Skip to main content link. Accesskey S
  • HCL Logo
  • HCL Notes and Domino wiki
  • THIS WIKI IS READ-ONLY. Individual names altered for privacy purposes.
  • HCL Forums and Blogs
  • Home
  • Product Documentation
  • Community Articles
  • Learning Center
  • API Documentation
Search
Community Articles > IBM Notes Traveler > Caution: banned apple users 8.5.1 to 8.5.2 security policies and old Active Sync versions.
  • Share Show Menu▼
  • Subscribe Show Menu▼

Recent articles by this author

McAfee and Domino 8.5 Exclusions guide and issues.

McAfee is a little behind on Domino 8 support. Domino server performance can take a hit. Here is some info and hotfix stuff to guide you .

Caution: banned apple users 8.5.1 to 8.5.2 security policies and old Active Sync versions.

If you have Apple users that were installed (especially iPads) on traveler 8.5.1 and you migrate to 8.5.2 take special care to not select any security policy until the devices security policies become fully compliant . There are problems with them running an older version of Active Synch that may ...

LEI Release Notes and Domino 8.5.2 requirements

To help find information quickly on LEI . Point releases must be the same for the Domino server running LEI for both 3264 bit servers.

Notes Traveler 8.5.1.1 simple installation screens and post install verification commands to use.

Here is just a screen capture of a live Notes Traveller 8.5.1.1 install on a Domino 8.5.1 server (see attached file.) Also, some post install Domino console commands to use to make sure you have a good install.
Community articleCaution: banned apple users 8.5.1 to 8.5.2 security policies and old Active Sync versions.
Added by ~Chloe Prefoolygon | Edited by ~Chloe Prefoolygon on September 29, 2010 | Version 3
  • Actions Show Menu▼
expanded Abstract
collapsed Abstract
If you have Apple users that were installed (especially iPads) on traveler 8.5.1 and you migrate to 8.5.2 take special care to not select any security policy until the devices security policies become fully compliant . There are problems with them running an older version of Active Synch that may cause the device to be banned from traveler.
Tags: Lotus Notes Traveler Administration
 
If you have Apple users that were installed (especially iPads) on traveler 8.5.1 and you migrate to 8.5.2 take special care to not select any security policy until the devices security policies become fully compliant . There are problems with them running an older version of Active Synch that may cause the device to be banned from traveler.
 
Here is a discussion thread that may save time or prevent you from setting up new policy resrictions.
 
http://www-10.lotus.com/ldd/nd85forum.nsf/ShowMyTopicsAllThreadedweb/4ec1cd569e7f1c23852577ac00655b8e?OpenDocument 
 
Thanks to Robert S Sielken for the response to my thread.
 
There have been a couple of PMRs on this same issue.

The issue is that the "Prohibit devices incapable of security enablement" has been checked. The existing devices are only using ActiveSync 2.5 and cannot support all of the security settings because many of them are only in ActiveSync 12.1. The devices get "banned" and cannot log into the system to switch to AS 12.1 and get the banned removed.

Allowing the existing devices that got banned back into the system can be done in at least 3 ways, but APAR LO55130 is definitely the easiest. To get the APAR, you will have to open a PMR and L2 can provide the APAR fix once it is available (it is still being internally tested).

Here are three different sets of steps for the Admin to use depending on how the Admin wants to allow banned devices back into Traveler:

A. Server with APAR LO55130 - Device power off and power on.
1. Tell the device users to reboot their device(s). Reboot means power completely off by holding the power button and sliding it off and then power on with the power button (not just turning the screen off and on) . Without powering off and back on, the device will continue to use the old security protocol instead of the new protocol which is needed. Traveler tells the device to switch to the new protocol, but the Apple device ignores that request and continues to use the old protocol until the device is rebooted.

B. Current server (no APAR LO55130) - Clean up and reinstall the device accounts (Apple profile or manual) as needed..
1. On the device, remove the account (Apple profile or manual).
2. On the server, "tell traveler delete ".
3. On the server, "tell traveler security delete ".
4. On the device, reinstall the account.

C. Current server (no APAR LO55130) - Turn off "Prohibit devices incapable of security enablement" until all the devices have upgraded.
1. Shutdown Traveler (tell traveler shutdown)
2. Open the Default Settings or Policy definition and uncheck "Prohibit devices incapable of security enablement".
3. Start Traveler (load traveler). When Traveler loads, it will prime sync each device and remove the banned flags allowing the devices to access the system.
4. Tell the device users to reboot their device(s). Reboot means power completely off by holding the power button and sliding it off and then power on with the power button (not just turning the screen off and on) .
5. After the device has rebooted and synced with the server, it needs to do another configuration with the server. To do this, issue "tell traveler push flagsadd serviceability configGet " for each device in the server console.
6. The device will do the configuration steps when it next syncs or connects to push.
7. Confirm the device is fully compliant by looking in LotusTraveler.nsf or running the show tell command (tell traveler show ). In LotusTraveler.nsf, you are looking for the value in the Security Policy column in the Device Security view. In the show tell command output, you are looking for the Security Policy Status value. If the value is "Compliant - limited", the device has not upgraded yet. If the value is "Compliant", then the device is upgraded.
8. Once all of the devices are upgraded (Compliant instead of Compliant - limited), turn "Prohibit devices incapable of security enablement" back on.
Note: any new devices will start with the full settings, so these steps are only necessary for existing devices.


Feedback response number RSSN89RNX9 created by Robert S Sielken on 09/29/2010
 

 

  • Actions Show Menu▼


expanded Attachments (0)
collapsed Attachments (0)
Edit the article to add or modify attachments.
expanded Versions (1)
collapsed Versions (1)
Version Comparison     
VersionDateChanged by              Summary of changes
This version (3)Sep 29, 2010, 8:03:24 PM~Chloe Prefoolygon  
expanded Comments (0)
collapsed Comments (0)
Copy and paste this wiki markup to link to this article from another article in this wiki.
Go ElsewhereStay ConnectedAbout
  • HCL Software
  • HCL Digital Solutions community
  • HCL Software support
  • BlogsDigital Solutions blog
  • Community LinkHCL Software forums and blogs
  • About HCL Software
  • Privacy
  • Accessibility