Thursday, June 12, 2008

SnTT-Wow, you really do need the LocalDomainServers group in the Domino Directory!

Remember back in the old days when you were just learning all that there is to know about the wonders of Lotus Domino? Sitting in class wide eyed listening to the instructor tell you things all about ACL's and how they work. And then along that journey at some point I am sure you had heard about the importance of the LocalDomainServers group in the Domino Directory. How all of the servers in your domain should be listed in it so that they could all play together happily and do what Domino needs to do. Well, I remembered that too and have pretty much left that group alone. That is until today. I should of known when my day started off with my local profile in XP being corrupt that I was in for a long day.

As my day was winding to a close, I received a phone call from one of the remote plants. It seemed that they were unable to log into iNotes and were getting the following error in the web browser:

6/12/2008 03:08:08 PM: ERROR: Unable to write changes to the Person document - contact administrator [/names.nsf?Login&Username=&Password=....etc

Of course my first thought was that the Domino Directory was corrupt. So with that, I brought down the server and ran compact -c and did an updall -R and saw several errors. Seeing that, I went on to OS copy over another Domino Directory in hopes that it would fix the issue. Not two minutes after that copy starts my phone rings again. Another user on another server is having the same issue. So I connect into that server and see the same problems going on there. That's when it hit me something major was occurring. As I begin troubleshooting the problem, I try to open up the server document in the Domino Directory and I get the "You are not authorized" stop message. "What!?...But I am the freakin admin! I'm in the Full Access Administrators group!" Mind you, many other expletives were being strewn from my mouth, but that pretty much summed up what I was saying. That's when I started diving deeper into the Domino Directory on the Admin server to see if the Administrators group was in there. Nope, it was gone. Then I went to look for the LocalDomainServers and found that gone too along with the OtherDomainServers group. Needless to say, once I replaced those groups from a restored Domino Directory, things starting working properly again. But what caused it in the first place? Good question. I'm not too sure. But I have an idea. When I deleted the LocalDomainServers, OtherDominServers and Administrators group from a view in my local personal address book, the application that placed that view there had decided that I must have meant I wanted those to also be removed from the Domino Directory. Harrumph. I don't know why in the hell it did that and I plan on testing that out next week. For now, I'm on a long weekend.
So the moral of the story, regardless of where you see the LocalDomainServer group listed, just leave it alone.

No comments: