A Traveler security "issue"

Once again, repeat after me, "IBM Lotus Traveler just works." 
Amen.

That's been the mantra since it's release and it does just work.  But I found an issue this week that had me calling support.  And with their help we got it fixed.  Here's the scenerio.
As part of our policy with mobile devices, you have to have approval for certain ones to be used.  When someone connects one to the system, we put them into "Deny Access" mode until they are allowed.  For one user, we set their deny access and went about our business.  After 30 days, that record removed itself from the LotusTraveler.nsf database.  Now after some time, the user has gotten approval for her device to be used and we told her to go ahead and set it up.  But it wouldn't work.  When I looked at her records in LotusTraveler.nsf, there was only the one there for her current device, but not for the one that needed approved.  At the Domino console, I typed the command
tell traveler security status <username>
It showed the current device information as well as the old device in question that was locked out.  So the Traveler server still had in it's back-end database this locked out device even after the 30 days had passed.  Support had me issue the command to clear up the lock out:
tell traveler security delete<device ID> <username>
Once that command ran, it removed that locked out record and Traveler data started to flow! 
The important thing to remember with managing a Traveler server is that even though the GUI doesn't show the record for the device, it may still be lurking in the background database.  But those two commands can help save the day.
It just works.