You’ve got the Lotus Notes connector in FAST configured – now what?

November 2nd, 2011 2 comments

A few lessons learned from implementing the Lotus Notes connector in FAST Search for SharePoint 2010

I found that the basic instructions from Microsoft were fine in setting this all up, but getting it to look nice and behave well was another matter. Here are the documents I referenced for the basic configuration:

  1. Basic Configuration – install the Notes client and JRE
  2. Set up the Extended Directory Catalog
  3. Configure the Security Connector. Make note of that warning in the middle. The user that runs the security and content updates must also be the one who encodes the password. This will typically be the FAST search service account.
  4. Configure the Content Connector
  5. Enable Authorization for Security Trimming

The Extended Directory Catalog

Start by making this catalog out of the pubnames.ntf template, not dircat.ntf, as you would expect. If you use the latter, the security connector can’t connect to it and extract the user information.

In the Extended Directory Catalog document, leave the ‘Additional fields…’ field blank. The fields it pulls in by default are more than adequate for this job. In my document I have ‘Remove duplicate users’ set to Yes, group types set to ‘Mail and Multipurpose’ (since I’m pulling in info from other domains, I can’t use ‘first directory only’), Incluce Mail-in Databases and Include Servers is set to No.

If you ever need to rebuild the Directory Catalog contents, just issue the following commands:

tell dircat q

load dircat dircat.nsf -r

When those commands are done, type ‘load dircat’ to re-enable scheduled background updates.

Scheduling Updates
Follow the instructions here to schedule updates using the task scheduler on the FAST administrative server.

That article does not cover the security update, but it’s similar. You’ll need to create two tasks in the task scheduler for this item. The first one will look like this:

Program/script: C:\FASTSearch\bin\lotusnotessecurity.bat
Add arguments: start -f ..\etc\DominoSecurityConfig.xml
Start in: C:\FASTSearch\bin

The second one needs to call the script below, stored in a command file

C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe " & 'E:\FASTSearch\tasks\UpdateSecurity.ps1' "

UpdateSecurity.ps1 will look like this:

Add-PSSnapin AdminSnapIn

Add-PSSnapin Microsoft.FASTSearch.PowerShell

$FASTSEARCH = [environment]::GetEnvironmentVariable("FASTSEARCH","Machine")

$path = Join-Path -path $FASTSEARCH -childPath "bin"

$envpath = Join-Path -path $FASTSEARCH -childpath "etc"

Update-FormatData -AppendPath "$envpath\FASTSearch.Format.ps1xml"

cd $path

c:

# Uncomment these next two if security trimming won't get in synch

# While you run these commands, FAST will not return results from Domino

# searches, even for anonymous content

# Remove-FASTSearchSecurityAliaser -Identity win2lnx -Confirm:$False

# New-FASTSearchSecurityXMLAliaser -id win2lnx -InputUserStoreId win -OutputUserStoreIds lnx -InputPropertyName '$PRINCIPAL_REFERENCE_ALIAS'

Set-FASTSearchSecurityXMLAliaser -id win2lnx -PathToXMLFile 'C:\FASTSearch\var\lotusnotesconnector\security\ssomapping.xml’

The last command is to take the ssomapping.xml file and upload it to the FAST security store.

Refiners
Refiners are the items that appear in the left-hand column of the search results page. SharePoint and FAST can make the SharePoint URL’s appear just fine, but the Domino ones don’t show up because nothing is mapped to the managed property ‘sitename’ which is what appears in that column.

To fix this, we’ll use the FixedFields item in the Content Connector configuration document. In my case, I’m adding a new field called ‘dominoUrl’:

<value>dominoUrl:http://intranet.company.com</value>

This will attach that field with that value to every entry that the content connector pulls in. You will need to clear the content store and reload it to make that happen. Map that new Lotus Notes crawled property to the managed property ‘sitename’. After that, do a full crawl of the FAST query and content sources.

Once that is done, the URL you inserted above will start to appear in search results on the left-hand side with a number next to it, denoting the number of hits that match that top-level URL.

Document Titles

One of the first things you notice in the Domino search results is that the document title is pretty flakey, even in documents that have an explicitly-defined title field. Sometimes it’s the title, more often than not it’s the name of the attachment on the document or, if there is none, simply the UID of the document. None of that looks pretty.

The property you want to display is really there, it’s just getting bumped in priority. To fix this, search for the managed property ‘Title’, and edit it. Find both of the items called ‘title(text)’ and move them to the top.

Search Scope

Using your Domino server as a search scope is pretty straightforward. It’s set up like any other scope, but I used Scope Rule Type of Web Address, then used the ‘Domain or subdomain’ option and entered the to-level URL without the HTTP; e.g., just intranet.company.com.

Categories: Sharepoint Tags:

Office Communications Server update complete

December 20th, 2010 No comments

I realized it’s been a while since I posted anything about OCS here, but it’s (mostly) done. Everyone was moved to the new environment and the old servers were decomissioned.

I’m now working on a Communicator Web Access server and desktop sharing environment. I’ve got it working internally, and, using this excellent article here (and this one), I have it set up to work externally as well. Unfortunately I have to wait for the firewall to get updated before it will work on the outside.

I also have it in the hands of our desktop people to update everyone’s Communicator client to v3.5.6907.206 (Communicator R2 with the July 2010 update), then I also need to go around and patch all the servers (FE, Edge, Archive/Monitor, SQL and CWA) with the November 2010 update.

In the mean time I’m also starting to plan out the MS Lync 2010 environment, probably for a whole, new domain.

It’s like he works here . . .

November 17th, 2010 1 comment

In every company I’ve ever worked for, it’s as if Scott Adams was there working with me. Just a couple of days ago we got the word that we would be transitioning to photo ID badges. Not unexpected, but then this showed up in my RSS feed:

Dilbert.com

And did I mention that I just got a filling replaced? Creepy . . .

Categories: Uncategorized Tags:

Domino 8.5.1 mail routing problem solved

September 1st, 2010 No comments

After upgrading our Domino servers to 8.5.1 FP2,  I noticed an intermittent issue where mail to the outbound SMTP relay would simply stop. No warning, no errors, just . . . nothing. Internal mail to other Domino servers would run just fine. Restarting the router resolved the issue every time.

I thought there was a fix in FP3 related to problem messages, but that didn’t do it either.

After opening a PMR with IBM, we ended up changing two things:

  1. Removing the SMTPTimeoutMultiplier setting. Not sure where or how I picked that up, but messing with that is apparently only necessary in some Notes client situations.
  2. Disabling inbound and outbound pipelining in the global SMTP settings in the server config documents.

After restarting the server, the problem has not recurred.

Categories: Domino Tags: , ,

Office Communications Server 2007 R2 almost there

August 30th, 2010 No comments

I’ve got a full OCS 2007 R2 environment built, just waiting for the big switch this weekend to the new environment. It’s been quite a learning experience.

Setting up a new OCS pool is not exactly a double-click-next-next-finish type of install. Lots of planning has to go in to it, even for an updated environment where we’ve already done all the legwork in DNS, certificates and firewalls. This was also a transition to a 64-bit OS environment from a 32-bit one, and trying to preserve all the connectivity at the same time.

I learned, for instance, that you can do all the configuration-moving and schema updates, and bring up a new front-end server for a new pool in the same domain as your old OCS pool, and everyone is none the wiser. No impact until you actually start migrating people.

However, if you bring up a new Edge server, and configure that in your new pool, it becomes an Edge server not only for your old environment, but for your new one as well. I had to unconfigure that real quick. The server is still up and running, but I’ll need to manually add it to the new pool and remove the old one at the same time that I migrate all 5,000 of our users.

So, I’ll have to remember this: Edge servers (and, I’m guessing, CWA servers as well) are forest-level resources. They are not limited to the pool in which you created them, even though the docs say that a R1 Front End can’t communicate with an R2 Edge server, and an R2 FE can’t communicate with an R1 Edge server.

For a brief time, though, I found I could connect from the outside through the R1 Edge server to the R2 pool when I was a member of that pool. In retrospect, though, Federation was probably not working.

How do larger companies do this, I wonder, since as near as I can tell, there’s no command-line tool for migrating users to the new environment?

Anyway, the big switch will take place hopefully this Sunday night when all the US and Canadian branches are on holiday.

After that I need to set up backups, archiving, and eventally the Communicator Web Access server our last environment didn’t have.

Google Calendar Sync updated

August 18th, 2010 No comments

Just updated yesterday per this blog entry.

Now supports 32-bit Outlook 2010. Works fine for me (Outlook 2010 32-bit on 64-bit Windows 7).

Categories: Uncategorized Tags:

WPTouch finally done

April 13th, 2010 3 comments

I finally got around to configuring WPTouch for this site. This is a plugin for WordPress that does a really nice job of formatting your site/pages for mobile devices. Works great, but you definitely have to go through the steps to configure it for WPCache/WPSuperCache, or it’s just not pretty.

Like mobile pages showing up on your desktop browser, and desktop pages showing on your mobile browser.

Categories: Uncategorized Tags:

UC stuff slowly coming together

April 12th, 2010 No comments

I’m finally starting to get a grip on all the little bits and pieces that make up Unified Communications. I hope we’re going to bring up Unified Messaging soon, and start switching some folks over to Enterprise Voice after we upgrade to OCS 2007 R2. There’s a long way to go between here and there, including budgeting, figuring out an RFP, etc.

Categories: Uncategorized Tags:

See, this is why I can’t have a nice blog

April 6th, 2010 No comments

It’s great that I have a blog, and that it posts my Twitter updates (which is now blocked at work, by the way). But that alone does not make for an interesting blog.

Work has kept me busy, and I’m now gearing up to preach a sermon this Sunday at church. The Gospel lesson is on Thomas after the resurrection (‘doubting Thomas’). I have some ideas about how to approach that.

I also noticed some links in Twitter going to WordPress-based blogs that looked really nice on my iPhone, so I tracked some of them down. The ones I liked best used WPTouch for WordPress. Works great, as you could see if you were accessing this from an iPhone or BlackBerry.

The Unified Communications stuff is proceeding apace, and I’m hoping we can get an Exchange 2010 upgrade out of it, along with a migration to OCS Enterprise 2007 R2 (from OCS Standard R1). “Wave 14” (probably Office Communications Server 2010) is due out in the Fall, and we can probably get our hands on the beta. If we can roll out Enterprise Voice, UM and other features to a 9000-person company worldwide, we can pretty much ask MS to do anything. They’d love the reference.

It’s clear, though, that the cloud is not ready for UC. Other folks might have made some dents, but right now Microsoft’s own BPOS offering only has IM and presence for OCS; Exchange 2010, but no UM. Sharepoint 2010 will be there soon, but it’s going to be at least a year before the cloud is on feature parity with on-premises solutions. Cisco has a decent cloud offering, but it’s not available in Europe, and they want us to buy all their IP-PBX infrastructure.

Categories: Unified Communications Tags:

Domino and Kerberos SSO

March 11th, 2010 No comments

Having pretty good luck with this, once the pieces were in place. Security gave me permission to use an existing attribute in AD, so we don’t have to mess with ADAM. That’s working fine, and I finally figured out the right configuration for the browser:

Local Intranet – can contain the FQDN of the Kerberos-enabled host, but can get by with a wildcard (e.g., *.acme.com)

Proxy Exceptions list – If you’re using a proxy, the FQDN of the Kerberos-enabled Domino host must be in this list, and it must come before any wildcard entries. A wildcard entry by itself will, in fact, break Domino SSO (not so for SharePoint on Kerberos SSO). So, if you have a FQDN like domino.acme.com and you also need *.acme.com in the Exceptions list, domino.acme.com must come first.

Categories: Domino Tags: , ,