matnewman.com

Domino Administrators ID file certificate has expired ... No Problem

Mat Newman  February 22 2011 09:13:25
Came across this at a new client site today, the client knows the Domino Administrators password, but cannot use the Administration client (or any Notes client) with the Administrators ID file, because the Administrators ID file certificates have expired.

It's a pretty simple thing to fix.

EITHER:
  • Use your server's Notes client to recertify the Administrator.

OR
  • Get hold of an ID file for a user who hasn't expired,
  • Add that user to the 'LocalDomainAdmins' group,
  • Access the Domino Directory on the server and recertify the Admin ID,
  • Remove the user from the 'LocalDomainAdmins' group,
  • Done.

The details:

Using a server.
  • Go to the physical domino server,
  • Browse to the Domino program folder,
  • Locate nlnotes.exe,
  • Run it.

Yes I KNOW this is not a 'supported configuration' but hey, it Domino - #ThisS***JustWorks.

 
  • You now have a notes client, which you can use to access the names.nsf locally (the Domino Directory),
  • Go to 'People',
  • Choose (highlight) the Administrator,
  • Choose (from the menu) ACTIONS -> Recertify Selected People,
  • Choose the Administrators organization certifier,
  • Enter the certifier password.
  • Choose a date a long time from now (you WANT your Admin ID file to expire every two years???),
  • Done.

The Long way - elevate another user.


If you know the Administrators password, there is a fair chance you can still access the Domino Web Administrator using that password:
  • Log-in to the Webadmin using: http://yourserver.com/webadmin.nsf and the Administrators Username and Password,
  • Go to 'People and Groups',
  • Edit the 'LocalDomainAdmins' group to include the users name who's ID file has not expired,
  • On the Domino Console, 'load updall -r names.nsf', then 'dbcache flush',
  • Start the users Notes client,
  • Open the Domino Directory (names.nsf) on the server,
  • Choose People from the navigator,
  • Highlight the Administrator,
  • Choose (from the menu) ACTIONS -> Recertify Selected People,
  • Choose the Administrators organization certifier,
  • Enter the certifier password.
  • Choose a date a long time from now (you WANT your Admin ID file to expire every two years???),
  • Using any method you want (you've got a recertified Admin now), remove the user from the 'LocalDomainAdmins' group,
  • Done.


Hope this helps someone, this has happened a few times in the last couple of months when we pick up a new (old) Notes customer who hasn't needed to use the Admin ID in a while.

Domino Administrators ID file certificates have expired? No Problem.


Comments

1Paul Mooney  02/22/2011 10:53:07  
Domino Administrators ID file certificate has expired ... No Problem

Mat - nlnotes can seriously screw up policies. Depending on the version of domino / notes. Doesn't always "just work".

Of course, you could always do the time travel trick ;)

2Mat Newman

02/22/2011 10:55:15  Domino Administrators ID file certificate has expired ... No Problem

@1, Paul: Noted, thanks mate. Client was actually on R5 (no comments please!) so no issue, versions R6 & 7 are safe for above, but yes - there *can* potentially be problems doing the 'server fix' with 8.*. In that case, use the 'Elevated User' method to resolve.

Mat Newman IBM Champion

3Blonde  02/22/2011 20:44:36  
Domino Administrators ID file certificate has expired ... No Problem

huhuuuu, it´s great! Thanks for tip!

4Albert Buendia  02/22/2011 21:54:49  
Domino Administrators ID file certificate has expired ... No Problem

I think nlnotes.exe is no longer available into the domino program directory for security reasons. We installed a new instance of Domino 8.5.2 the last weekend and there is no nlnotes.exe.

So this option is only available for "legacy" Domino versions ;)

5Gregg Eldred  02/23/2011 0:44:12  
Another Option

Mat, here's one more method to resolve this issue:

{ Link }

6Keith Brooks  02/23/2011 1:27:29  
Domino Administrators ID file certificate has expired ... No Problem

Mat,

I agree with Paul, don't advocate nlnotes unless no other option is feasible.

That said, if NONE of your IDs are still valid(yes it can happen), you will need to follow what I went through at a client a few years back.

Suffice it to say recreating a cert ID is not for the junior admin.

Blog post here: { Link }

7Keith Brooks  02/23/2011 1:35:29  
Domino Administrators ID file certificate has expired ... No Problem

Sorry, that was not the right post, this is the one: { Link }

The Technote found here:

{ Link }

Is titled:

What to do when a Certifier ID is stolen, lost or compromised

Which is where sometimes we end up because someone created IDs in batch.

8Mat Newman

02/23/2011 7:14:49  Domino Administrators ID file certificate has expired ... No Problem

@3, Blonde: No Problem :-)

@4, Albert: No NlNotes is not icluded in Domino server install anymore. You will only find it after an upgrade from previous releses.

@5, 6, 7: Keith and Greg, that's what makes our community so LEGENDARY! Post a solution and get more in reply. Do you guys mind if I consolidate these into a Wiki article on Notes.net (ldd)?

And yes folks the quick'n'dirty nlnotes.exe on the server solution as highlighted by Paul and Keith - IF it's avalaible - *may* cause issues with your system. The longer - but safer - solution is the 'elevated user' option, especially in an 8.* environment.

Mat Newman IBM Champion

9MatD  10/24/2012 17:15:41  
Domino Administrators ID file certificate has expired ... No Problem

Thank you Mat, that saved my life! ;)

Cheers, MatD

10Lina   03/21/2013 11:00:17  
Domino Administrators ID file certificate has expired ... No Problem

Hello Mat,

I have a strange situation. We have a Domino Traveler server 8.5 in a standalone domain since our organization is still on R7. Admin ID was certified before it expired on it, but it is still giving error message, "Server error: Certificate has expired." I have followed all the procedures to recertify the admin ID in the local server through Admin console and replaced the old ID file with the newly certified ID. I am still unable to open up Names.nsf with this ID file. Also another thing that when I recertify admin ID it shows expiration date for 2050 and new certify date for 2015. Thus ID should work and system should not prompt for expiration. What should I do to correct this error message?? Any help will be appreciated.

thanks,

Lina

11Avijit Ghosh  08/24/2013 1:09:18  
Domino Administrators ID file certificate has expired ... No Problem

Sir

I am not expert. I am facing the same situation. Can u help us by taking remote access.

Thanx.

12Jaideep Singh  09/11/2013 23:58:14  
Missing notes certifier

Unfortunately, one of the certifiers is not available in the ID vault and we need to recertify some of the servers with it as they are expiring next month.

Certifier is like this: /AT/Test.

We have /Test certifier but not /AT.

Is it necessary to recreate new certifier or some other workaround to overcome this situation ?

And in case we create a new certifier, will there be any impact on the existing environment ?

Would appreciate to have some suggestions on this.

Thanks,

Jaideep

13Patrick Amoma  11/03/2014 19:42:57  
Domino Administrators ID file certificate has expired ... No Problem

its an epic fail for me i could not fix the expired certificate of my admin can anyone help me with some screenshoot and step by step how to do it kindly send me the solutions of my problem to my Administrator Expired Certificate... thank you and god bless...

14Ganesh Maity  12/04/2014 0:57:07  
Mistakenly the user’s certificated deleted along with ID file.

Mistakenly the user’s certificated deleted along with ID file. Can we somehow recertify user and so that user can again access mail using notes client.

User is able to access iNotes but client is also required. Pls help

15Steve Hothleuf  02/07/2015 11:43:11  
Domino Administrators ID file certificate has expired ... No Problem

Thanks for the post.

Helped me a lot !!!!

16Jun  04/29/2015 11:22:14  
Domino Administrators ID file certificate has expired ... No Problem

Hi,

I have certified the id to another year. but when i tried to certify it again, the date did not apply although there was a notice from the recertification that the process was successfully applied. no matter how many times i recertify, the date does not change.

17alok  05/23/2015 16:41:12  
Domino Administrators ID file certificate has expired ... No Problem

Unfortunately, one of the certifiers is not available in the ID vault and we need to recertify some of the servers with it as they are expiring next month.

18alok  05/23/2015 16:43:04  
Domino Administrators ID file certificate has expired ... No Problem

Can u help us by taking remote access.

<a href="{ Link } News</a>

19mosharof.khan  10/23/2015 23:56:09  
Domino Administrators ID file certificate has expired ... No Problem

icannot install when expired certificate

20surya  01/29/2016 1:58:54  
Domino Administrators ID file certificate has expired ... No Problem

we have a user who upon login to Lotus Notes 8 (Basic ) , getting error your certificate has been expired . But when I checked on Domino Admin console , user ID isn't present there . So a bit confused , how come user is able to login with out having an entry on the Domino Admin console.

21Franco  01/29/2016 21:24:08  
Domino Administrators ID file certificate has expired ... No Problem

What about doing this on a 9.x server (deprecated webadmin) on Linux (no nlnotes.exe of course)?

22Franco  01/29/2016 21:30:55  
Domino Administrators ID file certificate has expired ... No Problem

Sorry, I was too quick, the solution was here: { Link }

23JF MONDON  03/31/2017 19:15:30  
Domino Administrators ID file certificate has expired ... No Problem

Hello,

I have the certificate problem on my ssytem. But with the first mtehod, Do I stop the Domino server before because when I run Admin client, i had an error whitch explain to shut down the server...

24irizar  07/17/2017 19:00:35  
Domino Administrators ID file certificate has expired ... No Problem

Hello,

I try the long ways, but i cannot edit anythink in webadmin...

25aradhyasri  11/28/2017 23:50:49  
Domino Administrators ID file certificate has expired ... No Problem

I like this post so much. Thank you

26Mike  02/06/2018 5:02:36  
Domino Administrators ID file certificate has expired ... No Problem

A slight variation on the above is causing me a major headache. Not only have ALL IDs expired (we only have five), but there is no machine currently with the Admin Console installed on it. When we try to install the Console and set it up with the expired Administrator ID, it simply boots us out when we enter the password. Because of this, we can't get into a Local server to follow any instructions.

We've tried the NLNotes method but the recertify option doesn't appear under the Action menu.

If I had any hair I'd be tearing it out :(

(Version 6.5.3)

Mat Newman

THE Notes (formerly IBM/Lotus Notes) Guy. Productivity Guru. Evangelist. IBM Champion for IBM Collaboration Solutions, 2011/2012/2013. Former IBMer. HCLite. Views are my own.

#GetProductive #GetHCLNotes

Mat Newman




Home  | 

Get Serious. Get Domino.