This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Sanjay Umtumisonikle
Nov 7, 2014, 2:06 AM
51 Posts

Still cannot execute KYRTOOL

  • Category: Security
  • Platform: All Platforms
  • Release: 9.0.1,9.0
  • Role:
  • Tags:
  • Replies: 15

Dave, thanks for your continued support. I'm still encountering issues running the kyrtool. I unzipped in my Notes program folder. It creates a "kyrtool" folder with Linux32, Linux64, w32, w64, etc. The command below yields the "The application is unable to start correctly (0xc000007b)..." error. When I try from the w32 folder, it cannot find the nnotes,dll even though the location (C:\Program Files (x86)\IBM\Lotus\Notes) is confirmed. What am I doing wrong?

C:\Program Files (x86)\IBM\Lotus\Notes\kyrtool\w64> kyrtool =C:\Program Files (x86)\IBM\Lotus\Notes\notes.ini create -h

***I have tried without the "create" command and even attempted placing kyrtool.exe in the root program directory. My client has been upgraded to the latest level (9.0.1.2 with IF). I wouldn't think this matters re: just executing from the command line. 

 

~Fred Asatumiburynds
Nov 7, 2014, 4:32 PM
107 Posts
Try putting kyrtool.exe directly in the Notes program folder, not a subfolder.
That's how it worked for me.
~Sanjay Umtumisonikle
Nov 7, 2014, 10:34 PM
51 Posts
KYRTOOL in Program Folder

Jochen,

Thanks, I'll try again. I initially placed the kyrtool.exe file in the program folder w/o success. I kept getting the 0xc0000007b error. I ran as administrator, etc. The wiki mentions extracting the ZIP file in the program directory. This creates the subfolders, of course. I'm using Windows 7 Professional. I'm assuming you're just launching from a CMD window. This seems so simple, not certain why I'm encountering problem. I'm wondering whether my A/V or some other program is interfering. I might boot into safe mode or something to isolate other applications on my end.

Best regards,
Michael

~Tip Umfooburynds
Nov 7, 2014, 11:00 PM
3 Posts
Try the 32-bit version of kyrtool.exe

Michael -- Try using the 32-bit version of kyrtool.exe (located in the kyrtool\w32 folder of the kyrtool.zip file).  I can duplicate the error message you receive when I try the 64-bit version.

Richard

~Sanjay Umtumisonikle
Nov 7, 2014, 11:16 PM
51 Posts
Thanks Richard (w32 KYRTOOL worked) + Internal CA vs. 3rd-party CA

Richard,

Update: I'm just wondering how many people are using the internal (Domino) CA vs. a 3rd party. I have always gone with 3rd party SSL certificates when external users accessed. If internal only and using LAN or VPN connection, I could see using the Domino CA process. What about internal users only accessing from the Internet? Would a keyring with certificate issued by the Domino CA be acceptable for internal users accessing a site? I just want to make sure there are no issues (e.g. Traveler, etc.).

Thanks, I'm certain I tried the 32-bit version earlier. It worked this time. I might have only attempted execution from w32 folder vs. directly in the program directory. When I copied to the program folder, it worked. There's definitely an issue with the 64-bit version.

Regards,
Michael

~Tanita Desweverobu
Nov 10, 2014, 8:50 PM
94 Posts
32 bit vs 64 bit and internal CAs
The 64-bit version of kyrtool will not be able to run against a 32-bit version of Notes/Domino -- if you're using 32-bit N/D on a 64-bit OS, you'll need to use the 32-bit version of kyrtool.

Some organizations centrally manage their end users' web browsers and certificate stores. In those cases, admins can easily distribute the root certs from their internal CAs, making them indistinguishable from a third party CA, just much less expensive and far more flexible.
~Tip Umfooburynds
Nov 11, 2014, 1:08 AM
3 Posts
Re: Thanks Richard (w32 KYRTOOL worked) + Internal CA vs. 3rd-party CA

Michael --

You're welcome.

 

Would a keyring with certificate issued by the Domino CA be acceptable for internal users accessing a site?

Absolutely.

 

I'm just wondering how many people are using the internal (Domino) CA vs. a 3rd party. I have always gone with 3rd party SSL certificates when external users accessed. If internal only and using LAN or VPN connection, I could see using the Domino CA process. What about internal users only accessing from the Internet?

If "external users" means the general public then it may make more sense to use third-party certificates instead of managing your own. But if your target audience is under your control (regardless of whether or not they access your servers internally or from the internet) as long as they're all able/willing to install your certificates, it probably makes better economic sense to create, manage and distribute your own (as Dave Kern from IBM points out in this thread). Domino is powerful enough to do this already so why pay a third party to do what you can do yourself at no additional cost?

Richard


This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal