, you can continue to use secrets and tokens authentication databases, if you are already using them. For example, if any of the servers in your domain is configured for something other than multiple server SSO, (single server SSO for example) you must use secrets and tokens authentication. For information on setting up Secrets and Tokens authentication, see Part 6
Part 6 - Configure DWA to use Sametime's Secrets and Tokens for Authentication
If you have already completed the steps in Part 5 to set up Domino Web SSO authentication between the DWA server and the Sametime server, you can skip this section and continue with the steps in Part 7.
There are four main parts to configuring DWA to use Sametime's Secret and Tokens authentication scheme:
Part 6a - Create a one-time Replica of the Sametime Secrets database (StAuthS.NSF) on the Domino Web Access Server.
Steps:
1. Using a Notes Client, select File > Database > Open.
2. Enter the name of the Sametime server (for example, Sametime/Acme).
3. Enter the Secrets database filename: stauths.nsf
4. Select Open.
5. Select File > Replication > New Replica.
6. Enter the name of the Domino Web Access server (for example, iNotes/Acme).
7. Ensure that the database is replicated to the data directory: ...\domino\data\stauths.nsf.
8. Select OK to create the replica.
Part 6b - Push replication changes from the Domino Web Access server to the Sametime server.
Steps:
1. Open the Domino Administrator client and go to the Server tab.
2. Click the Server Console.
3. Enter a push command to replicate the Domino directory to the Sametime server. For example: push Sametime/Acme names.nsf
4. Select Send.
5. Enter a push command to replicate the Secrets database to the Sametime server. For example: push Sametime/Acme stauths.nsf
6. Select Send.
Part 6c - Confirm that, in the Sametime Tokens database (STAuthT.nsf), the Sametime server name is specified in the fully qualified format.
If the Sametime server is specified by the shortname (STServer1) instead of the fully qualified format (STServer1.company.com), and clients cannot resolve the shortname by DNS or host files, the Chat and Awareness functionality within DWA will not work. For more information , refer to the document "How to rebuild Sametime Tokens (STAuthT.nsf)" (#1085615).
Part 6d - Make sure that the "Allow secrets and tokens authentication:" field in the Instant Messaging section of the Domino Web Access tab in the Configuration document is set to "Enabled".
Part 7 - Verify the IM Settings on the Configuration Settings document for Domino Web Access
| Instant Messaging |
| Instant Messaging features |
Enable (default) to turn on instant messaging and live names (awareness) for users who have secrets and token or Lightweight Third Party Authentication (LTPA) token, and a Sametime server assigned. |
| Online awareness |
Enable (default) to turn on live names for any user who has also enabled awareness via a user preference. |
| Allow secrets and tokens authentication |
- Enable (default) -- to use and prefer secrets and tokens authentication if available.
- Disable -- if an LTPA token is present, disable this field to use the LTPA token instead.
|
| Set an Instant Messaging server hostname for all DWA users (useful for clustered configurations) |
Type the name of the Sametime server to set an instant messaging hostname (messaging.ibm.com for example) for all Domino Web Access users. Eliminates the need to populate the Sametime server field value within every user's Person document. |
| Loading \stlinks from Domino application server |
- Enable (default) -- to load \stlinks from the Domino application server.
- Disable -- to load the \stlinks directory from the Sametime server defined in the user's Person document. Useful if running different versions of Sametime servers within your organization and using a version of Domino prior to 6.5.2.
|
| Prefer "Sametime Connect for browsers" |
- Enable (default) -- to load the Sametime Connect for browsers (6.5.1 or later) as the Chat client.
- Disable -- to use the Domino Web Access Chat client.
|
| Pass the Organization name (commonly used when Domino is configured for xSP) |
For xSPs only. The default is disabled.
Enable to include the user's Organization as part of the name format. For example:
CN=John Doe/O=Acme
|
| Directory type used by IBM Lotus Instant Messaging and Web Conferencing |
- Domino Directory (or leave blank) -- if the Sametime server and Domino Web Access server both use the Domino Directory.
- Domino LDAP -- if the Sametime server uses the Domino LDAP directory and the Domino Web Access server uses the Domino Directory.
- Domino LDAP for xSP --(xSP servers only) If the Domino Web Access xSP server uses the Domino Directory and the Sametime server uses the Domino LDAP server.
- Non-Domino LDAP-- if the Sametime server and the Domino Web Access server both use an LDAP directory other than Domino LDAP.
Note You can further refine the way the name format is passed to the Sametime server for login and awareness using the NOTES.INI setting iNotes_WA_SametimeNameFormat, which will then override this configuration setting. |
For information on the Notes.ini setting iNotes_WA_SametimeNameFormat, refer to the document "Notes.ini Variables for Domino Web Access" (#1089521).
Part 8 - Verify that instant messaging works with Domino Web Access
1. Make sure that replication is complete, the Person documents exist on the Sametime server, and that the updated Web SSO document exists on all of the servers that will participate in single sign-on.
2. If you have not already done so, follow the instructions in the IBM Lotus Sametime 7.0 Installation Guide to verify that instant messaging is working properly before you test whether it is working with Domino Web Access clients.
3. Users Must Select "Enable Instant Messaging" in their DWA 7 Client.
a. Launch Domino Web Access in a browser.
b. Click the Preferences button.
c. Under Basic Tab, Instant Messaging section.
d. Select "Enable Instant Messaging."
e. Click OK.
4. In any view or document in which online awareness appears, click the Active status icon of the person you want to chat with to test the instant messaging connection.
5. If neither Chat nor Awareness is working, cycle the DWA and Sametime servers and test again.
6. If Sametime functionality is still not working, verify that your Sametime is working correctly in its native environment by using the Sametime Connect client to test.
7. If Sametime is still not working in the DWA client, proceed to the Troubleshooting section of this document (below).
Configuration Settings replaces Notes.ini parameters
Some NOTES.INI settings used for configuring Sametime integration with DWA have been replaced by Configuration Settings document settings in Domino 7. To configure users with the DWA7 mail template, use the appropriate settings on the Domino Web Access tab of the Configuration Settings document instead of these variables.
Although you cannot use these NOTES.INI settings for Domino 7, they have not been removed, and are still valid for users who have the iNotes6 mail template. In a mixed environment with both iNotes6.ntf and DWA7.ntf mail users, the NOTES.INI setting will apply to iNotes6 users, but the corresponding Configuration Settings will override these NOTES.INI settings for DWA7 users.
| NOTES.INI Setting |
Configuration Settings document field |
| iNotes_WA_Chat |
Instant Messaging features |
| iNotes_WA_LiveNames |
Online awareness |
| iNotes_WA_SametimeJavaConnect |
Prefer Sametime Java Connect for browsers |
| iNotes_WA_NoLocalArchive |
Local Archiving |
| iNotes_WA_SametimeServer |
Set an Instant Messaging server hostname for all DWA users |
| iNotes_WA_SametimeToken |
Allow secrets and tokens authentication |
| iNotes_WA_STLinksLocal |
Loading \stlinks from Domino application server |
Troubleshooting Problems
1. Follow the instructions in the Sametime Installation Guide for logging into the Sametime server using the Sametime Connect Client. Sametime must be functioning properly before you can use the Chat and Instant Messaging functionality in Domino Web Access clients.
2. Refer to the document, "Troubleshooting problems with Chat and Awareness in Domino Web Access" (#1158798) for more information on troubleshooting Chat and Awareness issues. |
