Supplemental Pre-Upgrade and Post-Upgrade Notes for Domino 12.x and 14.x
This checklist for the specific Mindwatering Domino in-place and swing migration support technical notes.
It deep dives into the weeks for the post steps, but ignores the actual upgrade steps which are already documented in the Mindwatering Support Reference technical notes library.
Important Notes if Jumping from Old Releases:
- If you are running a release before Domino R6.5, you need to upgrade to Domino 6.5 as a intermediate step. Install R6.5 over R5 or older. We've had corruption upgrading really old installations directly to Domino 8.5 or Domino 9 w/o going through Domino 6.5.
- Perform the pre-upgrade fixup task checks the night before the upgrade to confirm the server apps' health.'
- If migrating from Notes R4 or R5 client versions, upgrade the Notes clients to Notes 8.0.x/8.5.x before the server. Do not upgrade clients past R9.0.1x before the server is upgraded to 8.5x. Otherwise very bad user experiences occur especially with Calendaring and PIM compatibility, as version support is typically in the last two or three releases.
- If running Domino R8.0.x/8.5.x, then upgrade to R9.0.1 with the latest fix-pack Perform the pre-upgrade fixup task checks the night before the upgrade to confirm the server apps' health.
- I would sit for an hour or a day, and then upgrade in the same or next maintenance window to R14.x.
General Upgrade Notes:
- For VMs or physical installations, upgrade the server OS before upgrading the Domino version - same promotion window is okay, as OS upgrades typically take 1 hour or less, and Domino upgrades are less than 15 minutes per installation pass. That said, if upgrading from a really old version, such as R5 or R8 to a current release, perform a swing migration instead. (There are multiple tech docs in this repository on these steps.)
- Mail templates supported by Domino current version are the last 2 major versions. So for R14, it would R12 and R14. For R10, it would be R8.0.x, R8.5.x, R9.0.x, and R10.0.x. The mail templates are typically in the format mail9.ntf, mail10.ntf, mail11.ntf, mail12.ntf, mail14.nsf, etc.
- We recommend either a Red Hat Linux variant or Ubuntu Linux (e.g. Red Hat, CentOS Stream, RockyOS, Ubuntu. These server OS choices typically use far less memory, disk, and CPU resources than MS Windows, especially if using the server (no GUI) option.
- Mail templates supported by Domino current version are the last 2 major versions. So for R14, it would R12 and R14. For R10, it would be R8.0.x, R8.5.x, R9.0.x, and R10.0.x. The mail templates are typically in the format mail9.ntf, mail10.ntf, mail11.ntf, mail12.ntf, mail14.nsf, etc.
- You should rarely give your developers the new version of the Notes Designer (for production use) before the servers and the clients are all upgraded.
- The Eclipse-based HCL Notes Standard client is the full-featured client. It is not quite as resource hungry as a modern web browser, but the Notes client can require 500 MB to 5 GB of RAM.
Sections:
Domino Servers Upgrade Order and Overview:
1. For the administrator(s), upgrade the Notes Client / Admin Client to the current or next version first.
2a. Perform pre-upgrade tasks on the server.
- If going between R5 and R8 through R6.5, or not, run fixup non-system apps overnight before or after nightly backups.
- After Domino shutdown, run fixup on the system apps, if needed. Skip if not upgrading from Domino R5 directly to R8.5 or higher, or if there is no evidence of corruption. Run fixup using the full path (e.g. /opt/hcl/domino/bin/fixup).
- Some of the system apps may not exist on the Domino server. For example, domlog.nsf is used if the HTTP task has raw logs enabled and has selected Domino to be the repository. In addition, a server may have multiple mail.boxes, in which case, there would be no active mail.box, but mail1.box and mail2.box, etc.
Example:
$ sudo su -
<enter pwd>
# sudo notes -
<typically no pwd prompted>
$ cd /local/notesdata/
$ /opt/hcl/domino/bin/fixup -f -j -v -l names.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l admin4.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l log.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l events4.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l statrep.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l dbdirman.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l mail.box
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l busytime.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l catalog.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l dircat.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l mtdata/mtstore.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l clubusy.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l cldbdir.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l domlog.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l certstore.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l da.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l ddm.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l domcfg.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l daoscat.nsf
<wait>
$ /opt/hcl/domino/bin/fixup -f -j -v -l lndfr.nsf
<wait>
2b. Upgrade the Domino server which is the Administrative Server for the Domino Domain/Directory, names.nsf.
Note: See the names.nsf app ACL's advanced properties to confirm the primary Domino server for the Domain.
e.g. With the Domino Directory open, select File --> Application --> Access Control --> Advanced Properties (tab) to view.
2c. After upgrade, and before starting Domino, update the notes.ini, run compact and updall
Note: See the section Post-Upgrade (notes.ini, compact, and updall) below.
3. Allow normal replication of the new/updated Domino Directory and other system templates to the other Domino 6.5 or Domino 7 servers.
4. Upgrade your mail/replication hub servers next, if you have them.
4b. After upgrade, do following:
- Add notes.ini parameter: Create_RNN_Databases=1, to use new ODS and utilize new design compression and folder optimization features.
- In console run the compact task to upgrade the databases' ODS: compact -c <database name>
- If upgrading from 6.5x or upgrading the ODS, also run the updall command to update the view and full-text indexes.
5. Upgrade your mail servers next (Notes Routing and SMTP).
5b. After upgrade, do following:
- Add notes.ini parameter: Create_RNN_Databases=1, to use new ODS and utilize new design compression and folder optimization features.
- In console run the compact task to upgrade the databases' ODS: compact -c <database name>
- If upgrading from 6.5x or upgrading the ODS, also run the updall command to update the view and full-text indexes.
6. Upgrade your application servers next (Notes and Web).
6b. After upgrade, do following:
- Add notes.ini parameter: Create_RNN_Databases=1, to use new ODS and utilize new design compression and folder optimization features.
- In console run the compact task to upgrade the databases' ODS: compact -c <database name>
- If upgrading from 6.5x or upgrading the ODS, also run the updall command to update the view and full-text indexes.
7. Upgrade your "companion" servers (e.g. Sametime & Traveler) next.
Note: You commonly have to wait a little while after a new release for an updated version of Sametime or Quickr to be release for the new platform.
Post-Upgrade (notes.ini, compact, and updall):
i. Add notes.ini parameter: Create_12_Databases=1, to use any new ODS and utilize new compression features. For Domino R14.0.x/R14.5.x, there is no new ODS, use the Create_12_Databases=1, as well.
Example:
$ sudo su -
<enter pwd>
# vi /local/notesdata/notes.ini
...
<update or add Create_12_Databases=1>
...
<esc>:wq (to save)
ii. From the OS terminal, run the compact task (ncompact on MS Windows) to upgrade the system databases' ODS: compact -c <database name>.
Notes:
- As the notes system account, change to the /local/notesdata folder, and run the compact with the copy option (-c) using the full path (e.g. /opt/hcl/domino/bin/compact).
- Some of the system apps may not exist on the Domino server. For example, domlog.nsf is used if the HTTP task has raw logs enabled and has selected Domino to be the repository. In addition, a server may have multiple mail.boxes, in which case, there would be no active mail.box, but mail1.box and mail2.box, etc.
Example:
$ sudo su -
<enter pwd>
# su notes -
<typically password is prompted>
$ cd /local/notesdata/
$ /opt/hcl/domino/bin/compact -c names.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c admin4.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c log.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c events4.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c statrep.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c dbdirman.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c mail.box
<wait>
$ /opt/hcl/domino/bin/compact -c busytime.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c catalog.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c dircat.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c mtdata/mtstore.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c clubusy.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c cldbdir.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c domlog.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c certstore.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c da.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c ddm.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c domcfg.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c daoscat.nsf
<wait>
$ /opt/hcl/domino/bin/compact -c lndfr.nsf
<wait>
iii. If upgrading through Domino R6.5x or through R10, also run the updall command to update the view and full-text indexes. For the app view rebuilds, use the used view option (-R) For the full-text indexes, use the option to rebuild (-X).
Note:
- The newer dbmt command is NOT intended for system apps. Use updall still on these.
Example:
$ sudo su -
<enter pwd>
# su notes -
<typically password is prompted>
$ cd /local/notesdata/
$ /opt/hcl/domino/bin/updall -R -X names.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X admin4.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X log.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X events4.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X statrep.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X dbdirman.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X mail.box
<wait>
$ /opt/hcl/domino/bin/updall -R -X busytime.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X catalog.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X dircat.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X mtdata/mtstore.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X clubusy.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X cldbdir.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X domlog.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X certstore.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X da.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X ddm.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X domcfg.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X daoscat.nsf
<wait>
$ /opt/hcl/domino/bin/updall -R -X lndfr.nsf
<wait>
Post-Domino Upgrade - Notes Client Upgrades:
1. Upgrade your developer HCL Notes and Designer clients.
2. Upgrade your users to the current Notes version.
Reminders:
- We can do the clients before your servers as long as the client is within typically 2 versions of the Domino server's pre-upgrade and after upgrade release.
- Don't upgrade the mail files
- Don't harden the Notes RPC encryption beyond 630-bit encryption / RC4 at the server until all the old Notes R5- R9 (pre FP7) clients are upgraded.
- Don't harden the Notes RPC encryption beyond 1024-bit encryption at the server, until after Domino 9.0.1 FP 7. Then use the PORT_ENC_ADV and the TICKET_ALG-SHA settings.
3. Perform mail file design version upgrade (see instructions below).
Post-Domino Upgrades - Notes Tuning Encryption:
Notes:
- Upgrade Notes clients before improving the port encryption and authentication at the Domino server Ports configuration for Domino servers and clients at R9.0 FP7 or higher.
- The Notes client advertises when it contacts the server what security options it can support. By default, the Domino server adjusts the security to higher for new clients and lower for older clients automatically.
- The default encryption is best/recommended setting for the release of the Domino server.
- We can choose to NOT set anything, and Domino will increase these settings over time and upgrades/releases. If we do decide to tweak these settings, then we have to maintain them.
- HCL Notes Client Algorithm Support:
Clients prior to R9.0.1 FP7: RC4
Clients R9.0.1 FP7 through R11: 128 bit AES-GCM for network encryption and integrity protection and 128 bit AES tickets
Clients R12: 256 bit AES-GCM for network encryption and integrity protection, X25519 for forward secrecy, and 128 bit AES tickets
- PORT_ENC_ADV:
When added to Domino server's notes.ini, allows configuration of the sum of desired authentication and encryption protocols for the Notes client and Domino servers.
If not used, the default in R12 and R14 is 104.
R10 Example:
Best practice recommendation is: PORT_ENC_ADV=84 (AES-128 GCM, Forward Secrecy, and Enable AES tickets)
Best security recommendation is: PORT_ENC_ADV=88 (replaces AES-128 with AES-256 GCM)
R12 and R14 Example:
Best practice recommendation is: PORT_ENC_ADV=100 (AES-128 GCM, Forward Secrecy, and Enable AES tickets, with improvements over R10)
Best security recommendation is: PORT_ENC_ADV=120 (replaces AES-128 with AES-256 GCM, and upgrades Forward Secrecy from 32 to both 16+32)
R14.5 Example:
Best practice recommendation is: PORT_ENC_ADV=104 (AES-128 GCM, Forward Secrecy (32), and Enable AES tickets)
Best security recommendation is: PORT_ENC_ADV=120 (replaces AES-128 with AES-256 GCM, and upgrades Forward Secrecy from 32 to both 16+32)
- TICKET_ALG_SHA:
When added to Domino server's notes.ini, allows improvement of NRPC authentication by controlling the cryptographic algorithm of the client ticket/secret.
Notes:
- Unlike the PORT_ENC_ADV entry, this is NOT a sum.
- The options below are supported from Domino 9.0.1 FP7 through the now current R14.5.x release.
- The default, if not overridden, is the same from Domino 9.0.1 FP7 through the now current R14.5.x release.
Options:
1 - HMAC-SHA 1
256 - HMAC-SHA 256 (Enabled by default; no configuration needed.)
384 - HMAC-SHA 384
512 - HMAC-SHA 512
Example to override:
TICKET_ALG_SHA=512
Post-Notes Upgrade - Mailfile Design Updates:
Notes:
- Perform upgrade after ALL of the Notes clients for a department or an organization is complete. Otherwise Calendar and PIM issues often arise.
- Perform the upgrade nightly before or after the nighty backups. The users should restart Notes or go out of mail and back into mail to flush the previous design cache in their Notes clients.
- Use the load convert command in the Domino Admin client - much faster than manually performing.
- In almost every case, we want the load convert to also upgrade each user's mail file's folders (via -u option) at the same time - because doing 100s or 1000s of folders manually would be terrible.
Common Options:
-u = upgrades folders to new inbox design
-r = recursive upgrade mailfiles through subfolders of the main folder rather than just w/in this folder
-f = specify specific mailfiles to upgrade using a text file.
Example:
Domino Admin client --> select Mail Server (left side menu) --> Server (tab) --> Status (sub-tab) --> Server Console --> click Live view button --> enter the console command field
1. Stop the mail Router
> tell router quit
(wait a second)
2. If any corruption is suspected, perform a mailfile copy-style compact:
> load compact mail/ -c
3. Upgrade one at a time, or a bunch at a time:
a. Example to upgrade all mail files of any design template to <this> release:
> load convert -u mail/*.nsf * mail14.ntf
b. Example to upgrade all mail files of a specific design template to <this> release:
> load convert -u mail/*.nsf StdR85Mail mail12.ntf
c. Example using a list text file to <this> release:
> load convert -f /home/notes/mailupgradelist.txt mail*.ntf mail14.ntf
____
Updall Options:
HCL has removed the Updall options from the documentation higher than Notes/Domino 9.0.1.
Below is the content of the Updall Option Tables 2-4.
Table 2:
Table 3:
Table 4:
previous page
|