User ID files not being uploaded to the ID vault
If you are an administrator attempting a test deployment of the ID vault and do not see certain user IDs being uploaded to the vault, check the following:
1. Is your test deployment user using Lotus Notes 8.5 or higher? To use a vault, Lotus Notes clients must run Release 8.5 or later.
2. Have the necessary vault trust certificates been created? In the Domino Administrator, under the "People & Groups" tab, under "Certificates," check that the expected "Vault Trust Certificates" exist.
Using a password reset application with the ID vault
If you are an administrator having trouble deploying a password reset application for use with the ID vault, try the following:
1. Check that the basic ID vault and user have been set up correctly.
To do this, you may can try resetting the user's password in the Notes Administrator. This will ensure that (1) the user's ID is indeed in the vault and that (2) an ID vault policy has been applied to the user.
(This may be especially pertinent if you are seeing the "Entry not found in Index" error in the server log.)
- The message "The Notes ID ... is not vaulted." indicates that an ID vault policy has not been applied to the user.
- The message "User's ID has not been uploaded to the Notes ID vault." indicates the user's ID is not in the ID vault yet.
2. Check the rights of the password reset agent signer. (If not already signed, sign the agent using Domino Designer.)
- In the Server document (in the Domino Directory) of the server(s) on which the agent will run, check that the agent signer has "Run restricted LotusScript/Java agents" access.
- In the ID vault wizard in the Domino Administrator, check that the signer of the password reset agent is an authorized password resetter with "Password reset agent authority."
- In the ID vault wizard in the Domino Administrator, check that the server(s) on which the agent will run is an authorized password resetter.
3. In Domino Designer, check the security settings of the agent.
- Under "Properties - Security" settings of the agent, double check that "Run as web user" has not been checked.
4. Within the agent code, check that ResetUserPassword is called with the correct server name and user name values.
- Is the user's full name being used? For example "John Smith/Acme" and not just "John Smith."