Skip to main content link. Accesskey S
  • HCL Logo
  • HCL Notes and Domino wiki
  • THIS WIKI IS READ-ONLY. Individual names altered for privacy purposes.
  • HCL Forums and Blogs
  • Home
  • Product Documentation
  • Community Articles
  • Learning Center
  • API Documentation
Search
Community Articles > Lotus Domino > Domino security > ID vault logging for 8.5 FAQ
  • Share Show Menu▼
  • Subscribe Show Menu▼

Recent articles by this author

Notes URLs
Notes URLs The launching of Notes URLs is the mechanism the client uses to create bookmarks and launch components. This document describes various configurations of that URL and the results of launching them. Format: notes:serverdbviewdocument?Commandparamsvalues Server Examples: NPD1, ...

IBM's phase 1 deployment of the Notes ID vault
IBM has begun its internal deployment of the Notes ID vault, the new Notes ID file recovery and management feature in Lotus Notes and Domino 8.5. This article provides a window on phase 1 of our ID vault deployment during which we deployed the ID vault in one of the domains used by the Lotus ...

Security Assertion Markup Language (SAML) Notes Federated Login
This article will cover the following topics for Security Assertion Markup Language (SAML) Notes Federated Login: Notes Federated Login Overview, Notes Federated Login Deployment Overview, Debug Tips. This content was provided by Na Pei of the IBM Notes Development team

Adding an ID vault password reset authority from a different organization
If a password reset authority is in an organization different from the organization assigned to your vault, you may need to take additional steps in order for the password reset authority to be able to reset passwords successfully. If not already created, you will need to create crosscertificates ...

Upgrading from Notes client single logon to Notes shared login
Lotus Notes 8.5 supports both Notes client single logon (introduced in an earlier release) and Notes shared login (new in 8.5). Notes single logon is not a supported configuration if you use the ID vault. Therefore, if you use the ID vault, use Notes shared login instead, which is designed to work ...
Community articleID vault logging for 8.5 FAQ
Added by Michael Stewart on April 27, 2021 | Version 1
  • Actions Show Menu▼
expanded Abstract
collapsed Abstract
No abstract provided.
Tags: Notes ID Vault
Where can I find logged ID vault messages?

ID vault messages are logged as "Security Events" in the log.nsf file. Open the log.nsf on your local client machine (or server machine) and click on "Security Events" on the left side panel to find the security logs.
Entries in the client log record actions taken on that client machine. Entries in the server log record actions taken by that server. If you have multiple replicas of the ID vault on multiple servers, you may have to look on each replica to find the information you are interested in.


Can I see the ID vault error messages in the Domino Domain Monitor (DDM)?

Yes, all server error messages are also reported to DDM.


Logged messages for user actions

What is logged when the user entered the wrong password after starting Notes?

Client log:
10/01/2008 01:52:11 PM  ID for 'CN=Samantha Daryn/O=RECompany' could not be authenticated in vault 'O=third' on server 'CN=pm1/O=RECompany'.  'Samantha Daryn/RECompany' made request.  Error: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.) on remote server

Server log:
10/01/2008 01:52:11 PM  ID for 'Samantha Daryn/RECompany' (IP Address 9.33.163.219:1295) in vault 'O=third' was not downloaded because the wrong password was supplied.  Error: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.)

Note: This message is logged whenever an incorrect password is entered. This may result because the user simply mistyped his password, or because an attacker is trying to guess the user's password. If this message is logged multiple times and/or for multiple users around the same time period, you may want to investigate the situation.


What is logged when the user provides a wrong password too many times?

Client log:
10/01/2008 04:11:15 PM  ID for 'CN=Samantha Daryn/O=RECompany' could not be authenticated in vault 'O=newest' on server 'CN=pm1/O=RECompany'.  'Samantha Daryn/RECompany' made request.  Error: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.) on remote server
...
...
...
10/01/2008 04:11:23 PM  ID for 'CN=Samantha Daryn/O=RECompany' could not be authenticated in vault 'O=newest' on server 'CN=pm1/O=RECompany'.  'Samantha Daryn/RECompany' made request.  Error: You have failed to supply the correct password too many times. Please contact your system administrator on remote server

Server log:
10/01/2008 04:11:15 PM  ID for 'Samantha Daryn/RECompany' (IP Address 9.33.164.153:2439) in vault 'O=newest' was not downloaded because the wrong password was supplied.  Error: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.)
...

...

...

10/01/2008 04:11:23 PM  ID failed to authenticate in vault 'O=newest'.  'Samantha Daryn/RECompany' (IP address 9.33.164.153:2439) made request.  Error: You have failed to supply the correct password too many times. Please contact your system administrator.

Note: This message is logged whenever an incorrect password is entered too many times. This may result because the user mistyped or forgot his password, or because an attacker is trying to guess the user's password. You may want to investigate the situation if these messages are logged multiple times.

The default maximum number of consecutive download attempts that are allowed in a day before attempts are denied is 10. Consecutive failed attempted passwords are kept in the bad password cache. Use the NOTES.INI variable "IDVault_Max_Auth_Failures" to configure the maximum number of daily consecutive download attempts.


What is logged when the user changes something in his ID file (such as adding a new document encryption key,) triggering a synchronization with the vault?

Client log:
10/01/2008 02:00:28 PM  ID 'C:\Program Files\Lotus\Notes\Data\user.id' successfully synchronized with vault 'O=third' on server 'CN=pm1/O=RECompany' by 'Samantha Daryn/RECompany'.

Server log:
10/01/2008 02:00:28 PM  ID successfully synchronized with vault 'O=third' for 'Samantha Daryn/RECompany' (IP Address 9.33.163.219:1313).


What is logged when the user recovers from a forgotten password by using the new password?

Client log:
10/01/2008 03:53:32 PM  ID 'C:\Program Files\Lotus\Notes\Data\user.id' successfully synchronized with vault 'O=newest' on server 'CN=pm1/O=RECompany' by 'Samantha Daryn/RECompany'.

Server log:
10/01/2008 03:53:31 PM  ID successfully synchronized with vault 'O=newest' for 'Samantha Daryn/RECompany' (IP Address 9.33.164.153:2406).


What is logged when the user lost his ID file, but the Notes client automatically recovers from a lost ID file?

Client log:
10/01/2008 03:37:36 PM  ID 'C:\Program Files\Lotus\Notes\Data\user.id' successfully downloaded from vault 'O=newest' on server 'CN=pm1/O=RECompany' by 'Samantha Daryn/RECompany'.

Server log:
10/01/2008 03:37:36 PM  ID successfully downloaded from vault 'O=newest' by 'Samantha Daryn/RECompany' (IP address 9.33.164.153:2350).


What is logged when the user lost his ID and attempts to log in with his password to download a new copy of his ID, but needs authorization to download his ID file?

Client log:
11/19/2008 12:01:51 PM  ID 'C:\Program Files\Lotus\Notes\Data\user.id' failed to download from vault 'O=third' on server 'CN=pm1/O=RECompany'.  'Samantha Daryn/RECompany' made request.  Error: ID in vault has download count of zero on remote server

Server log:
11/19/2008 12:01:51 PM  ID for 'Samantha Daryn/RECompany' (IP Address 9.33.162.148:1346) in vault 'O=third' was not downloaded because it has a download count of zero and therefore no more downloads of the ID are allowed .  Error: ID in vault has download count of zero
11/19/2008 12:01:51 PM  ID failed to upload to vault 'O=third'.  'Samantha Daryn/RECompany' (IP Address 9.33.162.148:1346) made request.  Error: ID in vault has download count of zero


Logged messages for Notes client actions

What is logged when the Notes client (without Notes shared login enabled) uploads a user's ID file for the first time?

Client log:
10/01/2008 03:26:52 PM  ID for 'CN=Samantha Daryn/O=RECompany' could not be authenticated in vault 'O=newest' on server 'CN=pm1/O=RECompany'.  'Samantha Daryn/RECompany' made request.  Error: Entry not found in index on remote server
10/01/2008 03:27:12 PM  ID 'C:\Program Files\Lotus\Notes\Data\user.id' successfully uploaded/synchronized to vault 'O=newest' on server 'CN=pm1/O=RECompany' by 'Samantha Daryn/RECompany'.

The error entry indicates that the client first tried synchronization with the vault by looking for the user's entry in the vault to verify passwords and it did not find the user's entry. The second entry indicates that the ID file was properly uploaded.

Server log:
10/01/2008 03:26:45 PM  Unable to find ID for 'Samantha Daryn/RECompany' in vault 'O=newest'.  Error: Entry not found in index
10/01/2008 03:26:45 PM  ID failed to authenticate in vault 'O=newest'.  'Samantha Daryn/RECompany' (IP address 9.33.164.153:2340) made request.  Error: Entry not found in index
10/01/2008 03:27:12 PM  ID successfully synchronized with vault 'O=newest' for 'Samantha Daryn/RECompany' (IP Address 9.33.164.153:2343).


What is logged when the Notes client is unable to upload the user's ID file because the user's policy is missing or incorrect?

Nothing is logged anywhere because there was no policy to tell the client to use the ID vault! Be aware that the following steps must all take place in order for the ID file to be uploaded the first time.
1. Proper effective policy must be created in the Directory.
2. It must replicate to the user's home server (delay depends on replication configuration.)
3. The policy view must be updated (delay is about 1 minute if update task is normally run.)
4. The policy cache must be refreshed (delay may be about 10 -15 minutes.)
5. User must authenticate with home server, notice new policy, and run dynconfig to fetch new policy (delay can vary.)
6. Once client knows that it should use the ID vault it schedules an upload sometime in the first 8 hours after it is started.

What is logged when the Notes client performed a periodic synchronization with the vault (or the user did a Switch ID), but no changes were found on either side?

Client log:
Nothing is logged.

Server log:
Nothing is logged.


What is logged when the Notes client contacts an 8.5 server without a vault and is referred to a vault server?

Client log:
Nothing is logged.

Server log:
Nothing is logged.


What is logged when the Notes client contacts the user's home server and all servers in the cluster to get a referral, but the vault transaction fails because there is no referral or all referral servers are down?

Client log:
Nothing is logged. However, setting the NOTES.INI variable DEBUG_IDVAULT_SERVER_SELECTION=1 will log all the attempts so that failures to perform vault transactions can be investigated.

Server log:
Nothing is logged.


Logged messages for ID vault administrator actions

What is logged when an administrator creates a new ID vault?

Client log:
10/01/2008 02:53:22 PM  ID Vault 'newest' with description 'Newest test vault' successfully created on server 'CN=pm1/O=RECompany'.

Server log:
10/01/2008 02:53:20 PM  ID Vault 'O=newest' on server 'CN=pm1/O=RECompany' successfully created by 'Ida Engel/RECompany' (IP address 9.33.164.153:2266).


What is logged when an administrator creates a new ID vault replica?

Client log:
10/01/2008 02:56:23 PM  Adding server Millie/RECompany as a vault host    Millie/RECompany was successfully added.

Server log:
10/01/2008 02:53:20 PM  ID Vault 'O=newest' on server 'CN=pm1/O=RECompany' successfully created by 'Ida Engel/RECompany' (IP address 9.33.164.153:2266).


What is logged when an administrator deletes an ID vault replica?

Client log:
10/01/2008 02:27:38 PM  Removing the server Millie/RECompany as a vault host    Millie/RECompany was successfully removed.

Server log:
10/01/2008 02:27:38 PM  ID Vault replica 'O=third' successfully deleted on server 'CN=Millie/O=RECompany' by 'Ida Engel/RECompany' (IP address 9.33.164.153:2238).


What is logged when an administrator deletes the last ID vault replica?

Client log:
10/01/2008 02:49:53 PM  Delete Vault /third

Server log:
10/01/2008 02:49:47 PM  ID Vault 'O=third' on server 'CN=pm1/O=RECompany' successfully deleted by 'Ida Engel/RECompany' (IP address 9.33.164.153:2260).


What is logged when a new ID vault administrator is added?

Client log:
10/01/2008 02:31:43 PM  Adding administrator Joe Blow/RECompany to this vault    Joe Blow/RECompany was successfully added.

Server log:
Nothing is logged on the server.


What is logged when an ID vault administrator is removed?

Client log:
10/01/2008 02:39:56 PM  Adding administrator Joe Blow/RECompany to this vault    Joe Blow/RECompany was successfully removed.

Server log:
Nothing is logged on the server.

Note: Client log should say "Removing administrator Joe Blow/RECompany from this vault..."


What is logged when a Password Reset Authority is added?

Client log:
10/01/2008 03:04:50 PM      PasswordReset Authority/RECompany will be able to reset passwords for users in organization /RECompany

Server log:
Nothing is logged on the server.


What is logged when a Password Reset Authority is removed?

Client log:
10/01/2008 02:44:00 PM      PasswordReset Authority/RECompany will no longer be able to reset passwords for users in organization /RECompany

Server log:
Nothing is logged on the server.


What is logged when a new Vault Trust Certificate is added?

Client log:
10/01/2008 03:00:54 PM  Creating vault trust certificate for /RECompany    /RECompany was successfully added.

Server log:
Nothing is logged on the server.


What is logged when a Vault Trust Certificate is removed?


Client log:
10/01/2008 02:47:04 PM  Removing vault trust certificate for /Orgb    /Orgb was successfully removed.

Server log:
Nothing is logged on the server.


What is logged when an ID vault operation is attempted but the Vault Trust Certificate is missing?

Client log:

10/01/2008 04:16:08 PM  ID 'C:\Program Files\Lotus\Notes\Data\user.id' failed to synchronize with vault 'O=newest' on server 'CN=pm1/O=RECompany'.  'Samantha Daryn/RECompany' made request.  Error: Missing or invalid Vault Trust certificate. Check the log file for details. on remote server

Server log:

10/01/2008 04:16:07 PM  Missing or invalid Vault Trust certificate from 'Samantha Daryn/RECompany' to '/newest': Entry not found in index
10/01/2008 04:16:07 PM  ID failed to upload to vault 'O=newest'.  'Samantha Daryn/RECompany' (IP Address 9.33.164.153:2458) made request.  Error: Missing or invalid Vault Trust certificate. Check the log file for details.


What is logged when an administrator creates a new ID vault policy?

Client log:
Nothing is logged.

Server log:
Nothing is logged.


Logged messages for actions by other authorities

What is logged when a Password Reset Authority resets a user's password?

Client log:
10/01/2008 03:49:53 PM  Password for 'Samantha Daryn/RECompany' with 0 downloads was reset on server 'pm1/RECompany'.

Server log:
10/01/2008 03:49:53 PM  Password for 'Samantha Daryn/RECompany' with 0 downloads was reset by 'Ida Engel/RECompany' (IP Address 9.33.164.153:2401) from process nserver.


What is logged when an administrator without password reset authority attempts to reset a user's password?

Client log:
11/17/2008 12:39:28 PM  Failed to reset password for 'Samantha Daryn/RECompany' with 0 downloads on server 'pm1/RECompany'.  Error: Missing or invalid Password Reset Trust certificate. Check the log file for details. on remote server

Server log:
11/17/2008 12:39:28 PM  Missing or invalid Password Reset Trust certificate from 'Samantha Daryn/RECompany' to 'John Smith/RECompany': Entry not found in index
11/17/2008 12:39:28 PM  Failed to set download count for 'Samantha Daryn/RECompany' to 0.  'John Smith/ReCompany' made request (IP Address 9.33.162.148:2316) from process nserver.  Error: Missing or invalid Password Reset Trust certificate. Check the log file for details.

 


What is logged when an password reset agent authority without password reset rights attempts to reset a user's password?
Server log:
11/17/2008 12:39:28 PM  Failed to reset password for 'Samantha Daryn/RECompany' with 0 downloads on server 'pm1/RECompany'.  Error: Missing or invalid Password Reset Trust certificate. Check the log file for details. on remote server

Note: Check if you added the server as a "password reset agent authority" to the ID Vault, that should solve the issue.

What is logged when a self-service password reset application has been used to reset a user's password successfully?

Server log:
11/17/2008 02:49:22 PM  Password for 'Samantha Daryn/RECompany' with 1 downloads was reset by 'pm1/RECompany' (IP Address 9.33.162.148:2425) from process nserver.
11/17/2008 02:49:22 PM  Password for 'Samantha Daryn/RECompany' with 1 downloads was reset on server 'CN=pm1/O=RECompany'.


What is logged when a self-service password reset application is used to reset a user's password, but the self-service agent has not been signed by a user with the appropriate self-service password reset authority?

Server log:
11/17/2008 02:30:50 PM  Failed to reset password for 'Samantha Daryn/RECompany' with 1 downloads on server 'CN=pm1/O=RECompany'.  Error: Agent containing ResetUserPassword method must be signed by a designated Password Resetter.


What is logged when a self-service password reset application is used to reset a user's password, but the server on which the application resides does not have password reset authority?

Server log:
11/24/2008 12:30:13 PM  Missing or invalid Password Reset Trust certificate from 'Samantha Daryn/RECompany' to 'pm1/RECompany': Entry not found in index
11/24/2008 12:30:13 PM  Failed to set download count for 'Samantha Daryn/RECompany' to 0.  'pm1/RECompany' made request (IP Address 9.33.162.148:2351) from process nserver.  Error: Missing or invalid Password Reset Trust certificate. Check the log file for details.
11/24/2008 12:30:13 PM  Failed to reset password for 'Samantha Daryn/RECompany' with 1 downloads on server 'CN=pm1/O=RECompany'.  Error: Missing or invalid Password Reset Trust certificate. Check the log file for details. on remote server


What is logged when an administrator extracts a user's ID from the vault knowing their current password?

Client log:
10/01/2008 03:57:31 PM  ID 'D:\notesfile\admin.id' successfully downloaded from vault 'O=newest' on server 'CN=pm1/O=RECompany' by 'Samantha Daryn/RECompany'.
10/01/2008 03:57:32 PM  ID for 'Samantha Daryn/RECompany' was extracted to 'D:\notesfile\foo.id' from vault 'O=newest' on server 'CN=pm1/O=RECompany'.

Server log:
10/01/2008 03:57:28 PM  ID successfully downloaded from vault 'O=newest' by 'Samantha Daryn/RECompany' (IP address 9.33.164.153:2418).

Note: The client logs two actions - first an attempt to download the file, and then an extraction to the specified file name.
The user's name mentioned above is the owner of the ID file, not the administrator. The server cannot determine the identity of the administrator because only the correct password is used in the transaction to download the ID file.


What is logged when an auditor extracts a user's ID from the vault?

Client log:
10/01/2008 04:03:47 PM  ID 'D:\notesfile\admin.id' successfully downloaded from vault 'O=newest' on server 'CN=pm1/O=RECompany' by 'Samantha Daryn/RECompany'.
10/01/2008 04:03:47 PM  ID for 'Samantha Daryn/RECompany' was extracted to 'D:\notesfile\foo.id' from vault 'O=newest' on server 'CN=pm1/O=RECompany'.

Server log:
10/01/2008 04:03:47 PM  ID for 'Samantha Daryn/RECompany' successfully extracted from vault 'O=newest' by auditor 'Ida Engel/RECompany' (IP address 9.33.165.38:4967).

Note: The client logs two actions - first an attempt to download the file, and then an extraction to the specified file name.


What is logged when an administrator attempts to extract ID file from vault without using a password, but does not have auditor privileges?

Client log:
10/01/2008 04:06:32 PM  ID '' failed to download from vault 'O=newest' on server 'CN=pm1/O=RECompany'.  'Samantha Daryn/RECompany' made request.  Error: You are not authorized to perform that operation on remote server
10/01/2008 04:06:32 PM  Failed to extract ID for 'Samantha Daryn/RECompany' to 'D:\notesfile\foo.id' from vault 'O=newest' on server 'CN=pm1/O=RECompany'.  Error: You are not authorized to perform that operation on remote server

Server log:
10/01/2008 04:06:32 PM  ID for 'Samantha Daryn/RECompany' could not be extracted from vault 'O=newest' by auditor 'John Smith/RECompany' (IP address 9.33.165.38:4987).  Error: You are not authorized to perform that operation

Note: The client logs two actions - first an attempt to download the file, and then an extraction to the specified file name.


  • Actions Show Menu▼


expanded Attachments (0)
collapsed Attachments (0)
Edit the article to add or modify attachments.
expanded Versions (1)
collapsed Versions (1)
Version Comparison     
VersionDateChanged by              Summary of changes
This version (1)Apr 27, 2021, 5:25:13 PMMichael Stewart  
expanded Comments (0)
collapsed Comments (0)
Copy and paste this wiki markup to link to this article from another article in this wiki.
Go ElsewhereStay ConnectedAbout
  • HCL Software
  • HCL Digital Solutions community
  • HCL Software support
  • BlogsDigital Solutions blog
  • Community LinkHCL Software forums and blogs
  • About HCL Software
  • Privacy
  • Accessibility