HCL Domino License Analysis Scanner Security Warnings

Mindwatering Incorporated

Author: Tripp W Black

Created: 12/04/2023 at 12:35 PM

 

Category:
Domino Server Issues Troubleshooting
Other

The HCL Domino License Analysis Utility Security Errors:

The English version of the HCL page on the opensource.hcltechsw.com/domino-license-analysis-utility-DLAU page is a 404 (2023/12).
The German page exists and with the error messages themselves, together they give enough info to change the security settings field.

A. Deny Access Group Issue:
Error: The HCL Domino server "ServerName/Organization" is not using any Deny Access Groups to secure server access

Resolution:
1. Check for Deny Access group(s):
HCL Domino Administrator client --> People & Groups (tab) --> Domino Directories (left menu twistie) --> Domain's Directory (left menu sub twistie - "Domain's" will be different for each of us and will be your companies domain/directory) --> Deny Access Groups (left view option).
Note the group name(s).
- If there is one, which is most likely, it is needed for the next step below.
- If there is more than one, than a previous Domino admin found the need to have multiple lists for different parts of the company/organization. Look at the names and the members and choose the right one to add in step 2 below.
- If there is no deny access group, create one.
(Add Group button --> Enter the Group name (e.g. Terminations), change the Group type field to Deny List only, in the Description field, enter something like: Terminated people no longer with the company. Click the Save & Close button. Note the name of the group just created for step 2 below.

2. Add the group to the server document(s):
HCL Domino Administrator client --> Configuration (tab) --> Server (left menu twistie) --> Server document - Highlight and click Edit Server button (e.g. ServerName/Organization) --> Security (tab) --> Server Access (heading, lower left) --> Not access server (field)
Add the Deny Access Group, click Save & Close button.


B. HTTP Traffic Not Secured Issue:
This issue is really only an issue if you leave Person documents in the Directory after folks are terminated, you do add them to a Deny Access group, but don't have the group specified in the Domino server(s) not access the server field. You should have the group in the server document, and add people who are gone.
Error: The HCL Domino Server "ServerName/Organization" is not properly secured for HTTP traffic

1. Change the HTTP Enforce port field in the security document:
HCL Domino Administrator client --> Configuration (tab) --> Server (left menu twistie) --> Server document - Highlight and click Edit Server button (e.g. ServerName/Organization) --> Ports (tab) --> Internet Ports (sub tab) --> Web (sub tab) --> Enforce server access settings (field)
Change the field from No to Yes, click Save & Close button.


C. HTTP Traffic Not Secured Issue:
This issue is really only an issue if you leave Person documents in the Directory after folks are terminated, you do add them to a Deny Access group, but don't have the group specified in the Domino server(s) not access the server field. You should have the group in the server document, and add people who are gone.
Error: The HCL Domino Server "ServerName/Organization" is not properly secured for LDAP traffic

1. Change the HTTP Enforce port field in the security document:
HCL Domino Administrator client --> Configuration (tab) --> Server (left menu twistie) --> Server document - Highlight and click Edit Server button (e.g. ServerName/Organization) --> Ports (tab) --> Internet Ports (sub tab) --> Directory (sub tab) --> Enforce server access settings (field)
Change the field from No to Yes, click Save & Close button.







previous page