If you are using Password Checking and are considering upgrading your Administration Server to ND6, DON’T DO IT! Unless, of course, you want to disable password checking or upgrade ALL your servers immediately to ND6. For some reason, IBM\Lotus did not see fit to inform us of this slight technicality.
Here’s an excerpt from the technote that support sent me: It was found that the problem was related to R5 servers creating signed AdminP requests that would fail when processed by an “Administration Server” running on Domino. If a user changes his or her Notes password and then accesses an R5 server first, via either an R5 or Domino 6 client, the AdminP request to “Change User Password in Domino Directory” fails with the error “Document is not signed.” If, however, the first server the user accesses after changing the password is an R6 server, the request is successfully processed by the Administration server. It matters which server is accessed first, because if the client (running either R5 or ND6) were to access the Domino 6 server first the request would have been correctly signed to be processed by the Domino 6 server without error.
There are some posting here about it. Do a search on Password Checking. Apparently IBM/Lotus had a couple SPRs on the problem, but those had not been released to the public. I’m still outraged that this was not made known. In my mind, I think this is pretty major.
I’m also puzzled that this did not come up at Admin2003, which I just attended. Or at least I didn’t hear anything about it. Hasn’t anyone else seen this?
Any comments would be appreciated. Also, if anyone has found a work around other than those offered by IBM/Lotus, I’d appreciate hearing about it.
Thank you.