Installing FP9 on IBM i is Quite Different and Very SLOW

If you are planning to install FP9, there are a few things you need to be aware of:

  1. The installation process is quite different from what you are used to for installing FPs on the IBM i
  2. It’s significantly slower, as in hours, so plan accordingly

Installation process

The installation process is a fair bit different than installing previous FPs.  You no longer just download the savefile, FTP it so the server and then load and apply the associated PTF.  Instead, you download the savefile, FTP it to the server and then things get a fair bit different.

Step 1.

The first step after downloading the savefile, which is called KITFP9, is to restore the contents of the savefile. This savefile contains two savefiles:



Make sure you leave the default of restoring the objects into the saved library of QGPL rather than specifying a library of your own, because the install script that is used to do the installation assumes the savefile for FP9 (QFP69019) is in library QGPL.

The restore command provided is:



Step 2.

The next step is to restore the console installer from savefile QCLINSTF.


This will restore 81 files into /home/qnotes.

The first level is the console_install directory which contains the install script,, along with the LAP directory.




The Readme notes to NOT restore the contents into /QIBM/PRODATA/LOTUS/DOMINO901 as this is the directory where the Domino 9.0.1 executables are stored, so either leave the default of /home/qnotes or specify another directory you know is not in use by other applications.

Step 3.

As normal, end all active Domino servers on the system or LPAR that are running Domino 9.0.1.

Step 4.

This is where things get a bit different.  Rather than just issuing LODPTF and APYPTF, instead, you invoke QShell and run the installation script that is in the /home/qnotes/console_install directory. So the steps become:


cd /home/qnotes/console_install


The installer at this point will issue a LODPTF and APYPTF, remember it will bomb out unless the QFP69019 savefile is in library QGPL. I haven’t had time to work with modifying the install script and testing to see if things work okay with the having the savefile in another library, so for now stick with QGPL.

Step 5.

You will next be presented with the following screen regarding the license agreement.

                                                        QSH Command Entry

This document includes License Information documents below
for multiple Programs. Each License Information document
identifies the Program(s) to which it applies. Only those
License Information documents for the Program(s) for which
Licensee has acquired entitlements apply.



The Programs listed below are licensed under the following

Press Enter to continue viewing the license agreement, or
enter “1” to accept the agreement, “2” to decline it, “3”
to print it, or “99” to go back to the previous screen.

You will want to type in 1 and press Enter to continue.

Step 6.

Wait, and wait, and wait, and wait, …. yes continue to wait, because it’s going to be a LONG, LONG time before the installation completes.  More on that in the Installation performance section below.

Step 7.

Once the installation finally finishes, load the most recent Interim Fix or custom hotfix if you have one from IBM.

In this case I installed IF2, so the commands were:



Step 8.

Start the Domino servers and test.

Installation performance

The Readme states this: Domino 9.0.1 FP includes Dojo version upgrade with thousands of stream
files, need to plan for additional time required to copy these stream files to
Domino 9.0.1 product data and each server data folders during the installation

The Readme for FP8 had this same statement, and the process was fairly quick, it is NOT for FP9, so what’s different?

From what I have observed, the big difference is how they handle copying the thousands of stream files.  In FP9, for every stream file that is copied, there are 3 messages that are generated and written to QShell in addition to be written to a spooled file:

  1. CPCA087 which acknowledges the location the object was copied from and written to.
  2. The first CPC221B does a Change Authority on the object that was copied.
  3. The second CPC221B does a Change Owner on the object that was copied.

Below is an example for one stream file.





















Not only are these 3 messages generated for the THOUSANDS of stream files it copies, the files are copied to every Domino server installed on that system or LPAR!!! None of this is done in parallel, the files are copied to the first server, then the next, and the next …  No wonder it takes FOREVER!

The system this installation was done on is an IBM Power System S814 with 3.72 GHz chip speed, 68 GB of memory and over 10 Terabytes of disk.  Needless to say there were ample resources available on this system to handle the workload of the installation. There are 4 Domino servers installed on this LPAR.

Over 3 hours after I started the installation of FP9, it finished.  This is unheard of.  When I installed FP8 on this system, it was done in around 10 minutes.

I generated a spooled file once the installation completed (pressed F6 in QShell).

The spooled file that was generated was 3,515 pages in length, and only contains output from the timeframe of 17:03:17 – 17:04:35.

You think someone forgot to turn off the debug code before this was shipped?!?

This problem has been reported to IBM with hopes the performance can be significantly improved.

Want Verse on Prem & Connections 6 on IBM i and AIX? Then Vote!

I have spent a fair amount of time this past year working with various groups within IBM to get Verse on Premises (VoP) supported on the IBM i. The net of these discussions is in order to get Verse on Premises supported on the IBM i or AIX platforms, Docker will be required. Docker is a technology that allows for applications to be created, deployed and run using containers.  By using Docker, applications and services can be built and deployed on any operating system that supports Docker.

In addition to Verse on Premises needing Docker, Connection 6 (PINK) will also require Docker.  In order to get these two collaboration solutions supported on IBM i and AIX, I have created two Requests For Enhancements (RFEs):

I know both the IBM i and AIX communities want to have VoP and Connections PINK supported on their respective platforms.  The key is that the port of Docker to the IBM i will start with the port of Docker on AIX, so I am asking that you please vote for both of these RFEs to ensure both platforms become Docker enabled.

In addition to voting for the RFEs, adding comments to the RFEs will be very helpful to IBM in evaluating the importance of having Docker supported on these platforms.  By sharing why these platforms are important to you and how these collaboration solutions will benefit your business, IBM will have more knowledge when having discussions about these RFEs.

Please vote!!


Domino on the IBM i (iSeries) IS supported!

I received an email today from one of my customers inquiring about this blog post:

Their question to me was:

“Just a quick question, I was reading posts about Connection 2017 and came across this about halfway down.

Other news:
No more Notes client for Linux beyond 9.0.1 FP 7
32 bit droppet for AIX and Linux servers
No more Domino for iSeries

Is this true?”

I was at IBM Connect and had not heard this message and had previously been told that Domino on the IBM i would be supported along with all other currently supported platforms.  As a result, I reached out to Barry Rosen, the Offering Manager for IBM Collaboration Solutions.  He confirmed that Domino on the IBM i IS indeed supported.  He also posted the following comment on the blog post (thank you Barry!)

and the blog post has been updated to remove this statement (thank you Hogne).

The IBM Domino roadmap states “IBM Notes and Domino V9.0.1 is extending support through at least 2021”.  In my correspondences with Barry last October, I also received this statement in an email from Mr. Rosen that clearly states Domino on the IBM i is supported:

“Domino 9.0.1 on IBM i will be supported through at least 2021.  All current supported platforms will be supported through at least 2021.”

As I told my customer, rest assured, Domino on IBM i is fully supported, along with all feature packs.

Protecting your Domino servers from the clickjacking hack

There is a hack called clickjacking that can happen on web servers, including Domino.  Here are the details on how clickjacking can impact web sites.

An attacker performs a clickjacking attack by creating a site on the Internet, which contains inline frames (iframes) that can display content from the application.  The attacker sets the malicious iframes as invisible and places them on top of a commonly clicked link or icon found on the webpage.  Using JavaScript-based functions and other techniques, the attacker can force the authenticated user to click on and unknowingly execute target application functions. This exploit could control user’s actions without their knowledge and could potentially enable an attacker to expose confidential information or impersonate users.

For example let’s say users connect to the mail server via the URL
This site can be included on a webpage with an iframe containing the following  <iframe src=”” width=”500″ height=”500″></iframe>

The way you mediate this hack depends on the release level of the Domino server.

For any servers running 9.0.1 FP6 or higher, the following notes.ini variable can be set.  It just requires an end and restart of HTTP for this change to take effect.

HTTPAdditionalRespHeader=X-Frame-Options: SAMEORIGIN

For servers running earlier versions of Domino, those servers can be switched to use Internet Sites documents and then a Web Site Rule can be created that specifies a custom header with the x-frame-options header set to SAMEORIGIN.

If you haven’t enabled your server to use Internet Sites, edit the server document and specify “Enabled” for field ‘Load Internet configurations from Server\Internet Sites documents’.

Next create a Web Internet Site document, specifying the values appropriate for your site.  In the Web Site document, click Web Site -> Create Rule, select “HTTP response headers” for the ‘Type of rule’.  Under ‘Custom headers’, enter “X-Frame-Options” for the Name and “SAMEORIGIN” for Value and place a checkmark next to “Override“.

Whether you have enabled the notes.ini variable on a 9.0.1 FP6 or higher server or enabled the capability through a Web Site Rule in an Internet Site document, end and restart the HTTP task for prevention of clickjacking on your Domino server to be enabled.

Here is a technote for reference:

Keeping Domino Servers from Consuming Unnecessary Disk Space

I had a customer contact me recently asking about identifying why one of their IBM i LPARs had so much additional disk space consumed compared to another LPAR that hosted the Domino cluster mates.  The primary server hosted 4 Domino servers and the secondary LPAR hosted only 2 Domino servers.  The two additional servers on the primary LPAR were both Sametime Community servers, which typically don’t consume much disk space.

I used the disk usage utility to collect information on how much disk space each Domino server consumed.  The output is in the table below.


The Domino servers on the primary LPAR were consuming 843.34 GB more disk space than the servers on the secondary LPAR.  The two Sametime servers were a minuscule portion of this  discrepancy.  There were some databases on the primary servers (MAIL03 and COLLAB03) that were not on the cluster mates, however those databases only accounted for about 150 GB of space.  So what was causing such a disparity in the amount of space the primary servers were consuming compared to the secondary servers?

The culprit turned out to be the data in the IBM_TECHNICAL_SUPPORT subdirectory of the MAIL03 server.  This subdirectory alone was consuming 643 GB of disk space and contained 10,641 files.  My customer asked the best way to clean the directory up and how to prevent this run away disk space situation from happening in the future.  This is very easy to accomplish through a feature that has been in the product for many years but is rarely activated.

The feature is enabled in the Configuration Document on the Diagnostics tab.  Set the parameter ‘Remove diagnostic files after a specified number of days‘ to “Yes” and then specify the number of days diagnostic files can remain on the server in the ‘Number of days to keep diagnostic files‘ parameter.  The default is 365 days.  This can be set to a lower value.  I would recommend keeping at least 30 days of diagnostic data, maybe even 60 to 90 days.


The graphic above shows adding this to the Default Configuration document so all Domino servers in the domain inherit this setting, however it can be set for a specific server as well by editing the Configuration Document for that one server.

It’s that simple!

Remove Administrators from the CA Process BEFORE deleting them from the Domino Directory

A customer recently reported they were having issues adding people to the Certificate Authority (CA) process.  When they attempted to add people, they received the message “Cannot locate user certificate. Make sure server contains your certificate for encryption” as shown in the graphic below.


The customer had already done due diligence and verified their location document had the field “Home/mail server” set to the server where the ICL database resided, therefore meeting the requirement that the server listed in this field be in the same domain as the encrypting server for the CA.  Additionally, they ensured the field “Mail file location” was set to ‘Server’ and not ‘Local’ as that is also a requirement.

My first step was to check the status of the CA process on the server via tell ca status.  Everything was fine. I next examined the certifier being used, there were no issues found.  I now turned my focus to the ICL database.  The most recent IDStorage document had been last modified on July 12 2016.  That was over 3 months ago, so something else was amiss.

With this knowledge in hand, I clicked the ‘Advanced’ button on the Modify Certifier dialogue to attempt to replace the certifier ID and/or repair the ICL database.  This resulted in the same error, of user certificate could not be located.  The next step was to determine if there were any invalid Notes certificates in the person documents for the administrators that had been added to the CA process.  Once I had the list of CA administrators, I did a quick lookup of each of these users in the Domino directory.  What I discovered is that one of the CA administrators was no long in the directory.  This now explained the error message as every time the CA Process is updated, the certificates of all current users are verified.  Because this user was no longer in the directory, their certificate could not be located.

I had a copy of their Domino directory from earlier in the year stored locally, so I was able to copy the person document of that administrator back into their directory.  I then went into Modify the CA Process, removed the administrator that was no longer with the company, and the CA Process updated successfully as shown in the graphic below.


At this point I deleted the person document, using the delete key, not invoking the AdminP process using Delete Person as the user had previously been removed from the domain.

The moral of the story is to always remove an administrator from the CA process BEFORE deleting them from the Domino Directory as AdminP does not update the CA Process as part of the Delete Person process.

Engage 2016 User Group Conference

Engage2016 Logo

I had the opportunity to present at the Engage 2016 user group conference last week in Eindhoven.  I was extremely impressed on all levels.  Thank you to Theo Heselmans for the opportunity to speak at this event!  The session titles, abstracts and links to the presentations on SlideShare are below.


Adm02 Be a Domino Detective: Tackling Your Toughest Performance Problems


Abstract: Become a Domino performance investigator.  This session will teach you industry best practices for Domino performance optimization.  Learn how to take abstract symptoms like “Notes is slow” and break it down to a resolvable problem.  See the methodology and tricks involved to find the true culprit using tools such as semaphore timeouts, memory dumps and server monitoring.  Understand what impact running with obsolete tuning parameters can have on your environment. You will learn the best tips to implement along with do’s and don’ts for ensuring your Domino environment will perform optimally.


Adm07 The Health Check Extravaganza for Social and Collaboration Environments


Abstract: Are you concerned about your infrastructure being configured correctly? Do you have problems happen that you don’t know how to prevent? Do you think your servers might have room for improvement? Wonder no more. This session will show you what you need to be looking at to ensure your server environment is running as cleanly and efficiently as possible. You will learn what you need to be looking for in your server configuration, problems found at numerous customer environments and what steps should be taken to remedy the various situations covered in this session. Be preventative, not reactive! Performing a health check is one of the most economical ways to ensure your social and collaboration environments are running properly.

Keeping Your IBM Collaboration Environment Healthy

One of the critical things my company does for businesses is keeping their IBM Collaboration environments healthy.  We do this by reviewing the current environment and infrastructure, detailing our findings and making specific recommendations for improvement.  In doing this work, we have noticed patterns of findings.

At the Connect 2016 conference, myself and my colleague Luis Guirigay are presenting “The Health Check Extravaganza for Social and Collaboration Environments“.  We will be sharing with you our collective knowledge of our experiences in working with numerous customers in evaluating their collaboration environments.  We will share with you what you need to be looking at to ensure your server environments are running as cleanly and efficiently as possible.  Our goal is to be preventive, not reactive!

Performing a health check is one of the most economical ways to ensure your social and collaboration environments are running properly.  I hope to see you at our session today, Tuesday, February 2nd, at 1:15 PM in room Lake Highland.

2-1-2016 12-27-39 AM


Impact of Lack of Memory on CPU Usage

One of our customers asked me to analyze the performance of the IBM i LPAR that hosts their primary Domino and Sametime servers as they had some concerns.  The LPAR hosts 5 Domino servers (Mail, Application, Administration, Sametime, and Dev/Test) along with the Sametime DB2, SSC, Proxy, and Meeting servers.

My analysis revealed quite high CPU utilization at times, in addition to faulting issues in the *BASE memory pool. The *BASE memory pool is pool 2, where all of the Domino and WAS-based Sametime servers run by default. Some of the Domino servers (Administration, Dev/Test, and Domino Sametime) had previously been moved to separate memory pools.

To determine which servers were causing the bulk of the faulting the *BASE pool, I created a query against the QAPMJOBL performance monitor database file.  The two top faulters were the Mail and Application servers.  I made a recommendation to move the Mail and Application servers to their own memory pool, allocating 36 GB of memory to each memory pool as a starting point.  I also recommended moving the Administration, Dev/Test, and Domino Sametime server back to the *BASE memory pool. This quite dramatically changed the memory allocations on the server.

The table below shows the memory allocations as they were when I performed my analysis.

Memory Pool Allocations Prior

This next table shows memory allocations after implementing my recommendations.

Memory Pool Allocations After

My memory tuning recommendations were implemented on October 25th.  The impact on CPU utilization was quite dramatic as shown in the graphic below.

CPU Utilization After Memory Pool Adjustment

Proper memory allocation is key for the best Domino performance!




I Have Moved My Blog

Welcome to my new blog!

I had previously blogged on, however that site is now defunct, so I have moved my blog. I chose for my new blog as my blog handle on BleedYellow was DominoDiva.

I am very much looking forward to getting back into blogging!!