Configuring Microsoft Exchange Server or IBM Lotus Notes

Besides supporting Sun Java System Messaging Server and Sun Java System Calendar Server for the communication channels, Sun Java System Portal Server also supports Microsoft Exchange Server and IBM Lotus Notes server.

To Configure Microsoft Exchange 5.5 Server for Address Book, Calendar, and Mail

1. Log into your Primary Domain Controller (PDC) as an administrator of the domain.

2. Select Start, Programs, Administrative Tools, User Manager for Domains and create an account with user name MAXHost.

3. Select Groups and add MAXHost to the groups, Administrators, and Domain Admins.

4. Ensure that MAXHost can log on locally to the MAIL_HOST, Domain Controllers, and MAX_HOST.

5. Set the password.

6. Log in to your Exchange 5.5 (MAIL_HOST) as MAXHost.

7. Go to Start, Programs, Microsoft Exchange, Microsoft Exchange Administrator.

8. For each end user, set permissions to the mailbox.

9. To enable the permissions tab, go to Tools, Options, Permissions, and enable Show Permissions Page for All Objects.

10. Double-click on the user name.

11. Select the permissions tab and select Add from the permissions page to add MAXHost and leave role as User.

    Repeat steps 9 through 11 for each user who accesses the communication channels.

12. Unzip the ocxhost.zip file located in the following directory:

    PortalServer-base/SUNWportal/export.

    When unzipping the file, you see the following file format:

    Archive: ocxhost.zip creating: ocxhost creating: ocxhost/international inflating:ocxhost/international/ocxhostEnglishResourceDll.dll inflating:ocxhost/ocxhost.exe

13. Register ocxhost as follows:

    1. Locate the ocxhost.exe.

    2. Select Start and Run.

    3. Type the following in the Run window:

       ocxhost.exe /multipleuse

14. To set the properties of ocxhost utility:

    1. Configure the necessary DCOM settings for the ocxhost utility using the dcomcnfg utility. That is:

       1. Select Start and Run.

       2. Type dcomcnfg and select OK.

       3. In the Distributed COM Configuration Properties dialog box:

       4. Select Default Properties tab:

          • Check the Enable Distributed COM on the computer check box.

            • Set the default Authentication Level to Connect.

              • Set the default Impersonation Level to Identify.

       5. Select the Applications tab.

       6. Double-click the ocxhost utility in the Properties dialog.

          The ocxhost properties window is displayed.

       7. Check Run Application on this Computer under the Location tab.

       8. Set Use custom access permissions, Use custom launch permissions, and Use custom configuration permissions under the Security tab.

       9. Select Edit for the Access, Launch, and Configuration settings and ensure that the following users are included in the Access Control List (ACL):

          • Interactive

            • Everyone

              • System

       10. Select a User under the Identity tab in the ocxhost properties window.

       11. Select Browse and locate the MAXHost.

       12. Enter the password and confirm the password.

       13. Select OK.

           The ocxhost DCOM component is now configured and ready to communicate with the Exchange Servers.

To Configure Microsoft Exchange 2000 Server for Address Book, Calendar, and Mail

To set up Portal Server to access Calendar data from an Exchange Server 2000 environment in a complex Windows 2000 Domain configuration, install ocxhost.exe on a dedicated System (called MAX_HOST).

Examples of a complex Domain configuration can be:

• A configuration that includes an Exchange Server that is a Cluster and front-end, and a back-end Exchange Server.

• A configuration in which a Windows user and Exchange Mailbox of the same end user are in different Domains.

Installing ocxhost.exe on a dedicated machine is useful for two reasons:

• It allows easier troubleshooting if a user cannot access his calendar from the portal.

• It allows a more restrictive security setup if a firewall exists between the Portal Server and the Windows Domain.

The following instructions assume that:

MAX_HOST

is the name of the dedicated Windows 2000 System running Outlook 2000 and where ocxhost.exe is installed.

MAIL_HOST

is the Exchange Server on which the mailboxes of the end users reside.

PORTAL

is the Java Enterprise System Portal Server 7 2005Q3

DOMAIN

is the Windows Domain with MAX_HOST and MAIL_HOST

When setting up the dedicated Windows 2000 System (MAX_HOST) note the following requirements and assumptions:

• Windows 2000 Server SP3 or Windows 2000 Professional.

• Microsoft Outlook 2000 with CDO enabled.

• The Operating System and Outlook 2000 is installed. Assign an IP Address and bring the new Host in the same Domain as the Exchange Server.

1. Create a User MAXhost in the Domain.

   1. Log into your Host (MAX_HOST) as an administrator of the domain.

   2. Select Start, Programs, Administrative Tools, Active Directory Users and Computers and create an domain account with user name MAXHost.

   3. Select User->Properties->Member of and add the group Administrators (local)

   4. Ensure that MAXHost can log on locally to the MAIL_HOST and MAX_HOST.

   5. Set the password.

2. Configure Outlook for MAXHost user.

   1. Log in to your MAX_HOST System as Domain user MAXHost

   2. Configure the Outlook Profile for the user MAXHost by starting Outlook (refer to Microsoft Documentation if required).

   3. Close Outlook after completing the Outlook setup for MAXHost user.

      ---

      Note –

      Outlook may not run concurrently with ocxhost.exe.

      ---

3. Configure Microsoft Exchange Server for Address Book, Calendar, and Mail.

   1. Log in to your Exchange 2000 Server (MAIL_HOST) as MAXHost.

   2. If you are using an Exchange 2000 Front-End Server, log in to your front-end Server as MAXHost.

   3. Go to Start, Programs, Microsoft Exchange, Active Directory Users and Computers.

   4. For each end user, set permissions to the mailbox.

   5. Select View->Advanced Features

   6. Double-click on the user name.

   7. Select the Exchange Advanced tab and select Mailbox Rights.

   8. Add MAXHost and give MAXHost full access.

      Repeat steps Configuring Microsoft Exchange Server or IBM Lotus Notes through Configuring Microsoft Exchange Server or IBM Lotus Notes for each user who access the communication channels.

4. Install ocxhost.exe on the MAX_HOST.

   1. Log in to MAX_HOST as domain user MAXhost.

   2. Unzip the ocxhost.zip file located in the following directory:

      PortalServer-base/SUNWportal/export .

      When unzipping the file, you see the following file format:

      • Archive: ocxhost.zip

        • creating: ocxhost

          • creating: ocxhost/international

          • inflating:ocxhost/international/ocxhostEnglishResourceDll.dll

          • inflating:ocxhost/ocxhost.exe

   3. Register ocxhost as follows:

      1. Locate the ocxhost.exe file.

      2. Select Start and Run.

      3. Type ocxhost.exe /multipleuse and select OK.

         ---

         Note –

         Perform this registration only once. Each time this command is executed the DCOM settings described in the next step are cleared and need to be reconfigured.

         ---

   4. Configure the necessary DCOM settings for the ocxhost utility using the dcomcnfg utility.

   5. Select Start and Run.

   6. Type dcomcnfg and select OK.

   7. In the Distributed COM Configuration Properties dialog box select Default Properties tab and use the following settings:

      • Check the Enable Distributed COM on the computer check box.

        • Set the default Authentication Level to Connect.

          • Set the default Impersonation Level to Identify.

   8. Select the Applications tab.

   9. Double-click the ocxhost utility in the Properties dialog.

      The ocxhost properties window is displayed.

   10. Check Run Application on this Computer under the Location tab.

   11. Set Use custom access permissions, Use custom launch permissions and Use custom configuration permissions under the Security tab.

   12. Select Edit for the Access, Launch, and Configuration settings and ensure that the following users are included in the Access Control List (ACL):

       • Interactive

         • Everyone

           • System

   13. Select a User under the Identity tab in the ocxhost properties window.

   14. Select Browse and locate the MAXHost.

   15. Enter the password and confirm the password.

   16. Select OK.

       The ocxhost DCOM component is now configured and ready to communicate with the Exchange Servers. It is launched by RPC call when the first access from the Portal Server occurs.

5. Change MAXHost users group.

   For security reasons you may want to remove the domain user from the Administrators group:

   1. Log out and log in again as Administrator on MAX_HOST.

   2. Remove the user MAXHost from local Administrators group, (and assign it to Domain User Group).

      ---

      Note –

      Do not use a firewall should between the Portal and the MAX_HOST.

      (RPC calls using dynamic ports are used for the communication from Portal Server to ocxhost.exe.)

      Do not use a firewall between the MAX_HOST and the MAIL_HOST.

      ---

To Configure Microsoft Exchange 2003 Server for Address Book, Calendar, and Mail

To set up Portal Server to access Calendar data from an Exchange Server 2003 environment in a complex Windows 2000 Domain configuration, install ocxhost.exe on a dedicated System (called MAX_HOST).

Examples of a complex Domain configuration can be:

• A configuration that includes an Exchange Server that is a Cluster and front-end, and a back-end Exchange Server.

• A configuration in which a Windows user and Exchange Mailbox of the same end user are in different Domains.

Installing ocxhost.exe on a dedicated machine is useful for two reasons:

• It allows easier troubleshooting if a user cannot access his calendar from the portal.

• It allows a more restrictive security setup if a firewall exists between the Portal Server and the Windows Domain.

The following instructions assume that:

MAX_HOST

is the name of the dedicated Windows 2000 System running Outlook 2000 and where ocxhost.exe is installed.

MAIL_HOST

is the Exchange Server on which the mailboxes of the end users reside.

PORTAL

is the Java Enterprise System Portal Server 7.1

DOMAIN

is the Windows Domain with MAX_HOST and MAIL_HOST

When setting up the dedicated Windows 2000 System (MAX_HOST) note the following requirements and assumptions:

• Windows 2000 Server SP3 or Windows 2000 Professional.

• Microsoft Outlook 2000 with CDO enabled.

• The Operating System and Outlook 2000 is installed. Assign an IP Address and bring the new Host in the same Domain as the Exchange Server.

1. Create a User MAXhost in the Domain.

   1. Log into your Host (MAX_HOST) as an administrator of the domain.

   2. Select Start, Programs, Administrative Tools, Active Directory Users and Computers and create an domain account with user name MAXHost.

   3. Select User->Properties->Member of and add the group Administrators (local)

   4. Ensure that MAXHost can log on locally to the MAIL_HOST and MAX_HOST.

   5. Set the password.

2. Configure Outlook for MAXHost user.

   1. Log in to your MAX_HOST System as Domain user MAXHost

   2. Configure the Outlook Profile for the user MAXHost by starting Outlook (refer to Microsoft Documentation if required).

   3. Close Outlook after completing the Outlook setup for MAXHost user.

      ---

      Note –

      Outlook may not run concurrently with ocxhost.exe.

      ---

3. Configure Microsoft Exchange Server for Address Book, Calendar, and Mail.

   1. Log in to your Exchange 2003 Server (MAIL_HOST) as MAXHost.

   2. If you are using an Exchange 2003 Front-End Server, log in to your front-end Server as MAXHost.

   3. Go to Start, Programs, Microsoft Exchange, Active Directory Users and Computers.

   4. For each end user, set permissions to the mailbox.

   5. Select View->Advanced Features

   6. Double-click on the user name.

   7. Select the Exchange Advanced tab and select Mailbox Rights.

   8. Add MAXHost and give MAXHost full access.

      Repeat steps Configuring Microsoft Exchange Server or IBM Lotus Notes through Configuring Microsoft Exchange Server or IBM Lotus Notes for each user who access the communication channels.

4. Install ocxhost.exe on the MAX_HOST.

   1. Log in to MAX_HOST as domain user MAXhost.

   2. Unzip the ocxhost.zip file located in the following directory:

      PortalServer-base/SUNWportal/export .

      When unzipping the file, you see the following file format:

      • Archive: ocxhost.zip

        • creating: ocxhost

          • creating: ocxhost/international

          • inflating:ocxhost/international/ocxhostEnglishResourceDll.dll

          • inflating:ocxhost/ocxhost.exe

   3. Register ocxhost as follows:

      1. Locate the ocxhost.exe file.

      2. Select Start and Run.

      3. Type ocxhost.exe /multipleuse and select OK.

         ---

         Note –

         Perform this registration only once. Each time this command is executed the DCOM settings described in the next step are cleared and need to be reconfigured.

         ---

   4. Configure the necessary DCOM settings for the ocxhost utility using the dcomcnfg utility.

   5. Select Start and Run.

   6. Type dcomcnfg and select OK.

   7. In the Distributed COM Configuration Properties dialog box select Default Properties tab and use the following settings:

      • Check the Enable Distributed COM on the computer check box.

        • Set the default Authentication Level to Connect.

          • Set the default Impersonation Level to Identify.

   8. Select the Applications tab.

   9. Double-click the ocxhost utility in the Properties dialog.

      The ocxhost properties window is displayed.

   10. Check Run Application on this Computer under the Location tab.

   11. Set Use custom access permissions, Use custom launch permissions and Use custom configuration permissions under the Security tab.

   12. Select Edit for the Access, Launch, and Configuration settings and ensure that the following users are included in the Access Control List (ACL):

       • Interactive

         • Everyone

           • System

   13. Select a User under the Identity tab in the ocxhost properties window.

   14. Select Browse and locate the MAXHost.

   15. Enter the password and confirm the password.

   16. Select OK.

       The ocxhost DCOM component is now configured and ready to communicate with the Exchange Servers. It is launched by RPC call when the first access from the Portal Server occurs.

5. Change MAXHost users group.

   For security reasons you may want to remove the domain user from the Administrators group:

   1. Log out and log in again as Administrator on MAX_HOST.

   2. Remove the user MAXHost from local Administrators group, (and assign it to Domain User Group).

      ---

      Note –

      Do not use a firewall should between the Portal and the MAX_HOST.

      (RPC calls using dynamic ports are used for the communication from Portal Server to ocxhost.exe.)

      Do not use a firewall between the MAX_HOST and the MAIL_HOST.

      ---

To Set Up SSO Adapter for Calendar

Set up SSO Adapter for Calendar if you are using a dedicated Server for ocxhost.exe (MAX_HOST).

1. Create an SSO Adapter template.

   1. Log in to the Access Manager administration console.

   2. Select the Service Configuration Tab.

   3. Select SSOAdapter.

   4. Select New.

   5. Enter a name for your new template and select the existing EXCHANGE-CALENDAR from the list.

   6. Select Next.

   7. In the line for the ocxHost enter the dns-name or IP-Address of the system were oxchost.exe resides, in this case MAX_HOST.

   8. Select Save.

2. Create an SSO Adapter configuration for your organization.

   1. From the Identity Management tab, select your organization.

   2. Select Services from the scroll down menu

   3. Select SSOAdapter.

   4. Under SSO Adapter Configurations, select New.

   5. Enter a name for the configuration and select the previously created Template.

   6. Select Next.

   7. Modify the properties as needed.

      You can provide a default Host name which is your MAIL_HOST (DNS name or IP-Address), or you can leave it blank

   8. Select Save and note the message Changes Saved.

To Uninstall ocxhost.exe

Unregister ocxhost as follows:

1. Locate the ocxhost.exe utility.

2. Select Start and Run.

3. Type the following in the Run window:

   ocxhost.exe /unregserver

4. Delete the files ocxhost.exe and ocxhostEnglishResourceDll.dll

To Configure Lotus Domino Server for Address Book, Calendar, and Mail

1. Open the Lotus Administrator by selecting Start, Programs, Lotus Applications, and Lotus Administrator.

2. Go to Administration, Configuration, Server, Current Server Documents.

3. In the Security tab, set the following settings:

   1. Under Java/COM Restrictions, set Run restricted Java/Javascript/COM and Run unrestricted Java/Javascript/COM to *.

   2. Under Security Settings, set:

      • Compare Notes Public keys against those stored in Directory to No.

        • Allow anonymous Notes connections to No.

          • Check Passwords on Notes IDs to Disabled.

   3. Under Server Access, set Only allow server access to users listed in this Directory to No.

   4. Under Web Server Access, set Web Server Authentication to More Name Variations with lower security.

4. In the Ports tab:

   1. Select the Notes Network Ports tab and ensure that TCPIP is ENABLED.

   2. Select Internet Ports tab and the Web tab.

      1. Ensure that TCP/IP port status is Enabled.

      2. Under Authentication options, ensure that Name and password and Anonymous are Yes.

      3. Select the Directory tab and ensure that:

         • TCP/IP port status is Enabled.

           • Authentication options items Name and Password and Anonymous are Yes.

             • SSL port status is Disabled.

      4. Select the Mail tab and ensure that:

         • TCP/IP port status is Enabled.

           • Authentication options Name and Password and Anonymous are set as follows:

         Mail (IMAP)	Mail (POP)	Mail (SMTP Inbound)	SMTP (Outbound)
         Name and Password	Yes	Yes	No
         Anonymous	N/A	N/A	Yes

      5. Select the IIOP tab and ensure that:

         • TCP/IP port status is Enabled.

           • Authentication options items Name and Password and Anonymous are Yes.

             • TCP/IP port number is not set to 0. It should be 63148.

             • SSL port status is Disabled.

   3. Select the Internet Protocols tab and the IIOP sub-tabs. Ensure that the Number of threads is at least 10.

5. Save and close.

6. Restart the server by typing the following in the Domino server console:

   restart server

   Restarting the server enables the settings to take effect.

7. Enable DIIOP server by typing the following command in the console:

   load diiop

8. Check to see if diiop_ior.txt has been generated at location:

   C:\\Lotus\\Domino\\Data\\domino\\html\\diiop_ior.txt

9. Enable HTTP service by typing the following command in the console:

   load http

   • If another service is using port 80, the HTTP service does not start. Stop the service running on port 80 and retype the following in the console: load http

     Or

     • Use the existing service. To do this, copy the diiop_ior.txt file into the root or home directory of the web server running on port 80. You can include both the HTTP service and the DIIOP service in the notes.ini file to ensure that both services start when you start the server.

To Configure Portal Server to Access Lotus Notes

To access a Lotus Notes system using the Sun Java System Portal Server Mail and Calendar channels, you must add another file to the Sun Java System Portal Server. This file is called NCSO.jar. It must be obtained from the Lotus Notes product CD or the IBM web site.

This file is available with the Domino Designer and Domino Server products from IBM in the domino\\java subdirectory. It is also available in a Web download from the following Web site:

http://www-10.lotus.com/ldd/toolkits

1. Go to the Lotus Domino Toolkit link and then to the Java/Corba R5.0.8 update link.

   ---

   Note –

   The download file, which performs the extraction of this file and other files, is an .exe file.

   ---

2. Place the NCSO.jar file in the global class path of the web container (web server or application server) as described in the subsequent sections about each of the four possible web containers. For three of the four web containers, the NCSO.jar file is placed in /usr/share/lib. The following table summarizes the steps that follow.

   The table outlines the process of placing the JAR file in the global class path by indicating where the NCSO.jar file can be placed: in the System Classpath or in the Portal WAR. The table also indicates if special instructions are needed. If so, they are included later in this section.

   Web Container	System Classpath	Portal WAR	Special Instructions
   Sun Java System Web Server	Yes	Yes	N/A
   Sun Java System Application Server	Yes	Yes	N/A
   BEA WebLogic Server	Yes	No	How to update system classpath
   IBM WebSphere Application Server	No	Yes	How to prune JAR file

   The following instructions are provided for each web container:

   ---

   Note –

   To complete the following steps for your web container, you must have administrative rights to it. Also you should have access to the web container documentation to obtain detailed information on various web container processes and commands.

   For more information concerning the Sun Java System web containers, see Sun Java System Application Server Administrator’s Guide or Sun Java System Sun Java System Web Server, Enterprise Edition Administrator’s Guide.

   ---

Sun Java System Web Server

To Configure Lotus Notes with the Sun Java System Web Server

1. Place the NCSO.jar in the following Sun Java System Portal Server directory:

   /usr/share/lib

2. Update the web container class path to include:

   /usr/share/lib/NCSO.jar

   1. Launch the Sun Java System Web Server administration console.

   2. Select the Sun Java System Web Server instance.

   3. Click Manage.

   4. Select the Java tab.

   5. Select the JVM Path Settings.

   6. Add /usr/share/lib/NCSO.jar to the classpath suffix.

   7. Select ok

   8. Select Apply

3. Restart the Sun Java System Web Server . Though often not mandatory, this practice is a good one.

Optional Placement of the NCSO.jar file

1. Place the NCSO.jar file in the following directory:

   PortalServer-base/SUNWportal/web-src/WEB-INF/lib

2. Redeploy the web application with the following command:

   PortalServer-base/SUNWportal/bin/deploy redeploy

3. Restart the web container.

Sun Java SystemApplication Server

To configure Lotus Notes with Sun Java System Application Server

1. Place the NCSO.jar in the following Sun Java System Portal Server directory:

   /usr/share/lib

2. Update the web container class path to include /usr/share/lib/NCSO.jar using the Sun Java System Application Server administration console.

   1. Launch the Sun Java System Application Server administration console.

   2. Select the domain.

   3. Select the server instance.

   4. Select the JVM Settings tab in the server instance view.

   5. Select Path Settings under the JVM Settings tab.

   6. Add /usr/share/lib/NCSO.jar in the Classpath Suffix list.

   7. Select Save.

   8. Select Apply Changes under the General tab of the instance.

   9. Select Restart.

Optional Placement of the NCSO.jar File

1. Place the NCSO.jar file in the following directory:

   PortalServer-base/SUNWportal/web-src/WEB-INF/lib

2. Redeploy the web application with the following command:

   PortalServer-base/ SUNWportal/bin/deploy redeploy

   Where PortalServer-base represents the directory in which the Sun Java System Portal Server was originally installed.

3. Restart the web container.

To Configure Lotus Notes With BEA WebLogic Server

1. Place the NCSO.jar in the following Sun Java System Portal Server directory:

   /usr/share/lib

2. Update the web container class path to include /usr/share/lib/NCSO.jar using the command line.

   1. Change directories to the web container install directory:

      WebContainer-base /bea/wlserver6.1/config

      Where WebContainer-base represents the directory in which the web container was originally installed.

   2. Change directories to the directory that contains the domain instance:

      mydomain

   3. Edit the startWebLogic.sh file using the editor of your choice.

   4. Add /usr/share/lib/NCSO.jar to the end of the CLASSPATH.

      ---

      Note –

      The startWebLogic.sh file may contain multiple CLASSPATH definitions. Locate the last definition of the variable and add the following string to the very end of the CLASSPATH:

      /usr/share/lib/NCSO.jar

      ---

   5. Restart the web container.

Configuring Lotus Notes For IBM WebSphere

1. Prune the classes under org/w3c/dom/ and org/xml/sax/ from the NCSO.jar file and rejar.

   The classes should include the following:

   • org/w3c/dom/Document.class

     • org/w3c/dom/Node.class

     • org/xml/sax/InputSource.class

     • org/xml/sax/SAXException.class

       You can perform this task in many ways. Two examples are provided here. Follow the method that suits you best:

     • The following method requires you to manually unjar and rejar the file:

       1. Download and place the file in the following directory:

          /tmp/ncsoprune/work

       2. Unjar the file while it is in that directory.

       3. Remove the preceding four classes.

       4. Rejar the file.

     • The following method requires you to run a script that automates the jar and unjar logic.

       1. Download and place the file in the following directory:

          /tmp/ncsoprune/work

       2. Run the following script:

     !/bin/ksh JAR=/usr/j2se/bin/jar JAR_FILE=NCSO.jar RM=/usr/bin/rm BASE_DIR= /tmp/ncsoprune WORK_DIR=${BASE_DIR}/work cd to director of jar file cd $WORK_DIR # unjar $JAR xvf $JAR_FILE prune classes $RM $WORK_DIR/org/w3c/dom/Document.class $RM $WORK_DIR/org/w3c/dom/Node.class $RM $WORK_DIR/org/xml/sax/InputSource.class $RM $WORK_DIR/org/xml/sax/SAXException.class jar $JAR cvf $BASE_DIR/$JAR_FILE META-INF com lotus org

2. Place the re-jarred NCSO.jar file in the following directory:

   PortalServer-base/SUNWportal/web-src/WEB-INF/lib

3. Redeploy the web application with the following command:

   PortalServer-base/ SUNWportal/bin/deploy redeploy

   Where PortalServer-base represents the directory in which the Sun Java System Portal Server was originally installed.

4. Restart the web container.