Problem importing certificates into keyring with LE4D after upgrade to Domino V11.0.1

Due to an issue with the JVM installed with Domino V11.0.1, LE4D throws an error when the tool tries to import the new / renewed certificate into the Domino keyring file.
The agent calls the kyrtool and passes the required parameters to the tool.
On the Domino V11.0.1 console, you will see an error

13.04.2020 06:48:52 Agent error: Cannot run program "cmd.exe": Malformed argument has embedded quote: "d:\domino\kyrtool.exe" create -k "d:\domino\data\eknori_staging.kyr"
13.04.2020 06:48:52 Agent error: at java.lang.ProcessBuilder.start(
13.04.2020 06:48:52 Agent error: at java.lang.Runtime.exec(
13.04.2020 06:48:52 Agent error: at java.lang.Runtime.exec(
13.04.2020 06:48:52 Agent error: at
13.04.2020 06:48:52 Agent error: at de.midpoints.le4d.manager.Le4dManager.runKyrTool(
13.04.2020 06:48:52 Agent error: at
13.04.2020 06:48:52 Agent error: at de.midpoints.MPStarter.NotesMain(
13.04.2020 06:48:52 Agent error: at lotus.domino.AgentBase.runNotes(Unknown Source)
13.04.2020 06:48:52 Agent error: at Source)
13.04.2020 06:48:52 Agent error: Caused by:

The problem is not in the code itself, because it runs on Domino V9.0.1FP10 and also on Domino V10.x and also on Domino V11. It seemed to stop working after upgrading the server to V11.0.1

I searched for the error on Google and found some references to it. The cause of this error is due to the Java update mentioned here:

To fix the error in Domino V11.0.1 do the following

  • If not already in place, create a new text file javaOptions.txt in the DominoDataDir
  • Add the following line to the javaOptions.txt file ( If you already have a javaOptions file, append the new entry to the existing lines in the file)
  • Save javaOptions.txt
  • Add the following line to the server notes.ini
  • Restart the server

When you now run the LE4D tool, everything should work!

HCL Nomad On Android Smartphones

I do not own an Android smartphone. But I saw a couple of forum entries from people with up-to-date Android device complaining, that HCL Nomad does not run on their devices.

I found an interesting post by Erik Schwalb in the German Notes Forum.

According to this post, the device must support the “64 bit abi for native applications”.

The term “abi” stands for application binary interface and provides a way to run apps on the Android platform, that are written in C/C++ (native) code or linked with any third party native libraries. The core functions of Notes/Domino are written in C++ and therefore a Notes-like client such as HCL Nomad needs this 64 bit abi for native applications. We don’t have a reliable way to tell which Android devices have 64 bit abi support and which do not.
At this point the best way is to try to download the app from the Play Store, and if it’s available, it’s supported and if not, then it’s not supported.

This seems not to be documented.

[How to] – install MSSQL Server on RHEL / CentOS 8

I already wrote about how to install MSSQL Server on RHEL 7. Today, I tried to install MSSQL on CentOS 8 following my instructions. The installation failed.

[root@scm opt]# sudo yum install -y mssql-server
 packages-microsoft-com-mssql-server-2017                                                                                           123 kB/s |  15 kB     00:00
Last metadata expiration check: 0:00:01 ago on Sun 26 Jan 2020 07:40:10 AM CET.
 Problem: cannot install the best candidate for the job
 nothing provides python needed by mssql-server-14.0.3257.3-13.x86_64
 nothing provides openssl < 1:1.1.0 needed by mssql-server-14.0.3257.3-13.x86_64
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) 

The SQL Server 2017 makes use of python2 and OpenSSL 1.0. You’ll need to install the package without resolving dependencies.

CentOS 8 does not install Python by default and OpenSSL seems also not to be available when you do a minimal install.

Here is, what I did to get MSSQL Server installed on CentOS 8.

sudo yum -y install python2 compat-openssl10
sudo alternatives --set python /usr/bin/python2
sudo yum download mssql-server
sudo rpm -Uvh --nodeps mssql-server*rpm 

This will install the dependencies needed. You should see the following output:

[root@scm opt]# sudo yum -y install python2 compat-openssl10
 Last metadata expiration check: 0:09:33 ago on Sun 26 Jan 2020 07:41:11 AM CET.
 Dependencies resolved.
  Package                                     Architecture              Version                                                  Repository                    Size
  compat-openssl10                            x86_64                    1:1.0.2o-3.el8                                           AppStream                    1.1 M
  python2                                     x86_64                    2.7.16-12.module_el8.1.0+219+cf9e6ac9                    AppStream                    109 k
 Installing dependencies:
  python2-libs                                x86_64                    2.7.16-12.module_el8.1.0+219+cf9e6ac9                    AppStream                    6.0 M
  python2-pip-wheel                           noarch                    9.0.3-14.module_el8.1.0+219+cf9e6ac9                     AppStream                    1.2 M
  python2-setuptools-wheel                    noarch                    39.0.1-11.module_el8.1.0+219+cf9e6ac9                    AppStream                    289 k
 Installing weak dependencies:
  python2-pip                                 noarch                    9.0.3-14.module_el8.1.0+219+cf9e6ac9                     AppStream                    2.0 M
  python2-setuptools                          noarch                    39.0.1-11.module_el8.1.0+219+cf9e6ac9                    AppStream                    643 k
 Enabling module streams:
  python27                                                              2.7
 Transaction Summary
 Install  7 Packages
 Total download size: 11 M
 Installed size: 42 M
 Downloading Packages:
 (1/7): python2-2.7.16-12.module_el8.1.0+219+cf9e6ac9.x86_64.rpm                                                                    1.4 MB/s | 109 kB     00:00
 (2/7): compat-openssl10-1.0.2o-3.el8.x86_64.rpm                                                                                    5.3 MB/s | 1.1 MB     00:00
 (3/7): python2-pip-wheel-9.0.3-14.module_el8.1.0+219+cf9e6ac9.noarch.rpm                                                           3.6 MB/s | 1.2 MB     00:00
 (4/7): python2-setuptools-39.0.1-11.module_el8.1.0+219+cf9e6ac9.noarch.rpm                                                         3.3 MB/s | 643 kB     00:00
 (5/7): python2-setuptools-wheel-39.0.1-11.module_el8.1.0+219+cf9e6ac9.noarch.rpm                                                   2.4 MB/s | 289 kB     00:00
 (6/7): python2-pip-9.0.3-14.module_el8.1.0+219+cf9e6ac9.noarch.rpm                                                                 2.3 MB/s | 2.0 MB     00:00
 (7/7): python2-libs-2.7.16-12.module_el8.1.0+219+cf9e6ac9.x86_64.rpm                                                               3.9 MB/s | 6.0 MB     00:01
 Total                                                                                                                              6.2 MB/s |  11 MB     00:01
 Running transaction check
 Transaction check succeeded.
 Running transaction test
 Transaction test succeeded.
 Running transaction
   Preparing        :                                                                                                                                           1/1
   Installing       : python2-setuptools-wheel-39.0.1-11.module_el8.1.0+219+cf9e6ac9.noarch                                                                     1/7
   Installing       : python2-pip-wheel-9.0.3-14.module_el8.1.0+219+cf9e6ac9.noarch                                                                             2/7
   Installing       : python2-libs-2.7.16-12.module_el8.1.0+219+cf9e6ac9.x86_64                                                                                 3/7
   Installing       : python2-pip-9.0.3-14.module_el8.1.0+219+cf9e6ac9.noarch                                                                                   4/7
   Installing       : python2-setuptools-39.0.1-11.module_el8.1.0+219+cf9e6ac9.noarch                                                                           5/7
   Installing       : python2-2.7.16-12.module_el8.1.0+219+cf9e6ac9.x86_64                                                                                      6/7
   Running scriptlet: python2-2.7.16-12.module_el8.1.0+219+cf9e6ac9.x86_64                                                                                      6/7
   Installing       : compat-openssl10-1:1.0.2o-3.el8.x86_64                                                                                                    7/7
   Running scriptlet: compat-openssl10-1:1.0.2o-3.el8.x86_64                                                                                                    7/7
   Verifying        : compat-openssl10-1:1.0.2o-3.el8.x86_64                                                                                                    1/7
   Verifying        : python2-2.7.16-12.module_el8.1.0+219+cf9e6ac9.x86_64                                                                                      2/7
   Verifying        : python2-libs-2.7.16-12.module_el8.1.0+219+cf9e6ac9.x86_64                                                                                 3/7
   Verifying        : python2-pip-9.0.3-14.module_el8.1.0+219+cf9e6ac9.noarch                                                                                   4/7
   Verifying        : python2-pip-wheel-9.0.3-14.module_el8.1.0+219+cf9e6ac9.noarch                                                                             5/7
   Verifying        : python2-setuptools-39.0.1-11.module_el8.1.0+219+cf9e6ac9.noarch                                                                           6/7
   Verifying        : python2-setuptools-wheel-39.0.1-11.module_el8.1.0+219+cf9e6ac9.noarch                                                                     7/7
   compat-openssl10-1:1.0.2o-3.el8.x86_64                                              python2-2.7.16-12.module_el8.1.0+219+cf9e6ac9.x86_64
   python2-pip-9.0.3-14.module_el8.1.0+219+cf9e6ac9.noarch                             python2-setuptools-39.0.1-11.module_el8.1.0+219+cf9e6ac9.noarch
   python2-libs-2.7.16-12.module_el8.1.0+219+cf9e6ac9.x86_64                           python2-pip-wheel-9.0.3-14.module_el8.1.0+219+cf9e6ac9.noarch

[root@scm opt]# sudo alternatives --set python /usr/bin/python2

[root@scm opt]# sudo yum download mssql-server
 Last metadata expiration check: 0:10:40 ago on Sun 26 Jan 2020 07:41:11 AM CET.
 mssql-server-14.0.3257.3-13.x86_64.rpm                                                                                             3.9 MB/s | 183 MB     00:46

[root@scm opt]# sudo rpm -Uvh --nodeps mssql-server*rpm
 warning: mssql-server-14.0.3257.3-13.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID be1229cf: NOKEY
 Verifying…                          ################################# [100%]
 Preparing…                          ################################# [100%]
 Updating / installing…
    1:mssql-server-14.0.3257.3-13      ################################# [100%]
 Please run 'sudo /opt/mssql/bin/mssql-conf setup'
 to complete the setup of Microsoft SQL Server
 SQL Server needs to be restarted in order to apply this setting. Please run
 'systemctl restart mssql-server.service'.

[root@scm opt]# sudo /opt/mssql/bin/mssql-conf setup
 Choose an edition of SQL Server:
   1) Evaluation (free, no production use rights, 180-day limit)
   2) Developer (free, no production use rights)
   3) Express (free)
   4) Web (PAID)
   5) Standard (PAID)
   6) Enterprise (PAID)
   7) Enterprise Core (PAID)
   8) I bought a license through a retail sales channel and have a product key to enter.
 Details about editions can be found at
 Use of PAID editions of this software requires separate licensing through a
 Microsoft Volume Licensing program.
 By choosing a PAID edition, you are verifying that you have the appropriate
 number of licenses in place to install and run this software.
 Enter your edition(1-8): 3
 The license terms for this product can be found in
 /usr/share/doc/mssql-server or downloaded from:
 The privacy statement can be viewed at:
 Do you accept the license terms? [Yes/No]:yes
 Enter the SQL Server system administrator password:
 Confirm the SQL Server system administrator password:
 Configuring SQL Server…
 The licensing PID was successfully processed. The new edition is [Express Edition].
 ForceFlush is enabled for this instance.
 ForceFlush feature is enabled for log durability.
 Created symlink /etc/systemd/system/ â /usr/lib/systemd/system/mssql-server.service.
 Setup has completed successfully. SQL Server is now starting.

DAOS – JAR files in Java agents. (UPDATE)

Yesterday I wrote about a supposed problem with DAOS.

Daniel Nashed contacted me and explained that it is not a bug; DAOS works as designed.

DAOS makes no difference between data and design documents. Only the presence of an objects of type attachment is decisive whether the object is transferred to the DAOS repository if the configured threshold value is exceeded.

Imported archive files in agents are therefore not the only objects that are transferred to the DAOS repository if the requirements are met.

The same behavior applies to Java Script Libraries, Forms, Pages and About & Using documents. Only JAR design elements are not affected because the data is stored differently here.

The application continues to work without problems. Problems may arise if the NLO files are moved to a DAOS T2 storage. In any case, the behavior of DAOS in connection with design elements should be kept in mind.

DAOS – JAR files in Java agents.

Martin Vogel from sirius-net GmbH informed me in an email about a possible problem with DAOS and Java agents.

If DAOS is activated on a database, in addition to the attachments from data documents, the jar files contained in a Java agent are also transferred to the DAOS repository if they exceed the set size.

I have been able to reproduce the problem with Domino V11.
I started with a freshly installed server, activated DAOS on the server

and enabled the database for DAOS.

load compact -c -DAOS ON barcode.nsf
[0B1C:0004-2C3C] 23.01.2020 18:26:48   Informational, DAOS has been enabled for database barcode.nsf.
[0B1C:0004-2C3C] 23.01.2020 18:26:48   Compacting barcode.nsf (barcode),  -c -DAOS ON barcode.nsf
[0B1C:0004-2C3C] 23.01.2020 18:26:48   Recovery Manager: Assigning new DBIID for C:\Domino\Data\barcode.nsf (need new backup for media recovery).
[0B1C:0004-2C3C] Clearing DBIID 5B9C3856 for DB C:\Domino\Data\barcode.ORIG
[0B1C:0004-2C3C] 23.01.2020 18:26:49   Compacted  barcode.nsf, 5K bytes recovered (<1%),  -c -DAOS ON barcode.nsf
[0B1C:0002-2F14] 23.01.2020 18:26:50   Database compactor process shutdown 

Result: Both archive files contained in the agent were transferred to the DAOS repository as NLO.

The agent continues to run without any issue.

HCL Domino V11 – Directory Synchronzation – Part 7

Registering Active Directory users in Domino

When you use Directory Sync, you can register Active Directory users in Domino to create mail files and Notes IDs for them.

To register Active Directory users in Domino, open the Admin client and navigate to “People & Groups -> People“. Select the name of an Active Directory user to register. Right-click and select Register Selected Person.

Select the certifier and type in the password.

The Register Person dialog appears, pre-filled with …

ouups. NOTHING in there.

This is an issue, I ran into during BETA testing. It took a while until we found out the cause for it. If you encounter the same in V11 GA in your environment, open the Notes Client notes.ini and search for


Most likely, servername is not the name of the registration server. Delete the entry from notes.ini and restart the Administration client.
If this does not fix the issue, check your policy settings. Chances are that the registration server in the registration policy does not match the server where you want to register the user.

This is a known issue and will be fixed hopefully in Domino V11.0.1. It’s being tracked under SPR# MOBNBHQQUH.

With the correct settings in place, you will see the following

Complete the registration dialog and register the user.

The Active Directory users is now registered in Domino.

By now, you can only register one user at a time. An enhancement request already exists to register ALL selected Active Directory users.

Renaming Domino users when their names change in Active Directory

When you use Directory Sync and the common name of a registered Domino user changes in Active Directory, follow this procedure to change the name in the Domino directory Person document, too.

The Rename Domino users upon Active Directory rename option must be enabled in the Directory Sync configuration document.

When a Domino user’s common name changes in Active Directory, a Rename Common Name administration process request is created. You must approve the request for the rename to be carried out in Domino.

I renamed the user in Active Directory

Here is what you see on the server console during the sync.

[0290:0004-16DC] DirSync  Entry with mail address '' - NoteID 33086 was found in the target directory.
[0290:0004-16DC] DirSync  
DirSync  CSyncFromAD::DoModify(dn = 'CN=Darth Vaderman,CN=Sync,DC=ad,DC=fritz,DC=box', newentry=0)
[0290:0004-16DC] 22.01.2020 08:34:28 LLNDirSync CSyncToAdminP::ModifyPerson: FLATFirstFuameValue: CN=Darth Vaderman/CN=Sync/DC=ad/DC=fritz/DC=box
 Status: No error.
[0290:0004-16DC] DirSync Submitted adminp request to rename user CN=Darth Vader/O=singultus to CN=Darth Vaderman/O=singultus
[0290:0004-16DC] DirSync  Modified LastName from 'Vader' to 'Vaderman'
[0290:0004-16DC] DirSync  Modified memberOf from '' to 'CN=BadGuys,CN=Sync,DC=ad,DC=fritz,DC=box'
[0290:0004-16DC] DirSync  Modified uSNChanged from '234953' to '235340'
[0290:0004-16DC] DirSync  'person' Document updated, UTF8 Name = 'CN=Darth Vaderman,CN=Sync,DC=ad,DC=fritz,DC=box' 
[0290:0004-16DC] DirSync  CSyncFromAD::DoModify - Modified existing Note for 'CN=Darth Vaderman,CN=Sync,DC=ad,DC=fritz,DC=box'
[0290:0004-16DC] DirSync  
[0290:0004-16DC] 22.01.2020 08:34:28   DIRSYNC From Active Directory (AD) - Summary (1.111 sec, Start=235338, Adds=0, Modifies=1, Deletes=0, Skips=0, Errors=0, End=235340)

Open admin4.nsf and navigate to “Rename Common Name Requests”.

Select the names to process and click Complete rename for selected entries. Select certifier and provide the Notes certifier password.

Select “Change common name” in the next dialog box.

A standard administration process Rename In Domino Directory request is then initiated for each name processed.

Deleting registered users 

When users or groups are deleted in Active Directory, they are also deleted in the Domino® directory, with one exception: Active Directory users who are registered as Domino users (have mail files, etc) are not deleted from Domino.

The objectGUID item will be removed from the personrecord on next resync.

DirSync  Removed ObjectGUID for Registered User with Note ID 33086, user = CN=Darth Vaderman/O=singultus.

HCL Domino V11 – Directory Synchronzation – Part 6

Synchronize users

In this part of the tutorial, we want to look at what happens when DirSync synchronizes objects from Active Directory

Let’s first take a look into the Directory Assistance document for the AD domain to find the BaseDN.

Using LDAPAdmin, we can now navigate to CN=Sync under the root entry DC=ad,DC=fritz,DC=box. This is where DirSync will for users and groups to sync to the target directory.

Our Directory Sync document for domain AD has an LDAPFilter applied to sync only a subset of all entries under the BaseDN

In this sample, only Darth Vader has a mail address that matches the filter criteria.

Let’s see what happens, when DirSync kicks in.

DirSync connects to the Active Directory using the information from the Directory Assistance document for domain AD. It then finds the configured baseDN and evaluates the LDAP filter expression.

[0290:0004-16DC] DirSync  CSyncFromAD::SyncSpan (NAMEldap_search_ext_s call) : (&(&(|(objectClass=Group)(objectClass=Person))(|(mail=@brightside.)(mail=@darkside.)(mail=@msdn.)))(uSNChanged>=234898)) took 1 msec

[0290:0004-16DC] DirSync  Processing ldap entry (SyncSpan) #1 from page #1, total entries #1: 'CN=Darth Vader,CN=Sync,DC=ad,DC=fritz,DC=box'

DirSync has identified “Darth Vader” as a valid candidate for sync, creates a new document in the target directory and copies the values from the object attributes in Active Directory to the matching Notes items in the document

[0290:0004-16DC] DirSync  Modified LastName from '' to 'Vader'
[0290:0004-16DC] DirSync  Modified OfficeCity from '' to 'Tatooine'
[0290:0004-16DC] DirSync  Modified OfficeState from '' to 'Alpha Quadrant'
[0290:0004-16DC] DirSync  Modified o from '' to 'Dark Side Inc.'
[0290:0004-16DC] DirSync  Modified JobTitle from '' to 'Bad Guy'
[0290:0004-16DC] DirSync  Modified Comment from '' to 'description'
[0290:0004-16DC] DirSync  Modified OfficeNumber from '' to 'Deathstar'
[0290:0004-16DC] DirSync  Modified OfficePhoneNumber from '' to '+99(555)DEATHSTAR'
[0290:0004-16DC] DirSync  Modified FirstName from '' to 'Darth'
[0290:0004-16DC] DirSync  Modified memberOf from '' to 'CN=starwars,CN=Sync,DC=ad,DC=fritz,DC=box'
[0290:0004-16DC] DirSync  Modified uSNChanged from '' to '234898'
[0290:0004-16DC] DirSync  Modified WebSite from '' to ''
[0290:0004-16DC] DirSync  Modified objectGUID from '' to '8e7032bd93bded4782479eaf66208b25'
[0290:0004-16DC] DirSync  Modified InternetAddress from '' to ''
[0290:0004-16DC] DirSync  Modified MailAddress from '' to ''
[0290:0004-16DC] DirSync  Modified MailSystem from '' to '5'
[0290:0004-16DC] DirSync  'person' Document updated, Common Name = 'CN=Darth Vader' 
[0290:0004-16DC] DirSync  CSyncFromAD::DoModify - Added New Note for 'CN=Darth Vader,CN=Sync,DC=ad,DC=fritz,DC=box'

Finally, DirSync saves the document and prints the sync summary

[0290:0004-16DC] DirSync  
[0290:0004-16DC] 21.01.2020 11:01:03   DIRSYNC From Active Directory (AD) - Summary (0.037 sec, Start=234898, Adds=1, Modifies=0, Deletes=0, Skips=0, Errors=0, End=234898)

Opening names.nsf in the Admin Client, you’ll find a new entry for “Darth Vader”. An icon indicates that this entry has been synced by DirSync.

Additional fields to sync

DirSync by default syncs standard attributes from an Active Directory object to Notes items in the target directory document.

The name in parentheses is not the name of of the target Notes item. It is just descriptive. The actual mapping of an attribute to a Notes item is done via the schema.nsf database on the server.

You can enhance this list and add additional attributes. (higlighted yellow).

In our sample, additional attribute “o” is mapped to the according Notes item “o”.

Currently there is an issue with multi value items. There is no such type in Active Directory. Multiple values are stored in attributes of the same name.
DirSync only syncs the first attribute. This is a known limitation. The issue will be addressed in a future version.

Another known issue is with attributes of type “Image“. They are currently not synced to the person document. The issue is tracked under SPR MOBNBJGSL6 and targeted for V11.0.1.

Internal fields

DirSync adds a couple of internal items to the person document that are needed to identify an Active Directory object in the target directory.

These items should not be modified!

Modifications in Active Directory

During a scheduled sync, DirSync processes only objects that have been changed after the last sync. (uSNChanged)

[0290:0004-16DC] DirSync  Processing ldap entry (SyncSpan) #1 from page #1, total entries #1: 'CN=Darth Vader,CN=Sync,DC=ad,DC=fritz,DC=box'
[0290:0004-16DC] DirSync  Entry with mail address '' - NoteID 33050 was found in the target directory.
[0290:0004-16DC] DirSync  CSyncFromAD::DoModify(dn = 'CN=Darth Vader,CN=Sync,DC=ad,DC=fritz,DC=box', newentry=0)
[0290:0004-16DC] DirSync  Modified o from 'Dark Side Inc L' to 'Dark Side Inc.'
[0290:0004-16DC] DirSync  Modified uSNChanged from '234927' to '234930'
[0290:0004-16DC] DirSync  'person' Document updated, UTF8 Name = 'CN=Darth Vader,CN=Sync,DC=ad,DC=fritz,DC=box' 
[0290:0004-16DC] DirSync  CSyncFromAD::DoModify - Modified existing Note for 'CN=Darth Vader,CN=Sync,DC=ad,DC=fritz,DC=box'
[0290:0004-16DC] DirSync  
[0290:0004-16DC] 21.01.2020 13:48:06   DIRSYNC From Active Directory (AD) - Summary (0.022 sec, Start=234930, Adds=0, Modifies=1, Deletes=0, Skips=0, Errors=0, End=234930)

Be careful, when you set an already synced attribute to an empty value; AD will remove such attributes from the object. As a result, the target document will not be modified.

I removed the value from the “o” attribute in the user object. The attribute was removed completely from the object.
DirSync recognised the change and processed the object. But it could no longer find the “o” attribute and left the item in the person document unchanged.

[0290:0004-16DC] DirSync  Processing ldap entry (SyncSpan) #1 from page #1, total entries #1: 'CN=Darth Vader,CN=Sync,DC=ad,DC=fritz,DC=box'
[0290:0004-16DC] DirSync  Entry with mail address '' - NoteID 33050 was found in the target directory.
[0290:0004-16DC] DirSync  
DirSync  CSyncFromAD::DoModify(dn = 'CN=Darth Vader,CN=Sync,DC=ad,DC=fritz,DC=box', newentry=0)
[0290:0004-16DC] DirSync  Modified uSNChanged from '234935' to '234936'
[0290:0004-16DC] DirSync  'person' Document updated, UTF8 Name = 'CN=Darth Vader,CN=Sync,DC=ad,DC=fritz,DC=box' 
[0290:0004-16DC] DirSync  CSyncFromAD::DoModify - Modified existing Note for 'CN=Darth Vader,CN=Sync,DC=ad,DC=fritz,DC=box'
[0290:0004-16DC] DirSync  
[0290:0004-16DC] 21.01.2020 13:59:06   DIRSYNC From Active Directory (AD) - Summary (0.022 sec, Start=234936, Adds=0, Modifies=1, Deletes=0, Skips=0, Errors=0, End=234936)

Deleting objects

When users or groups are deleted in Active Directory, they are also deleted in the Domino® directory, with one exception: Active Directory users who are registered as Domino® users (have mail files, etc) are not deleted from Domino. The deletion is not performed during a scheduled sync. You have to initiale a resync to delete persons that do no longer are available in Active Directory.

SyncFromLDAPToNAB - Deleted existing Note for 'Darth Vader'. This is NOT a registered user and could be a deleted orphan
[0290:0005-16E0] DirSync  resyncall - SyncFromLDAPToNAB completed in: 0.225 seconds
[0290:0005-16E0] DirSync  Updating SyncAll Request's DirSyncRequestState to 2
[0290:0005-16E0] 21.01.2020 15:07:10   DIRSYNC Full Resync From Active Directory (AD) - Summary (0.225 sec, Start=0, Adds=0, Modifies=0, Deletes=1, Skips=2, Errors=0, End=234945)

HCL Domino V11 – Directory Synchronzation – Part 5

Debugging & Monitoring

To monitor DirSync output, you can use the server console or the server log.nsf.
This in general lets you identify possible errors during DirSync processing.

If you need a more verbose output, or you want to dig deeper into DirSync functionallity, use the following notes.ini variable to create some kind of trace mode.


You do not need to restart the DirSync task to switch verbose logging on / off.

Instead of just the summary line

[1730:0004-0BE0] 20.01.2020 12:13:56   DIRSYNC From Active Directory (AD) - Summary (0.003 sec, Start=234796, Adds=0, Modifies=0, Deletes=0, Skips=0, Errors=0, End=234795)

by setting the parameter, you will get a more verbose output.

[1730:0004-0BE0] DirSync  ResyncAll by CheckBox: 0
[1730:0004-0BE0] DirSync  Preview:        0
[1730:0004-0BE0] DirSync  Level:          16
[1730:0004-0BE0] DirSync  SyncFlows:      2
[1730:0004-0BE0] DirSync  OnPremCookie:   
[1730:0004-0BE0] DirSync  UserDirCookie:  234795
[1730:0004-0BE0] DirSync  CSyncFromAD::SyncSpan (NAMEldap_search_ext_s call) : (&(&(|(objectClass=Group)(objectClass=Person))(|(mail=@brightside.)(mail=@darkside.)(mail=@msdn.)))(uSNChanged>=234796)) took 1 msec
[1730:0004-0BE0] 20.01.2020 12:14:47   DIRSYNC From Active Directory (AD) - Summary (0.001 sec, Start=234796, Adds=0, Modifies=0, Deletes=0, Skips=0, Errors=0, End=234795)

With this parameter in place, you will also be able to monitor which attributes have been changed in Active Directory.

[1428:0005-17F8] DirSync  Processing ldap entry (SyncSpan) #1 from page #1, total entries #1: 'CN=James Kirk,CN=Sync,DC=ad,DC=fritz,DC=box'
[1428:0005-17F8] DirSync  Entry with mail address '' - NoteID 10082 was found in the target directory.
[1428:0005-17F8] DirSync  
 DirSync  CSyncFromAD::DoModify(dn = 'CN=James Kirk,CN=Sync,DC=ad,DC=fritz,DC=box', newentry=0)
[1428:0005-17F8] DirSync  Modified MiddleInitial from '' to 'T'
[1428:0005-17F8] DirSync  Modified uSNChanged from '234775' to '234796'
[1428:0005-17F8] DirSync  'person' Document updated, UTF8 Name = 'CN=James Kirk,CN=Sync,DC=ad,DC=fritz,DC=box' 
[1428:0005-17F8] DirSync  CSyncFromAD::DoModify - Modified existing Note for 'CN=James Kirk,CN=Sync,DC=ad,DC=fritz,DC=box'
[1428:0005-17F8] DirSync  
[1428:0005-17F8] 20.01.2020 12:19:37   DIRSYNC From Active Directory (AD) - Summary (0.037 sec, Start=234796, Adds=0, Modifies=1, Deletes=0, Skips=0, Errors=0, End=234796)

The above output also indicates a possible bug in the DirSync task setting values on the Status tab of the configuration document.

While the LDAP change number corresponds to the End=234796 value in the summary record, the Last sync time (20.01.2020 12:19:37) entry is not updated.

Not sure, at what time this value is being set. I will keep an eye on it.

DirSync also collects several stats. You can access them either from the Admin Client.

or issuing a show stat DirSync command on the server console

show stat dirsync
[1CDC:0009-1EC8]   DirSync.AD.FromAD.Adds = 6
[1CDC:0009-1EC8]   DirSync.AD.FromAD.Deletes = 6
[1CDC:0009-1EC8]   DirSync.AD.FromAD.Millis = 18086
[1CDC:0009-1EC8]   DirSync.AD.FromAD.Modifies = 2
[1CDC:0009-1EC8]   DirSync.AD.FromAD.Skips = 9
[1CDC:0009-1EC8]   DirSync.MIDPOINTS.FromAD.Millis = 108
[1CDC:0009-1EC8]   DirSync.Totals.LatestAllDirSyncDocsMillis = 3
[1CDC:0009-1EC8]   DirSync.Totals.LongestAllDirSyncDocsMillis = 191
[1CDC:0009-1EC8]   DirSync.Totals.LongestSyncTimeMillis = 190
[1CDC:0009-1EC8]   DirSync.Totals.LongestSyncTimeNABName = names.nsf
[1CDC:0009-1EC8]   DirSync.Totals.NumADChangeQueriesSyncSpan = 1221
[1CDC:0009-1EC8]   DirSync.Totals.TimeADChangeQueriesSyncSpan = 15769
[1CDC:0009-1EC8]   DirSync.Totals.TotalDirSyncDocs = 2
[1CDC:0009-1EC8]   DirSync.Totals.TotalRequestDocs = 0
[1CDC:0009-1EC8]   DirSync.Totals.TotalSuccessfulNABSyncs = 30
[1CDC:0009-1EC8]   15 statistics found

In addition to the notes.ini parameter mentioned above, DirSync comes with a lot more notes.ini parameters. They are not documented and should only be used when support advices you to do so.

You can find a list of those parameters using the following command on the server console.

te dirsync show
[1730:0004-0BE0] DirSync> DIRSYNC_DEFAULT_ARGS=-v
[1730:0004-0BE0] DirSync> DIRSYNC_THREADS=10
[1730:0004-0BE0] DirSync> DIRSYNC_BG_THREADS=10
[1730:0004-0BE0] DirSync> DEBUG_DIRSYNC_STARTUP_DELAY=60000
[1730:0004-0BE0] DirSync> DEBUG_DIRSYNC_DELAY=60000
[1730:0004-0BE0] DirSync> DEBUG_DIRSYNC_NO_REPLICATE=0
[1730:0004-0BE0] DirSync> DEBUG_DIRSYNC_SKIPLOG_LIMIT=50
[1730:0004-0BE0] DirSync> DEBUG_DIRSYNC_NO_ACL_CHECK=0
[1730:0004-0BE0] DirSync> DEBUG_DIRSYNC_NO_ECL_CHECK=0
[1730:0004-0BE0] DirSync> DEBUG_DIRSYNC_LEAKS=0

Use / change this parameters only when told by HCL support.

HCL Domino V11 – Directory Synchronzation – Part 4

In this part of the tutorial about Domino V11 Directory Synchronization, we want to take a closer look at the actions that can be performed on DirSync configuration documents.

Enable Configuration

To enable a DirSync configuration, select it in the view and click the Enable button.
You will be presented a dialog box where you can select from 2 options.

Select Run in test mode to simulate the actions that Directory Sync would take but without changing any Domino® data. Make any adjustments needed to the Directory Sync configuration. When you are ready to enable synchronization for real, select Synchronize data.

Next, click OK to close the Activate Directory Sync dialog

DirSync will recognise the new configuration on the next scheduled run.

Disable configuration

To disable a DirSync configuration, select the document in the view and click the Disable button.

Next, click OK to close the Deactivate Directory Sync dialog

A “Disable” request document will be created.

DirSync will disable the configuration on next scheduled run and also delete the request document.

You also have to disable a Directory Sync configuration before changing it. You will get a warning message if you try to edit an enabled Directory Sync configuration.


You can resync all of the Active Directory data.Resync if you make changes to the Directory Sync Configuration document that affects which data is synced. Resyncing occurs through a Dirsync thread that runs in the background, in parallel with the usual incremental sync.

Next, click OK to close the Resynchronize Selected Directories dialog

A “Resync” request document will be created.

On the server console you will see the following entries when the DirSync task processes the resync request.

[1BE0:0004-1D10] DirSync  Updating SyncAll Request's DirSyncRequestState to 1
[1BE0:0004-1D10] 20.01.2020 06:56:19   DIRSYNC From Active Directory (AD) - Summary (0.001 sec, Start=234776, Adds=0, Modifies=0, Deletes=0, Skips=0, Errors=0, End=234775)
[1BE0:0005-0284] DirSync  Sync all request calling SyncFromLDAPToNAB.
[1BE0:0005-0284] DirSync  resyncall - SyncFromLDAPToNAB completed in: 0.363 seconds
[1BE0:0005-0284] DirSync  Updating SyncAll Request's DirSyncRequestState to 2
[1BE0:0005-0284] 20.01.2020 06:56:26   DIRSYNC Full Resync From Active Directory (AD) - Summary (0.363 sec, Start=0, Adds=3, Modifies=0, Deletes=0, Skips=0, Errors=0, End=234775)
[1BE0:0004-1D10] DirSync  Deleting SyncAll Request
[1BE0:0004-1D10] 20.01.2020 06:57:19   DIRSYNC From Active Directory (AD) - Summary (0.001 sec, Start=234776, Adds=0, Modifies=0, Deletes=0, Skips=0, Errors=0, End=234775)

Resync Issue

There is a small issue with resync when you accidently flag a disabled DirSync configuration for resync.

After you confirm to resynchronize selected Directories, the configuration will be flagged for resync by setting the item DirSyncReset=”1″.

When you now enable the configuration, you would expect a resync of the selected configuration, right?
But that does not happen. The DirSync task starts as soon as it detects the new configuration, but it does neither perform the requested resync nor it resets the DirSyncReset item value.
Even trying to reinitiate the resync fails. You need to remove the DirSyncReset item value by either using an agent or another tool of your choice.

I have created a case with HCL for this (Case# CS0081445)

Issue with Domino Directory file name

If you see the following error message on the server console

[1BE0:0004-1D10] CSyncFromAD::ProcessEntry could not open customer directory -  reason File does not exist

check the Domino Directory file name item value in DirSync configuration. Most likely, the file name is misspelled or the file does not exist on the server. In the BETA version, this resulted in an enabled configuration to be prevented from being disabled. This has been tracked under SPR# MOBNBHUHGD and fixed in Domino V11 GA.

HCL Domino V11 – Directory Synchronzation – Part 3

After you have created a Directory Assistance document in part 2 of this tutorial, that is enabled for Directory Sync, create a Directory Sync Configuration document in the Domino® directory. You use this document to select Directory Sync configuration options and then to enable Directory Sync.

Open your Domino Directory (names.nsf) and navigate to Configuration > Directory > Directory Sync .

Click “Add Directory Sync” to create a new document.

Select a Directory Assistance Domain from the list of configurations in da.nsf.

For an initial sync of all users and/or groups from the selected Active Directory set “Sync all Active Directory users” to Yes.
Select No (default) to sync only Active Directory users who are registered in Domino. If previously set to Yes, any unregistered Active Directory users
synced previously are removed from the Domino directory.
For an Active Directory record to sync with Domino, the Active Directory mail field must match theInternet address field in the Domino directory Person document.

Type in the name of the application that is the target for synchronized users and/or groups into the “Domino Directory file name” field. Typically, this is your primary address book (names.nsf)

As you can see, the “Direction” field is not editable by now. At the moment, only a sync from Active Directory is possible.

One of DirSync’s abilities is to rename synced users in the target Domino directory when the when the users’ common name changes in Active Directory.

If the name of an Active Directory user who is not registered in Domino® changes, the name is automatically updated in the Domino® directory Person document during sync, regardless of this option.
If the user is already registered, a standard administration process Rename Person request is initiated for each name processed.

The Sync frequency settings tells DirSync how frequently the Dirsync task checks for Active Directory changes to synchronize. Default is once a minute.
Resync frequency tells DirSync how often to resync all data from Active Directory, in minutes. Default is 10,000 minutes or approximately once a week. If you don’t want to regularly resync all data, specify 0 ( not recommended).

If you want to synchronize groups, select the types of groups to synchronize. If you don’t want to synchronize groups, do not select either option on the “Synchronization” tab of the DirSync configuration document.

Keep in mind that the groups to be synced must be in the global group scope. If you try to sync local groups, you will receive an error on the Domino server console.

DirSync  DirSync  CSyncFromAD::DoModify - Skipping modification because entry = 'CN=Users,CN=Builtin,DC=ad,DC=fritz,DC=box' is not a valid candidate for a 'group' record.

If you only want to sync a subset of all objects under the configured BaseDN, use an LDAp filter.

After you finished your configuration, save and close the document.

Select the saved configuration in the view, click Enable and select Sychronize Data. Select Run in test mode to simulate the actions that Directory Sync would take but without changing any Domino® data.

If not already done, add the DirSync task to the server’s notes.ini


and issue the following command on the server console: load DirSync.

DirSync will be started automatically on next server restart.

The Dirsync task begins to run when it detects the configuration document and you should now see an entry similar to this on the server console.

[1BE0:0004-1D10] 19.01.2020 15:34:09   DIRSYNC From Active Directory (AD) - Summary (0.128 sec, Start=210711, Adds=0, Modifies=0, Deletes=0, Skips=0, Errors=0, End=234710)

Look at the Status tab of the Directory Sync Configuration document in the Domino® directory in addition to monitoring the output of Dirsync at the server console and in log.nsf.

Congratulation, you have successfully configured DirSync synchronization.
In the next part we will dig deeper into DirSync features and abilities.

HCL Domino V11 – Directory Synchronzation – Part 2

In part 1 we covered the basic concept of DirSync. In this part, I will explain, how to setup and configure directory assistance.

The first step to configure DirSync is creating a DirSync-enabled directory assistance document in the directory assistance database.

If not already done. To configure directory assistance, you create a directory assistance database from the template DA.NTF, and replicate it to the servers that will use it. A server must have a local replica of a directory assistance database to use directory assistance. Then you add the database file name to the directory assistance database name field in the Domino® Directory Server documents of these servers.

For details about how to setup directory assistance refer to “Directory Assistance” in the HCL Domino Administration Help database.

If you are using an existing directory assistance database, replace its design with the da.ntf template provided with Domino® V11 .

Check the application properties.

Look at the template name in the inherit design from master template section. Hmm, seems to be wrong, isn’t it.

I opened a case with HCL support and got the following reply

I would like to inform you that i have checked the DA.ntf template on Domino Version 9.0.1 & 10.0.1.

On both the version it is showing the same name. I also found an enhancement request to change the DA.ntf template name which has been documented in SPR# CTOE8JRPTC.

So the template name of the DA.nft is not wrong it is as per the design.

Click on “Add Directory Assistance” to create a new document in da.nsf

On the “Basics” tab set select “LDAP” as Domain type and set “Make this domain available to” to “Directory Sync“.
Do not select Notes clients and Internet Authentication/Authorization or LDAP Clients unless you are also using the LDAP directory for these

On the LDAP tab enter the hostname of your Active Directory and provide (optional) credentials to connect to that instance.

Click Verify to verify that the user name and password you entered is valid on each host name and to asure that the search base is accessible on each host name using the configured credentials.

Use the Suggest button to look up the host names of LDAP servers listed in your DNS and to search each host name for likely search bases.

Each server process that provides directory services and detects a local directory assistance database configuration loads directory information configured in the directory assistance database into an internal memory table.

During server startup and thereafter at five-minute intervals each server process checks for changes to the directory assistance database configuration and if found, each process reloads its internal memory table to reflect the changes.e the document.

From the server console of the Domino® administration server, run the sh xdir command to confirm that the DirSync configuration in the Directory Assistance document is set up correctly.

You should get a console output similar to this:

You have now completed the first step in configurating DirSync. Part 3 of this tutorial will explain, how to create DirSync Configuration documents.

HCL Domino V11 – Directory Synchronzation – Part 1

When the Domino® server is installed in a Microsoft Windows domain, as an administrator, you typically need to maintain two separate directories for the same set of people and groups.
Maintaining user and group information involves adding entries to both directories, deleting entries, ensuring that passwords are the same when users use Notes® Single Logon, coordinating group membership in both directories, and ensuring that user or group settings, such as email addresses and telephone numbers, are identical.

Prior to HCL Domino® V11 you had to install Domino® Active Directory synchronization as an additional feature. This only worked in a Windows environment. Tools like TDI also work on Linux, but the installation and configuration is not easy and error-prone.

HCL Domino V11 introduces ( and replaces ) a new, integrated task to synchronize users and groups . The task is called Directory Sync or DirSync in short.
DirSync replaces the older Active Directory Synchronization feature, which is now deprecated. The new DirSync feature is a simpler, more effective synchronization tool . In this blog series, I will describe the basic concept and explain, how to setup and configure DirSync.

As an HCL Master, I had the privilege to test DirSync already from the first closed V11 BETA on. The HCL team did a great job answering questions about the feature and also fixing issues as soon as they had been reported in the BETA forum.

A lot of fixes have been included in HCL Domino® V11 GA in 12/2019. There are still a few issues on the list that were not so easy to fix. They will be addressed in HCL Domino® V11.01 and later. If available, I will post case numbers and SPR#.

Also, there are some additional DirSync features in the backlog that will be added in future versions of HCL Domino®.

So, what is DirSync and what can you do with it ?

  • DirSync allows you to sync people and/or group data from an external LDAP directory into the Domino® directory.
  • Currently data from Active Directory can be synced
  • DirSync makes it easy for your HCL Domino® users to address mail to and see details about users in your organization who do not use Notes® such as Microsoft™ Outlook users registered in Active Directory.
  • With this feature, Active Directory users automatically have Person documents in the Domino® directory so that Notes® users can find their addresses and other information.
  • Without Dirsync, Notes® users must know the addresses of the Active Directory users before they can send mail to them, unless Person documents are added for them manually.

DirSync includes the following components:

  • LDAP directory assistance document created in a directory assistance database that is enabled for Directory Sync. A Domino® server uses this document to connect to the Active Directory server for syncing.
  • Directory Sync Configuration document created in the Directory Sync view of the Domino® directory. This document controls which Active Directory fields to sync to Domino® as well as other options.
  • A server task, Dirsync, that runs only on the Domino® administration server, that connects to the Active Directory server regularly to pull person and group changes into the Domino® directory.

What abilities does DirSync provide ?

  • The ability to register Active Directory users in Domino®.
  • The ability for administrators to rename registered Domino® users when their names change in Active Directory. When a user’s common name in Active Directory changes, an administration process request, Rename Common Name is created. Administrators approve the request to initiate a standard administration process rename request.
  • The ability to sync from multiple Active Directory instances into multiple applications that use pubnames.ntf as their template. By today, there are still a couple of issues with this configuration. Hopefully they will be fixed in HCL Domino® V11.0.1. I will come back to that later.

DirSync does not sync the password from an Active Directory into the person document in Domino® directory in HCL Domino® V11. This may or may not change in a future version.

Here is what a DirSync environment could look like

serv01 is the Administration server of the Domino® directory running the DirSync task.
Directory Assistant database (da.nsf) contains configuration documents that describe the configuration for the 2 Active Directory instances to sync users and/or groups from.
Domino® directory database (names.nsf) contains the DirSync configuration documents that are needed for synchronization from the Active Directory instances. (AD)
syncbook.nsf is an additional addressbook. Depending on DirSync configuration in names.nsf, users and/or groups are either synced into the primary Domino® directory names.nsf or the secondary syncbook.nsf.

To access Active Directory and add, delete or modify objects, I use LDAP Admin from and AD Explorer from Microsoft Sysinternals Tools .

In part 2 of this tutorial I will explain, how to setup and configure the Directory assistant database.

Notes 11 – Splash Screen Redesign

With version 11 of HCL Notes & Domino we also got a new splash screen. To be honest, I think the new screen is butt ugly. The gradient isn’t a proper gradient, and the logos are low quality.

Here is a redesigned splash screen. I have used Krita do create the gradient. In fact there are two gradient on 2 layers. The rest is plain text and some transparent images.

To activate the screen, download the image from here and unzip the archive to a destination of your choice.

Next add the following lines to your client notes.ini file.


Now restart your client. You should now see the new design.

lnsnmp.exe -Sc fails on Domino V11 GA

I tried to install the SNMP agent on a Domino V11 GA installation on Windows 2016 / 64.

Running lnsnmp.exe -Sc resulted in the following error.

D:\Domino>lnsnmp.exe -Sc
Error opening registry key "Domino"
Error Detail: RegOpenKeyEx error code 2 (The system cannot find the file specified.)
Full key: SOFTWARE\Lotus\Domino\DominoMIB\CurrentVersion
Service deletion failed.

I looked into regedit and found the SOFTWARE/Lotus key to be completely empty.

As a workaround, create the needed keys manually. The keys can be empty.

Now run lnsnmp.exe -Sc again, and the service will be created successfully.

D:\Domino>lnsnmp.exe -Sc
Service creation complete.

DNUG Workshop LotusScript

Am Donnerstag, 21. November 2019 lädt Dich die Fachgruppe Development ab 9 Uhr zu einem besonderen Workshop ein.

Hier erfährst Du alles Wissenswerte zum Einstieg in die Notes-Programmierung.

In den acht Stunden ist zwar keine vollständige Ausbildung möglich, aber eine solide Einführung als Grundlage für eigene Weiterbildung.

Weitere Informationen und Anmeldung unter:

Nominations for HCL Masters 2020 are now open

The HCL Masters program is a recognition program that showcases the best of our community. HCL Masters go ‘above and beyond’ their normal job roles to help others, share information and organise events for the whole community to benefit.

Nominations will be judged by a panel of HCL employees on their individual merit against the other nominations we receive this year.

Please submit your nomination for you or someone else to be considered as a HCL Master.

For self nomination you will need:

  • A brief description of why you should be considered a HCL Master
  • A minimum of 3 detailed examples of how you go above and beyond (up to 6 examples)

To nominate someone else, you will need:

  • Consent from the person you are nominating to submit their details
    • Name, Email address and Company name
  • A detailed description & examples of why you consider that person to be a HCL Master

The nomination window is open from October 1st to 31st.

NotesUser Activity Class

The NotesUserActivity Class is a customizable LotusScript library that returns database user activity summary information. The usage statistics for the prior day, week, and month since user activity recording began is provided. The number of documents a user or server has read, added, updated or deleted during each session, with the most recent activity first, is returned.

The class returns information that is available from the Notes user interface via the File/Database/Properties menu item, Information tab, Activity section, User Detail button selection. User activity for the specified database must be enabled for this function to work .

The class was created by Alex Elliott of AGECOM ( Unfortunately it was only availabe for Windows.

I tried to write a Linux port, but I only had a partial success. The code runs without any issues on Windows.

It also runs fine on a Domino V11 Beta1 server on Linux ( CentOS). But it constantly crashes on Domino 10.0.1 ( with or without FP ) on RHEL.

The crash occurs, when the code tries to get the UserName from the ActivityEntry.

pActivityEntry = puActivity + lEntry * 28
CopyMemory dt.Innards(0), pActivityEntry , LEN_DWORD
CopyMemory dt.Innards(1), pActivityEntry + 4 , LEN_DWORD
CopyMemory reads, pActivityEntry + 8 , LEN_WORD
CopyMemory adds, pActivityEntry + 10 , LEN_WORD
CopyMemory updates, pActivityEntry + 12 , LEN_WORD
CopyMemory deletes, pActivityEntry + 14 , LEN_WORD
CopyMemory nonDataReads, pActivityEntry + 16 , LEN_WORD
CopyMemory nonDataAdds, pActivityEntry + 18 , LEN_WORD
CopyMemory nonDataUpdates, pActivityEntry + 20 , LEN_WORD
CopyMemory nonDataDeletes, pActivityEntry + 22 , LEN_WORD
CopyMemory nameOffset, pActivityEntry + 24 , LEN_DWORD		

Dim spUsername As String * MAXUSERNAME
spUsername = Space(MAXUSERNAME)

CopyMemoryString spUsername, puActivity + nameOffset, MAXUSERNAME - 2

Dim sUserName As String
sUserName = Trim(spUsername)

CopyMemory and CopyMemoryString are declared as

Declare Sub TUX_CopyMemory Lib "" Alias "memcpy" _
(hpvDest As Any, ByVal hpvSource As Long, ByVal cbCopy As Long)

Declare Sub TUX_CopyMemoryString Lib "" Alias "memcpy" _
(ByVal hpvDest As LMBCS String, ByVal hpvSource As Long, ByVal cbCopy As Long)

I tried using undocumented method “Cmovmem” from but it also crashes on V10 AND V11. I must admit that I do not really know, how to use Cmovmem. I declared it this way:

Declare Sub CopyMemoryString Lib LIB_TUX Alias "Cmovmem"  _
(Byval lpSrc As Long, Byval lpDest As String, Byval lSize As Long)

You can find the code here.

Any help to get it working on V10 for Linux is appreciated.