Hello!
I’m trying to solve a problem with changing http passwords via DWA and ?changepassword URL command.
The “change HTTP password in Domino directory” request is created in admin4.nsf and adminp processes it. The error message i am getting is Error: Document is not signed.
Now some more details on this problem.
There are a few servers in the domain, only one generates the error. The problem server is not the administration server for the Domino directory, ill try to give you a better idea of the setup.
Server A is the first server in the domain and setup as administration server for the Domino directory.
Server B is used for webmail and client users, when this server generates the change http password requests in admin4 they always fail when processed by Server A.
If the request is created by Server A they always process without errors.
Server A is version 8.0.1 and Server B was 6.5.1 but is now upgraded to 8.0.1 and the same problem still occurs every time a request is made by Server B.
I have tried the solution in this technote, but that didnt help : http://www-1.ibm.com/support/docview.wss?rs=463&context=SSKTMJ&context=SSKTWP&q1=1253298&uid=swg21253298&loc=en_US&cs=utf-8&lang=en
(i updated the public key in both Server A and Server B server documents with the key from their respective ID files).
When I examine the requests created in admin4 I can see a difference between the ones created by Server A and B.
Both are encrypted with Server A’s public key, both have $Seal and 3 $SealData fields containing encrypted ProxyNewHTPPPassword, ProxyNewHTPPPassword and Signature fields.
Both also have the field Publicencyptionkeys with the value CN=Server A/O=Company. The difference is that all the requests created by Server B has an extra field called $Seal2, more info:
Field Name: $Seal2
Data Type: Encryption Seal
Data Length: 352 bytes
Seq Num: 1
Dup Item ID: 0
Field Flags: SEAL
I have never seen this field before and the datatype also differs from the normal $Seal field:
Field Name: $Seal
Data Type: Encryption Seal List
I’m not sure if the $Seal2 field is important though…
I can create working requests with Server B using an agent:
Set adminp = s.CreateAdministrationProcess(“Server B”)
reqnoteid = adminp.ChangeHTTPPassword(“username”,“oldpass”,“newpass”)
Set admindoc = admindb.GetDocumentByID(reqnoteid)
Call admindoc.Sign()
Call admindoc.Save(True,False,False)
These requests are not encrypted but signed, and they process fine by Server A’s admin process. (the passwords are visible in plain text in the request since they arent encrypted, but this is just for testing purposes)
This leads me to believe that the problem is related to the encryption and not the signing as the error message states. My guess is that Server A is unable to decrypt the encrypted fields and since the Signature field is also encrypted thats why i get that specific error message.
Any ideas? I’ve read other posts here from users who have the same error message but I havent found any solutions other than the technote above.
I’m not so good with the encryption in Notes so maybe someone with good knowledge of that can help out?
One workaround I think could work is to modify the code thats creating the adminp request but I havent been able to find out how its done in iNotes or the changepassword form, maybe its not even available from the designer…
Any help is greatly appreciated!