Control of Sametime user policy using Managed Settings in Domino Policy

For the past few years I have advised against using Managed Settings in Domino Policy because of bad experiences using this particluar way to manage the Sametime clients. For one thing, you can't managed the stand-alone client this way which means that unless you are 100% sure that users will use the embedded Notes ST client, you should always use the Managed-settings.xml file approach.
Having said that, I have clients that have used the Managed Settings in Domino Policy because that the way they manage their users Notes clients and no-one in their environment uses the stand-alone client. When I have worked with these clients on Sametime deployments, I have moved them to the XML-based way of thinking but in some cases we have had residual effects left behind by the attempted usage of Managed Settings in Domino Policy. These residual effectes were left due to a misunderstanding of the way Managed Settings in Domino Policy works.
When you set a Managed Settings in Domino Policy, you set it in the Desktop Policy settings under the "Managed Settings" tab which is under the "Custom Settings" main tab i.e.

The most important thing to mention here is:
IF YOU WANT TO REMOVE THESE SETTINGS, DO NOT SIMPLY DELETE THE SETTING FROM HERE.
If you already set this in the policy, then the setting is saved to the desktop policy. If you delete this line, it DOES NOT remove this setting from the policy. This is "working as designed" by IBM and it is understandable if you think about it.
So if you want to change this setting, you set it to "off" or "false" or whatever you need it to be set to, to turn it off.... just remember, you don't delete the line.
Using this approach, you can rectify issues that may have set desktop policy in the past and there is no reference in the GUI to the setting - you can only find these settings by looking at the Policy using "Document - properties" on the Policy document (or by using a cool tool like the Ytria scanEZ tool)

To validate what I just stated above about the policy not being deleted, I removed the two lines you see in the screen shot above and saved the policy - here is a acsreenshot of the policy with the two lines removed but with the document properties window open to show the actual settings STILL in the policy:

So the bottom line here is not to use Managed Settings in Domino Policy if at all possible and use Managed-Settings.xml in a web accessible form for providing Sametime user's with policy. However, if someone has dabbled previously with Managed Settings in Domino Policy, bear this in mind as there may be hidden policy settings that you cannot see through the GUI affecting the Policy that is pushed to the client.

Sametime 8.5.1 client - beware!!

Ok, so I consider it my duty to report that the ST client V8.5.1 has some issues.... Especially when you're implementing Audio/Video services and you want to limit those services to a small population of users....which is what we are trying to do currently.... So, the majority of users in our 100k environment have the 8.5.1 client. These users can actually only use AV services if they are on the VPN but regardless of that, they must register with the AV proxyRegistrar even if our policy dictates they don't even have AV services! This is because the 8.5.1 client tries to login to the proxyRegistrar server before it even looks at the policy.... Which means if you have 38k users logging in and only 40 of them have AV enabled through policy, then you have 38k proxy registrar logins (with the corresponding 38k LDAP hits)..... This situation is a big problem and is only really solved by upgrading the client to 8.5.2+, which is no trivial thing in a large environment. Recommendations to alleviate the problem: turn SIP security off so the PR registration doesn't have to do an additional authentication... It will still do a lookup on the user to make sure they exis but won't try and authenticate. There are some other recommendations to increase the LDAP cache which I can point you at if you contact me at andy@imcollaboration.com

Important tip on Sametime installs - increase the JVM heap size for Installation Manger

I wanted to mention this tip as I have just finished my part of a 80+ Sametime server environment and this tip helps the installer work so much better (including helping it not to crash "out of memory" sometimes):

• Increase the JVM heap size for the Installation Manager
• Close Installation Manager
• Go to the Installation Manager install directory (C:\Program Files\IBM\Installation Manager\eclipse)
• Add the line "-Xmx1024m" to IBMIM.ini
• Run the offering launchpad again to invoke the installation

Thanks to Tony Payne and Andy Yiu from IBM for this tip.

Sametime View article

I forgot to mention that I recently published a general article on Sametime 8.5.x in the View and I am currently writing another article on upgrading your Sametime Community server to 8.5.2 IFR1.
You can see the View article here:
Sametime 8.5.2 — Unifying Communication and Collaboration in the Enterprise

Great link for information on Sametime

I have decided to start blogging a little more now after a recent hiatus caused by too much work :-).
I came across the following link on Instant-Tech's blog which has lots of great Sametime information:

http://blog.instant-tech.com/2008/08/very-useful-sametime-debugging-faqs.html

I also saw another blog which details a lot of the information about managing client settings that I had blogged about, so I wanted to tie the two together - check out this link:

http://kbild.ch/2011/05/change-sametime-client-8-5-x-settings-after-deployment-through-managed-settings-xml/

Presentation from PACLUG

Hi to everyone who attended my PACLUG presentation on "Sametime for Administrators" - as promised, here is the updated presentation.

PACLUG sametime presentation

View more presentations from amhiggins.

Let me know if you have questions or comments..and subscribe to my blog!!
Cheers,
   Andy

Follow up to last blog

So now finally, I can post my findings on what I posted back in April.
The question was where do we get the Sametime community server from? It used to be in the Location document in the client but with the new embedded client, it's now in an XML file (community-config.xml) here:
C:\Lotus\Notes\Data\workspace\.metadata\.plugins\com.ibm.collaboration.realtime.community.sametime
There is actually a lot of information in this file and it seems to come from the plugin_configuration.ini file (PC.ini) (on first install) and from the managed-settings.xml (which can be called something else - it is referenced from either the PC.ini or from the Sametime Policy for that user.
So that's where it IS now... and for a new install it comes from the PC.ini file, but what if you're upgrading?
Well, for the embedded client it can be pushed using a Domino Policy i.e.

  This is where the Sametime chat server is configured and has been for sometime... but wait, there is another place where it can be set:

and this seems to be for the older "basic" clients (pre-eclipse and non-eclipse V8+) in the first part and for Standard clients in the second..... so how do all these play together?

It seems that the first screen was used first... and then as the product developed, the second screen came in to be for the new Eclipse-based  Sametime client..... and now we have the Plugin_customization.ini file for the current embedded client in Notes.

With V8.5.1.1, I have been told that the client now reads the PC.ini file every time it is started, so in order to push the server down, you need to set it in the PC.ini file with the line:

com.ibm.collaboration.realtime.community/host=community.server.com

In my last customer deployment we had ONE community server and for safety's sake, we had it in every place it could be just to make sure that it was being set.