Domino Administrators ID file certificate has expired ... No Problem
Mat Newman February 22 2011 09:13:25
Came across this at a new client site today, the client knows the Domino Administrators password, but cannot use the Administration client (or any Notes client) with the Administrators ID file, because the Administrators ID file certificates have expired.It's a pretty simple thing to fix.
EITHER:
- Use your server's Notes client to recertify the Administrator.
OR
- Get hold of an ID file for a user who hasn't expired,
- Add that user to the 'LocalDomainAdmins' group,
- Access the Domino Directory on the server and recertify the Admin ID,
- Remove the user from the 'LocalDomainAdmins' group,
- Done.
The details:
Using a server.
- Go to the physical domino server,
- Browse to the Domino program folder,
- Locate nlnotes.exe,
- Run it.
Yes I KNOW this is not a 'supported configuration' but hey, it Domino - #ThisS***JustWorks.
- You now have a notes client, which you can use to access the names.nsf locally (the Domino Directory),
- Go to 'People',
- Choose (highlight) the Administrator,
- Choose (from the menu) ACTIONS -> Recertify Selected People,
- Choose the Administrators organization certifier,
- Enter the certifier password.
- Choose a date a long time from now (you WANT your Admin ID file to expire every two years???),
- Done.
The Long way - elevate another user.
If you know the Administrators password, there is a fair chance you can still access the Domino Web Administrator using that password:
- Log-in to the Webadmin using: http://yourserver.com/webadmin.nsf and the Administrators Username and Password,
- Go to 'People and Groups',
- Edit the 'LocalDomainAdmins' group to include the users name who's ID file has not expired,
- On the Domino Console, 'load updall -r names.nsf', then 'dbcache flush',
- Start the users Notes client,
- Open the Domino Directory (names.nsf) on the server,
- Choose People from the navigator,
- Highlight the Administrator,
- Choose (from the menu) ACTIONS -> Recertify Selected People,
- Choose the Administrators organization certifier,
- Enter the certifier password.
- Choose a date a long time from now (you WANT your Admin ID file to expire every two years???),
- Using any method you want (you've got a recertified Admin now), remove the user from the 'LocalDomainAdmins' group,
- Done.
Hope this helps someone, this has happened a few times in the last couple of months when we pick up a new (old) Notes customer who hasn't needed to use the Admin ID in a while.
Domino Administrators ID file certificates have expired? No Problem.