This blog post is going to serve two purposes. First, to give a heads up of something I ran into this week. Secondly, if someone has seen this before, to give me a smack on the back of the head and and tell me that this is a known issue. So here goes.
This week we were in the process of adding new mobile users onto our MDM system where Traveler is the endpoint for their mobile mail. Like most other organizations I'm sure, we use groups to secure who can and cannot access the Traveler server. During setup it was discovered that these users were not in one of the groups that Traveler users are assigned to, so, I added them in. Since they are all on the same OU, I went into the Domino Directory, located those users, copied them out as a table and pasted it into Excel and then extracted their Domino email address from the column and pasted their addresses into the proper group. I then saved the group out, replicated to my Domino server, did a show nlcache reset command on the Traveler server and informed the support staff that mail on the mobile device should work now. After about a half hour, I started hearing reports that they still were not getting mail on the mobile devices. To troubleshoot, I opened a browser and went to the Traveler server to try and log in with the users name and password. While I didn't capture the exact error message, it told me that it couldn't access the users mail on their server. The same message one gets if the users name is not in a security group or listed in the allow field for the Traveler server. Wasn't making any sense. I went into the Domino group to double check they were in there and that's when it stood out to me.
Normally are users are added in one at a time, so selecting them off the pick list is a straight forward process. Find them, click Add, click OK, save and close the group. But like I said, these users were added in by my short cutting the process and pasting in their addresses. When it pasted, it pasted the username in there with the @Domain at the end like is displayed in the People view of the Domino Directory.
Example: User Name/OrgUnti/Org@Domain
For fun, I removed all of the @Domains at the end of the peoples names, saved the group again, replicated again to the Traveler server, issued another show nlcache reset and after a few minutes attempted to access their Traveler accounts via a browser. It worked!
So when I had a few minutes after that fun, I tried to see if I could replicate that behavior on my account. I went to my Traveler test server, added the domain of my organization to my username, saved and closed, did the same steps above and when I tried to access me on the test server, it still worked. So my only thought is that on initial setup it doesn't like the @Domain listed.
So what say you, Yellowsphere. You ever see something like this?