Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
had to reject this idea because this is how name resolution works, and you can register your server with a fully qualified DNS name that is unique for name lookups. This would address your problem.
In case this is not what you were looking for, please ping me directly.
Update: When using connection documents, the client should of course connect to the defined server.
This case is not limited to different parts on an organization. We mostly give support to unrelated organizations and they can share the same common name. Also different location documents doesn't solve the issue. If I try to switch to another location which only limited to connect "Berlin/XYZ", domino is caching the old server name and it still tries to connect to "Berlin/ABC" and it fails to connect. Also this is an unproductive solutions as we need to copy databases or design elements from one server to another. We advice new companies to name their servers as BerlinXYZ/XYZ but there are too many servers with old naming which reinstalling them would be impossible for us.
Sorry just saw the other update when Thomas responded.
No I don't agree! This is not a good idea. It is causing all kind of issues.
I have seen many Domino environments and nobody ever had the same CN for multiple servers in different parts of an organisation.
There are work-arounds like having connections docs. This is the only way to resolve two servers with the same CN.
And still this might lead to issues that are hard to predict depending on your environment.
I also don't see why the hostfile will help in this case.
It would do the same host resolution by CN.
Daniel Nashed [https:/blog.nashcom.de]
Using a fully qualified DNS name in the Domino server's common name is probably what you want to use.
e.g. "berlin.company.com/ABC"
so your server for another company would be:
"berlin.othercompany.com/XYZ"
the Notes client will resolve the hostname in DNS and you'll end up on the correct server without having to create an entry in your hosts file.
Two companies can use the same server name as most of the time, server names indicate the location server resides in. As a developer serving such companies, this is a very big problem for me.
When I try to open a form named "Account" from finance.nsf in Berlin/ABC server, designer opens the same form from Berlin/XYZ server. This is clearly a bug that needs to be fixed.
Notes/Domino authentication is based on Client Certificates.
In that process, the client presents its certificate to the Domino server, and the Domino server presents its certificate to the client.
Both sides validate each other by making sure that the other part is a specific entity. So the client wants to make sure it is talking to a specific Domino server, and not any Domino server. This is important for things like the Replication History.
The Notes/Domino PKI was designed this way, and it was never designed with fungibility it mind. It seems that the customer's Systems Architect found a way to hack around this basic principle, and at some point in time, the hack broke.
Now the question is how to get out of the problematic situation.
Have you thought about replacing Notes clients with Domino 12 Nomad Web?
[Toni Feric, Belsoft Collaboration]
Hello Daniel,
Thanks for your reply. We install our products to our customers' own servers and we name the main server as Main/CompanyName and additional servers as LocationName/CompanyName . We have installations on over 200 companies in almost 1000 servers. This servers are installed by us and managed by customer ITs. And it is impossible to reinstall and rename all these servers.
This was a practice that was working almost 15 years without a hitch. After the release of eclipse client, we started to have weird issues about connecting to customer databases. For example while trying to connect Main/ABCCompany, designer opened design elements from Main/XYZCompany. This is really a dangerous bug which led us away from using eclipse client.
Creating location documents for all different companies is inefficient because we sometimes need to compare or copy design elements from customer to customer.
The workaround that recommended by HCL which is to adding hostnames to servers also isn't feasible, because not all these companies have domain names that they can attach to these servers. Also we sometimes need to work from local networks of these customers. Which we need to change the hosts file entry. This is also very difficult.
Are the 148 votes for this real? It's an idea from April and a quite specific topic.
I don't see why someone should register two different servers with the same CN.
And I don't understand how host file entries should help here.
The name resolution in Notes works with the complete name of the server.
If no connection doc is found or the server doesn't get the full host name or IP address from the Domino directory it will use the CN to try to find the server using OS name resolution.
If there are two CNs with the same name, this will lead to issues!
The DNS search list for domains is used to find the right server on OS level.
So if you use a name like domino-acme-abc the primary domain on the host will be checked in normal configurations (OS level). If that isn't found, the OS checks the search domains.
Taking this to account having the same CN for two different servers is never a good idea!
You can get this working with connection documents or proper defined configuration in Domino directory.
But this isn't a good idea!
For many years we are using DNS names including the domain to avoid to rely on search domains on OS level. That's why I am using server names like CN=domino.acme.com/OU=Srv/O=Acme for public facing servers, where you don't control search domains.
You should really not use two servers with the same CN!
But if you need a way to get this solved, we can help you to get this sorted out for this partiticular case. I don't see that this is a general issue.
[ Daniel Nashed / HCL Lifetime Ambassador ]
it's a good idea, I think it should be added
We already use connection documents. That's how we associate server names with ip addresses. This feature was working normally before eclipse client i.e Notes 8.5. Because of this bug, we're stuck into using the old client.