I recently moved a user from one server to another. All the steps went through as I watched the Administration Requests db for the changes.
The problem now is that her local ID file still shows the old User Name (username/oldlocation/companyname).
In her Person document, the User Name field shows correctly (username/newlocation/companyname).
When I click on Examine Notes Certificates, it shows the old info. So, I assume her local ID file didn’t receive any new info.
She can access her mailfile on her new server location, and send/receive email fine.
When she tries to access a specific server, she gets the error: Server Error: Your public key was not found in the Domino Directory.
So, how do I update her Notes cert with the new location? How can I get her local ID updated with correct info?
In her Person Document, there is NOT a user.id file showing.
Domino server 8.5.1.
Thanks!
Michael
Subject: ID may be OK
What does the user see when she checks the security on her ID via File\Security\User Security? When she’s prompted for a password does her name show the old OU or the new OU?
Or if you have a recent email from her you could check the document properties and look at the value in the “From” field. Either way would be a quick check to see what is the active cert on her id.
It could just be that the public key in her person document didn’t get updated. Have you forced adminp to run from the server console, e.g. tell adminp process all to make sure it has hit all the time intervals?
Subject: Corporate
Yes, when she enters her password, it shows username/oldserver instead of the new one.
What are some steps I can do to fix this? Thanks for your help thus far.
Michael
Subject: Manually recertify
I suppose you could always manually re-certify her ID file.
In the admin client go to Configuration, Certification and choose certify. You’ll need access to both the certifier and and a copy of her ID file. (Keep the old ID incase you have problems)
Be sure the server you select is one that is either your registration server or one that will replicate throughout your domain. You will likely get a warning that you are renaming the person because you are using a different certifier. Choose rename. Return the ID file to her and you should be good to go.
This process will create a new public/private key combination and should update names.nsf with the new public key. If you want to accelerate the process you could do the previously posted console command and manually replicate names.nsf and admin4.nsf. You may need to repeat this process several times to ensure propagation of the changes.
Before you do this you may want to double check that the key databases exist and have the correct ACLs. Names.nsf, certlog.nsf and admin4.nsf should have you with at least author with create and appropriate roles. There should also be an administration server defined which will allow adminp to manage that database.
The only issue that may cause you some pain is if the user has encrypted any of their saved mail. Since this is encrypted with her old key (which no longer exists) she won’t be able to access the encrypted mail unless she switches back to her old ID with the old cert.
Good luck
Subject: Almost there…
Thanks for your help. I forgot about that location.
Anyway, when I double-click on a copy of the ID file she is using locally, I get thia:
Error Accessing Directory Entry
The directory entry for:
username/oldlocation/companyname
will not be updated due to the following error:
Entry not found in index
Do you want to certify the ID file anyway?
Should I go ahead and certify the ID?
Thanks!
Michael
Subject: public key
It’s possible the Public Key in the person doc is out of sync with the public key in the ID. Try pasting the public key from the ID into the user’s person document to bring them into sync then reissue the request to recertify.
Subject: I’d give it a shot
The message may be coming because she’s not in certlog.nsf. Once you’ve finished the re-certification I’d go into certlog and verify her entry. Same thing for her person doc in names.nsf. You may even want to verify that her person doc has the same public key as is on her ID file, i.e. User Security\Your Identity\Your Certificates\Other Actions\mail-Copy\Copy. You can paste the public in notepad and do a quick comparison to the one in her person doc. They should match