Where can I find logged ID vault messages?
ID vault messages are logged as "Security Events" in the log.nsf file. Open the log.nsf on your local client machine (or server machine) and click on "Security Events" on the left side panel to find the security logs.
Entries in the client log record actions taken on that client machine. Entries in the server log record actions taken by that server. If you have multiple replicas of the ID vault on multiple servers, you may have to look on each replica to find the information you are interested in.
Can I see the ID vault error messages in the Domino Domain Monitor (DDM)?
Yes, all server error messages are also reported to DDM.
Logged messages for user actions
What is logged when the user entered the wrong password after starting Notes?
Client log:
10/01/2008 01:52:11 PM ID for 'CN=Samantha Daryn/O=RECompany' could not be authenticated in vault 'O=third' on server 'CN=pm1/O=RECompany'. 'Samantha Daryn/RECompany' made request. Error: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.) on remote server
Server log:
10/01/2008 01:52:11 PM ID for 'Samantha Daryn/RECompany' (IP Address 9.33.163.219:1295) in vault 'O=third' was not downloaded because the wrong password was supplied. Error: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.)
Note: This message is logged whenever an incorrect password is entered. This may result because the user simply mistyped his password, or because an attacker is trying to guess the user's password. If this message is logged multiple times and/or for multiple users around the same time period, you may want to investigate the situation.
What is logged when the user provides a wrong password too many times?
Client log:
10/01/2008 04:11:15 PM ID for 'CN=Samantha Daryn/O=RECompany' could not be authenticated in vault 'O=newest' on server 'CN=pm1/O=RECompany'. 'Samantha Daryn/RECompany' made request. Error: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.) on remote server
...
...
...
10/01/2008 04:11:23 PM ID for 'CN=Samantha Daryn/O=RECompany' could not be authenticated in vault 'O=newest' on server 'CN=pm1/O=RECompany'. 'Samantha Daryn/RECompany' made request. Error: You have failed to supply the correct password too many times. Please contact your system administrator on remote server
Server log:
10/01/2008 04:11:15 PM ID for 'Samantha Daryn/RECompany' (IP Address 9.33.164.153:2439) in vault 'O=newest' was not downloaded because the wrong password was supplied. Error: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.)
...
...
...
10/01/2008 04:11:23 PM ID failed to authenticate in vault 'O=newest'. 'Samantha Daryn/RECompany' (IP address 9.33.164.153:2439) made request. Error: You have failed to supply the correct password too many times. Please contact your system administrator.
Note: This message is logged whenever an incorrect password is entered too many times. This may result because the user mistyped or forgot his password, or because an attacker is trying to guess the user's password. You may want to investigate the situation if these messages are logged multiple times.
The default maximum number of consecutive download attempts that are allowed in a day before attempts are denied is 10. Consecutive failed attempted passwords are kept in the bad password cache. Use the NOTES.INI variable "IDVault_Max_Auth_Failures" to configure the maximum number of daily consecutive download attempts.
What is logged when the user changes something in his ID file (such as adding a new document encryption key,) triggering a synchronization with the vault?
Client log:
10/01/2008 02:00:28 PM ID 'C:\Program Files\Lotus\Notes\Data\user.id' successfully synchronized with vault 'O=third' on server 'CN=pm1/O=RECompany' by 'Samantha Daryn/RECompany'.
Server log:
10/01/2008 02:00:28 PM ID successfully synchronized with vault 'O=third' for 'Samantha Daryn/RECompany' (IP Address 9.33.163.219:1313).
What is logged when the user recovers from a forgotten password by using the new password?
Client log:
10/01/2008 03:53:32 PM ID 'C:\Program Files\Lotus\Notes\Data\user.id' successfully synchronized with vault 'O=newest' on server 'CN=pm1/O=RECompany' by 'Samantha Daryn/RECompany'.
Server log:
10/01/2008 03:53:31 PM ID successfully synchronized with vault 'O=newest' for 'Samantha Daryn/RECompany' (IP Address 9.33.164.153:2406).
What is logged when the user lost his ID file, but the Notes client automatically recovers from a lost ID file?
Client log:
10/01/2008 03:37:36 PM ID 'C:\Program Files\Lotus\Notes\Data\user.id' successfully downloaded from vault 'O=newest' on server 'CN=pm1/O=RECompany' by 'Samantha Daryn/RECompany'.
Server log:
10/01/2008 03:37:36 PM ID successfully downloaded from vault 'O=newest' by 'Samantha Daryn/RECompany' (IP address 9.33.164.153:2350).
What is logged when the user lost his ID and attempts to log in with his password to download a new copy of his ID, but needs authorization to download his ID file?
Client log:
11/19/2008 12:01:51 PM ID 'C:\Program Files\Lotus\Notes\Data\user.id' failed to download from vault 'O=third' on server 'CN=pm1/O=RECompany'. 'Samantha Daryn/RECompany' made request. Error: ID in vault has download count of zero on remote server
Server log:
11/19/2008 12:01:51 PM ID for 'Samantha Daryn/RECompany' (IP Address 9.33.162.148:1346) in vault 'O=third' was not downloaded because it has a download count of zero and therefore no more downloads of the ID are allowed . Error: ID in vault has download count of zero
11/19/2008 12:01:51 PM ID failed to upload to vault 'O=third'. 'Samantha Daryn/RECompany' (IP Address 9.33.162.148:1346) made request. Error: ID in vault has download count of zero
Logged messages for Notes client actions
What is logged when the Notes client (without Notes shared login enabled) uploads a user's ID file for the first time?
Client log:
10/01/2008 03:26:52 PM ID for 'CN=Samantha Daryn/O=RECompany' could not be authenticated in vault 'O=newest' on server 'CN=pm1/O=RECompany'. 'Samantha Daryn/RECompany' made request. Error: Entry not found in index on remote server
10/01/2008 03:27:12 PM ID 'C:\Program Files\Lotus\Notes\Data\user.id' successfully uploaded/synchronized to vault 'O=newest' on server 'CN=pm1/O=RECompany' by 'Samantha Daryn/RECompany'.
The error entry indicates that the client first tried synchronization with the vault by looking for the user's entry in the vault to verify passwords and it did not find the user's entry. The second entry indicates that the ID file was properly uploaded.
Server log:
10/01/2008 03:26:45 PM Unable to find ID for 'Samantha Daryn/RECompany' in vault 'O=newest'. Error: Entry not found in index
10/01/2008 03:26:45 PM ID failed to authenticate in vault 'O=newest'. 'Samantha Daryn/RECompany' (IP address 9.33.164.153:2340) made request. Error: Entry not found in index
10/01/2008 03:27:12 PM ID successfully synchronized with vault 'O=newest' for 'Samantha Daryn/RECompany' (IP Address 9.33.164.153:2343).
What is logged when the Notes client is unable to upload the user's ID file because the user's policy is missing or incorrect?
Nothing is logged anywhere because there was no policy to tell the client to use the ID vault! Be aware that the following steps must all take place in order for the ID file to be uploaded the first time.
1. Proper effective policy must be created in the Directory.
2. It must replicate to the user's home server (delay depends on replication configuration.)
3. The policy view must be updated (delay is about 1 minute if update task is normally run.)
4. The policy cache must be refreshed (delay may be about 10 -15 minutes.)
5. User must authenticate with home server, notice new policy, and run dynconfig to fetch new policy (delay can vary.)
6. Once client knows that it should use the ID vault it schedules an upload sometime in the first 8 hours after it is started.
What is logged when the Notes client performed a periodic synchronization with the vault (or the user did a Switch ID), but no changes were found on either side?
Client log:
Nothing is logged.
Server log:
Nothing is logged.
What is logged when the Notes client contacts an 8.5 server without a vault and is referred to a vault server?
Client log:
Nothing is logged.
Server log:
Nothing is logged.
What is logged when the Notes client contacts the user's home server and all servers in the cluster to get a referral, but the vault transaction fails because there is no referral or all referral servers are down?
Client log:
Nothing is logged. However, setting the NOTES.INI variable DEBUG_IDVAULT_SERVER_SELECTION=1 will log all the attempts so that failures to perform vault transactions can be investigated.
Server log:
Nothing is logged.
Logged messages for ID vault administrator actions
What is logged when an administrator creates a new ID vault?
Client log:
10/01/2008 02:53:22 PM ID Vault 'newest' with description 'Newest test vault' successfully created on server 'CN=pm1/O=RECompany'.
Server log:
10/01/2008 02:53:20 PM ID Vault 'O=newest' on server 'CN=pm1/O=RECompany' successfully created by 'Ida Engel/RECompany' (IP address 9.33.164.153:2266).
What is logged when an administrator creates a new ID vault replica?
Client log:
10/01/2008 02:56:23 PM Adding server Millie/RECompany as a vault host Millie/RECompany was successfully added.
Server log:
10/01/2008 02:53:20 PM ID Vault 'O=newest' on server 'CN=pm1/O=RECompany' successfully created by 'Ida Engel/RECompany' (IP address 9.33.164.153:2266).
What is logged when an administrator deletes an ID vault replica?
Client log:
10/01/2008 02:27:38 PM Removing the server Millie/RECompany as a vault host Millie/RECompany was successfully removed.
Server log:
10/01/2008 02:27:38 PM ID Vault replica 'O=third' successfully deleted on server 'CN=Millie/O=RECompany' by 'Ida Engel/RECompany' (IP address 9.33.164.153:2238).
What is logged when an administrator deletes the last ID vault replica?
Client log:
10/01/2008 02:49:53 PM Delete Vault /third
Server log:
10/01/2008 02:49:47 PM ID Vault 'O=third' on server 'CN=pm1/O=RECompany' successfully deleted by 'Ida Engel/RECompany' (IP address 9.33.164.153:2260).
What is logged when a new ID vault administrator is added?
Client log:
10/01/2008 02:31:43 PM Adding administrator Joe Blow/RECompany to this vault Joe Blow/RECompany was successfully added.
Server log:
Nothing is logged on the server.
What is logged when an ID vault administrator is removed?
Client log:
10/01/2008 02:39:56 PM Adding administrator Joe Blow/RECompany to this vault Joe Blow/RECompany was successfully removed.
Server log:
Nothing is logged on the server.
Note: Client log should say "Removing administrator Joe Blow/RECompany from this vault..."
What is logged when a Password Reset Authority is added?
Client log:
10/01/2008 03:04:50 PM PasswordReset Authority/RECompany will be able to reset passwords for users in organization /RECompany
Server log:
Nothing is logged on the server.
What is logged when a Password Reset Authority is removed?
Client log:
10/01/2008 02:44:00 PM PasswordReset Authority/RECompany will no longer be able to reset passwords for users in organization /RECompany
Server log:
Nothing is logged on the server.
What is logged when a new Vault Trust Certificate is added?
Client log:
10/01/2008 03:00:54 PM Creating vault trust certificate for /RECompany /RECompany was successfully added.
Server log:
Nothing is logged on the server.
What is logged when a Vault Trust Certificate is removed?
Client log:
10/01/2008 02:47:04 PM Removing vault trust certificate for /Orgb /Orgb was successfully removed.
Server log:
Nothing is logged on the server.
What is logged when an ID vault operation is attempted but the Vault Trust Certificate is missing?
Client log:
10/01/2008 04:16:08 PM ID 'C:\Program Files\Lotus\Notes\Data\user.id' failed to synchronize with vault 'O=newest' on server 'CN=pm1/O=RECompany'. 'Samantha Daryn/RECompany' made request. Error: Missing or invalid Vault Trust certificate. Check the log file for details. on remote server
Server log:
10/01/2008 04:16:07 PM Missing or invalid Vault Trust certificate from 'Samantha Daryn/RECompany' to '/newest': Entry not found in index
10/01/2008 04:16:07 PM ID failed to upload to vault 'O=newest'. 'Samantha Daryn/RECompany' (IP Address 9.33.164.153:2458) made request. Error: Missing or invalid Vault Trust certificate. Check the log file for details.
What is logged when an administrator creates a new ID vault policy?
Client log:
Nothing is logged.
Server log:
Nothing is logged.
Logged messages for actions by other authorities
What is logged when a Password Reset Authority resets a user's password?
Client log:
10/01/2008 03:49:53 PM Password for 'Samantha Daryn/RECompany' with 0 downloads was reset on server 'pm1/RECompany'.
Server log:
10/01/2008 03:49:53 PM Password for 'Samantha Daryn/RECompany' with 0 downloads was reset by 'Ida Engel/RECompany' (IP Address 9.33.164.153:2401) from process nserver.
What is logged when an administrator without password reset authority attempts to reset a user's password?
Client log:
11/17/2008 12:39:28 PM Failed to reset password for 'Samantha Daryn/RECompany' with 0 downloads on server 'pm1/RECompany'. Error: Missing or invalid Password Reset Trust certificate. Check the log file for details. on remote server
Server log:
11/17/2008 12:39:28 PM Missing or invalid Password Reset Trust certificate from 'Samantha Daryn/RECompany' to 'John Smith/RECompany': Entry not found in index
11/17/2008 12:39:28 PM Failed to set download count for 'Samantha Daryn/RECompany' to 0. 'John Smith/ReCompany' made request (IP Address 9.33.162.148:2316) from process nserver. Error: Missing or invalid Password Reset Trust certificate. Check the log file for details.
What is logged when an password reset agent authority without password reset rights attempts to reset a user's password?
Server log:
11/17/2008 12:39:28 PM Failed to reset password for 'Samantha Daryn/RECompany' with 0 downloads on server 'pm1/RECompany'. Error: Missing or invalid Password Reset Trust certificate. Check the log file for details. on remote server
Note: Check if you added the server as a "password reset agent authority" to the ID Vault, that should solve the issue.
What is logged when a self-service password reset application has been used to reset a user's password successfully?
Server log:
11/17/2008 02:49:22 PM Password for 'Samantha Daryn/RECompany' with 1 downloads was reset by 'pm1/RECompany' (IP Address 9.33.162.148:2425) from process nserver.
11/17/2008 02:49:22 PM Password for 'Samantha Daryn/RECompany' with 1 downloads was reset on server 'CN=pm1/O=RECompany'.
What is logged when a self-service password reset application is used to reset a user's password, but the self-service agent has not been signed by a user with the appropriate self-service password reset authority?
Server log:
11/17/2008 02:30:50 PM Failed to reset password for 'Samantha Daryn/RECompany' with 1 downloads on server 'CN=pm1/O=RECompany'. Error: Agent containing ResetUserPassword method must be signed by a designated Password Resetter.
What is logged when a self-service password reset application is used to reset a user's password, but the server on which the application resides does not have password reset authority?
Server log:
11/24/2008 12:30:13 PM Missing or invalid Password Reset Trust certificate from 'Samantha Daryn/RECompany' to 'pm1/RECompany': Entry not found in index
11/24/2008 12:30:13 PM Failed to set download count for 'Samantha Daryn/RECompany' to 0. 'pm1/RECompany' made request (IP Address 9.33.162.148:2351) from process nserver. Error: Missing or invalid Password Reset Trust certificate. Check the log file for details.
11/24/2008 12:30:13 PM Failed to reset password for 'Samantha Daryn/RECompany' with 1 downloads on server 'CN=pm1/O=RECompany'. Error: Missing or invalid Password Reset Trust certificate. Check the log file for details. on remote server
What is logged when an administrator extracts a user's ID from the vault knowing their current password?
Client log:
10/01/2008 03:57:31 PM ID 'D:\notesfile\admin.id' successfully downloaded from vault 'O=newest' on server 'CN=pm1/O=RECompany' by 'Samantha Daryn/RECompany'.
10/01/2008 03:57:32 PM ID for 'Samantha Daryn/RECompany' was extracted to 'D:\notesfile\foo.id' from vault 'O=newest' on server 'CN=pm1/O=RECompany'.
Server log:
10/01/2008 03:57:28 PM ID successfully downloaded from vault 'O=newest' by 'Samantha Daryn/RECompany' (IP address 9.33.164.153:2418).
Note: The client logs two actions - first an attempt to download the file, and then an extraction to the specified file name.
The user's name mentioned above is the owner of the ID file, not the administrator. The server cannot determine the identity of the administrator because only the correct password is used in the transaction to download the ID file.
What is logged when an auditor extracts a user's ID from the vault?
Client log:
10/01/2008 04:03:47 PM ID 'D:\notesfile\admin.id' successfully downloaded from vault 'O=newest' on server 'CN=pm1/O=RECompany' by 'Samantha Daryn/RECompany'.
10/01/2008 04:03:47 PM ID for 'Samantha Daryn/RECompany' was extracted to 'D:\notesfile\foo.id' from vault 'O=newest' on server 'CN=pm1/O=RECompany'.
Server log:
10/01/2008 04:03:47 PM ID for 'Samantha Daryn/RECompany' successfully extracted from vault 'O=newest' by auditor 'Ida Engel/RECompany' (IP address 9.33.165.38:4967).
Note: The client logs two actions - first an attempt to download the file, and then an extraction to the specified file name.
What is logged when an administrator attempts to extract ID file from vault without using a password, but does not have auditor privileges?
Client log:
10/01/2008 04:06:32 PM ID '' failed to download from vault 'O=newest' on server 'CN=pm1/O=RECompany'. 'Samantha Daryn/RECompany' made request. Error: You are not authorized to perform that operation on remote server
10/01/2008 04:06:32 PM Failed to extract ID for 'Samantha Daryn/RECompany' to 'D:\notesfile\foo.id' from vault 'O=newest' on server 'CN=pm1/O=RECompany'. Error: You are not authorized to perform that operation on remote server
Server log:
10/01/2008 04:06:32 PM ID for 'Samantha Daryn/RECompany' could not be extracted from vault 'O=newest' by auditor 'John Smith/RECompany' (IP address 9.33.165.38:4987). Error: You are not authorized to perform that operation
Note: The client logs two actions - first an attempt to download the file, and then an extraction to the specified file name.