Search This Blog

Thursday, July 25, 2013

Finding out what prevents LN database from opening in Web


I just spent half an hour on resolving one stupid issue so I decided to share my experience with you.

Basically, the task was to find out why the one particular database refused to open in Web-browser.
The error message said that user wasn't authorized to perform that operation.

But let's imagine that we do not know what is the error, let's say that some user complains about it and he is not able to send screen shot and you are not quite sure what is going on on that server at all.
What would you check?

Here is my list that I am sure is not complete.
Feel free to suggest me additional options to check.
I will include them in my list with a pleasure.


  1. If you have administrative access to the server you may start from checking of Domino console or/and log.nsf
  2. We suppose that you are sure that user who complains about problem is an authorized employee and has configured account. If you are not sure, then it has a sense to check if this user has a Person-document in Domino Directory and his name is not included into  "Not access server" field on Security tab of Server document.
  3. Check if nHTTP task works and which ports it listens to, f.x. send "sh ta" from Domino Administrator console and check tasks list.

    If you haven't administrative access try to open server's names.nsf in a Web browser. You should see a page for entering your login and Internet password. If you know how the standard IBM Domino page for entering credentials looks like then you can make a conclusion about if nHTTP works or not. However, you may get authentication window from other systems/applications (f.x. from IIS) so don't get fooled.

    Note 1: Before doing this, you have to check what is the "Fully qualified Internet host name" of your server and what is the HTTP port to compose a correct URL. You can find out it from the server document.
  4. Check if user's login and Internet password work, f.x. try to open server's names.nsf using his login and Internet password to exclude any application specific things which might cause the issue. If names.nsf does not open in Web then you may try to use your own login and Internet password to check if nHTTP does not hang up or something like this. If you managed to open names.nsf with your credentials but failed to open it with the user's login and Internet password then probable reasons are:
    1. user is not included into some important Group in Domino Directory
    2. user forgot his Internet password or it is not defined at all
  5. If user's login and password works on names.nsf then let's try to open target application. Again, if user's login and password didn't work, try your own (of course you have to convince that you have access to this application). If it opens for you but does not open for him then we can consider then something is wrong rather with configuration than with application functionality. I mean that it is unlikely related to errors in computed fields or @dblookups etc. It still can be the reason but let's move this point to the end of list.
  6. Actually, no matter if database doesn't open for both of you or only for one of you two I suggest to check next things:
    1. ACL (Explicit entries, groups access and members, server access, Anonymous entry, probably some specific roles, ...)
    2. Tab "Advanced" of ACL dialog window. It is possible to set field "Maximum Internet name and password" to "No Access". In this case you cannot open application in Web. <-- This is my case that push me to write this post
    3. Database properties. 
      • There is a checkbox "Don't allow URL open" on the first tab (Basics). It should be disabled. 
      • If URL that you use for opening database in Web browser does not include any specific element design to start from but only a filename of a database (like https://host/database.nsf) then you have to check "Launch options" tab of database properties. Property "When opened in browser" should be correctly defined and has to point to existent design element. If this property is not configured then Notes launching configuration works. Anyway, you have to be sure that used design element at least exist.
    4. Design elements which are defined to open by default in Web
      • Check if design elements exist and are not corrupted. 
      • Check if they are not hidden from Web
      • Check if they are not limited for particular users for reading/creation. I am talking about "Security" tab of Form/View properties window.
      • Check if content type of startup Form is configured as HTML on form properties window. In this case "?OpenForm" will not work.
    5. Agents (f.x. on WebQueryOpen)
      • Check if required agents have correct signature and this signer is used on Securty tab of Server document and signer has correct access in ACL
      • Check if property "Runtime security level" is set to correct value
    6. Documents which may be used in @DbLookups and so on
      • Check if they have READERS fields and if yes check if required user (and probably server) may read them

        Note2: I do not consider an option when documents which are requested by @DbLookups are located in another database because in this case you have to apply this list from the beginning to this another database
    7. The worst option: something wrong with @Formulas, Java/lotusscrips in agents, related databases and so on  - out of a scope of this post.
Your points? :-)

No comments:

Post a Comment