HCL Sametime 11 on Ubuntu 18.04 Installation

Mindwatering Incorporated

Author: Tripp W Black

Created: 06/08 at 06:54 PM


Domino Upgrades / Installations

Ubuntu 18.04 and HCL Domino and HCL Sametime 11 Community Server Installation

Unless you are using Ubuntu for internal reasons, switch to the CentOS 7.7 and HCL Sametime 11 Community Server Installation

Important Notes:
- WARNING - Ubuntu is NOT a support Linux distro for HCL Domino 11 and HCL Sametime 11. We run CentOS 7.7 for our Mindwatering clients running Linux. We use Ubuntu only for "internal-only" Mindwatering production servers since we prefer this distro. See the other CentOS 7 Installs and Upgrade support documents in this support app for CentOS 7.6 and CentOS 7.7.
- We started this install from a VM template that already had the OS and prerequisites already installed. So these instructions skip the prerequisite steps. We have added a second section for the Ubuntu 18.04 prerequisite steps under the main instructions below.
- We installed the same libraries needed for IBM Sametime 8.5 and Sametime 9. The installation gave us no errors, so there do not appear to be any new library prerequisites. Since the HCL documentation is not yet released, we cannot say if there is anything missed.
- If you notice any errors, just us know using the Contact link at the top menu of this site.

Ubuntu OS installation and OS prerequisite steps are included in this document below.


Domino 10.0.1 Upgrade
to Domino 11.0
and Sametime Installation:


Mongo Db Installation:
Added Mongo Community Edition to Ubuntu Repository:

Note: 4.x version doesn't work with vs 3 auth. Gives NoPermission error to service.
$ sudo wget -qO - https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add -
$ sudo echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list

Install the MongoDb 3.6.5 edition:
$ echo 'deb https://repo.mongodb.org/apt/ubuntu '$codename'/mongodb-org/3.6 multiverse' | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
$ sudo apt-get update

Install MongoDb:
$ sudo apt-get install mongodb-org=3.6.5

Check to see MongoDB is enabled and running (it wasn't). Enable and start the service:
$ systemctl status mongod.service
$ sudo systemctl enable mongod.service
$ sudo systemctl start mongod.service
$ systemctl status mongod.service

Enter the Mongo shell:
$ sudo mongo
Disable the Cloud Free Monitoring Reminder (or enable if desired):
> db.disableFreeMonitoring()
or to enable: db.enableFreeMonitoring()
<note: Nothing is returned with the disable command>

Do the Mongo.DB HCL db set-up:
> use admin
--> returned message: switched to db admin
> db.system.users.remove({})
--> returned message: WriteResult({ "nRemoved" : 0 })
> db.system.version.find()
--> returned message: { "_id" : "featureCompatibilityVersion", "version" : "4.2" ... }
We need the authSchema version output to be version 3. Running the following commands from HCL:
> db.system.version.insert({ "_id" : "authSchema", "currentVersion" : 3 })
--> returned message: WriteResult({ "nInserted" : 1 })
> db.system.version.find()
--> returned message now includes authSchema to be version 3
> exit

Restart the MongoDb service:
$ sudo systemctl stop mongod
$ sudo systemctl start mongod

Create the sametime database and two collections:
> mongo
> use chatlogging
--> returned message: switched to db chatlogging
> db.createCollection("SESSIONS")
--> returned message: { "ok" : 1 }
> db.createCollection("EVENTS")
--> returned message: { "ok" : 1 }

Create the sametime user and give it a password. Remember the password for in a later step.
> db.createUser({user:"sametimeUser", pwd:"mystpwd", roles:[{role:"readWrite", db:"chatlogging"},{role:"userAdminAnyDatabase", db:"admin"}]})
--> returned message: Successfully added user: { ...

Update the Mongo configuration /etc/mongod.conf to add replication and change the network settings.
$ sudo systemctl stop mongod
$ sudo vi /etc/mongod.conf
Updated the net section to bind to both the localhost and main server IP, it should look like this:
# network interfaces
port: 27017
Update the repliation section, currently commented out to look like this:
replSetName: rs0
Save the file.

The mongod.conf configuration file is YAML, it uses indentations to delineate what goes inside the line above it. Therefore, don't use tabs, and watch the number of spacebar hits. You may want to make one change at a time and restart the MongoDB after each change so you know which edit caused the server to fail.
The HCL MS Windows document indicates to use BindIpAll. The documentation seems to hint that this is possibly equivalent to which would make MongoDb at risk for attack. Instead, we used a list above.

Restart the MongoDb service and check for errors
$ sudo systemctl stop mongod
$ sudo systemctl status mongod
< look for active. if there is an error, the error messages can be cryptic >

Create the replica set:
$ sudo mongo
> rs.initiate()

You can confirm it with:
> rs.conf()
> rs.status()
> exit

GUI Install:
Add the GUI to make the Sametime server install simpler (aka possible):
$ sudo apt-get install --no-install-recommends ubuntu-desktop

If you want to use the MongoDb Compass client, download the deb file and install it:
$ cd /home/sysadmin/tmp/
$ sudo apt install ./mongodb-compass-community_1.20.4_amd64.deb

Reboot to enter the GUI:
$ sudo reboot

Domino Installation:
Note; If the install properly detected that the server had no X11, it will be continued in console (terminal) mode.

Copy the installation file to the Domino server:
- Domino_11.0_Linux_English.tar

2. Started SSH Terminal to server.
$ ssh myadmin@myserver.mindwatering.com
<enter password>

3. Perform the installation.

Stop the Domino services if running:
$ sudo systemctl stop domino.service

Install Domino 11:
$ cd /home/myadmin/tmp/dom11/
$ tar -xvf Domino_11.0_Linux_English.tar
<watched files extracted>
$ cd linux64
$ ./install
<go through the prompts>
- The steps/questions are the same. But the navigation is a bit different as the new installation program is InstallAnywhere. So you click <enter> instead of <tab> to accept a setting, and you have to use "0" to get to the end of the license fine print page.
- Since my server has been upgraded over the years, the executable path still shows an IBM based one. Update if yours if different. We also use /local/notesdata for our data path. Also, our Domino server user id is notes.
- Major releases always have a directory upgrade, the server "hangs" waiting on the answer. So our first boot into 11 will be manually.

- Important -
If you have an existing (old) ST server, create a replica of the vpuserinfo.nsf on the new Domino Sametime server using the Domino Admin client.

4. Start the server manually.
$ cd /local/notedata/
$ su notes
$ /opt/ibm/domino/bin/server
< wait for boot >

Shutdown the Domino service.
> q

5. Exit being the notes user, and start the server normally.
$ exit

Once installed, start the Domino service
$ sudo systemctl start domino.service

Sametime Installation:
Transfer the Sametime installation file to the ST server:
- Sametime_11.0_CommunityServer_Linux64.tar
$ cd /home/myadmin/tmp/
$ sudo tar -xvf Sametime_11.0_CommunityServer_Linux64.tar

There are two directories produced.
The GSKit folder needed to encrypt ST communications. (See our R9 docs on that process in this repository)
$ cd Server/
$ chmod g+x install.bin
$ chmod u+x install.bin
To install with the Gnome (GUI) Desktop:
$ sudo ./install.bin
Click OK at the Sametime installation window/dialog.
Click Next and proceed through the installation steps.

To install Sametime from console:
Download the installer.properties "silent" file attached to the same location as the Sametime 11 installation tar file, or copy and clean-up the contents from the Sametime 11 Admin. Guide.
$ vi installer.properties
- Update UNIX_UserName and UNIX_GroupName if not notes.
- Update UNIX_SERVERNAME to your server's hostname.
- If using LDAP instead of Domino for your directory, change DIRECTORY_TYPE_DOMINO=0, change DIRECTORY_TYPE_LDAP=1, and complete the LDAP_SERVER and LDAP_PORT with your settings.
- Update the ST_BRANDING_INFO=entry, or ST_BRANDING_INFO=standard, depending on your license.
Install with:
$ ./install.bin -i silent
- It will look for the installer.properties file automatically. Alternately, you can use the -f flag to specify an alternate folder location.
- When the server is installed correctly, this file will have 0 as content: /local/notesdata/stsetup_exit_status.txt. Otherwise, it will contain any error messages.

Before starting the Domino services, update the chatlogging.ini file:
# cd /local/notesdata/
# vi chatlogging.ini
Update the CL_MONGO_PASSWORD= line to the sametime password noted above.
Save the file.

Before starting the Domino services, update the samtime.ini file:
$ vi sametime.ini
Find the line VPS_ALLOWED_LOGIN_TYPES. If you have this line, add the client IDs 1312 and 12A2 to the existing list.
Find the line VPS_PREFERRED_LOGIN_TYPES. If you have this line, add the client IDs 1312 and 12A2 to the existing list.
Save the file.

Manually start the Domino Sametime server, look for any errors.
$ cd /local/notedata/
$ su notes
$ /opt/ibm/domino/bin/server
< wait for boot >


Ubuntu 18.04 Linux Installation
and Prerequisite Steps:


Linux Install:
Use the server (non-Desktop) installation. In this case we used:

- I don't personally prefer the live version, so we use ubuntu-18.04.3-server-amd64.iso. I prefer my servers to not be dynamic and use cloud-init.
- Do the disk partitioning to your preferences. The Mindwatering VM standard is two persistent disks. One for everything but the "/local" folder, and one to map to /local/ which holds "/local/notesdata" for the Domino data directory. Do what works best for you.
- For the package selection, we choose just the OpenSSH server to add to the Base OS.
- Ubuntu installs the OpenVM tools so we skip that step since Ubuntu 16.04.
- We set the OpenVM tools to sync time to our ESXi (vSphere) hosts, so we don't do the NTP set-up. If you are not synching to your host, complete that step.

Update OS:
Make sure all is up-to-date. Run a Terminal from the GUI if you already installed a desktop, or a remote SSH, etc.
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get dist-upgrade

If there are packages to remove:
$ sudo apt-get autoremove

If you didn't install SSH during the base setup. We can install and enable SSH now, assuming you wish to remotely manage and transfer files.
$ sudo apt-get install openssh-server

5. If desired, and not done already, install the GUI, but w/o all the Gnome apps, but with the client networking.
$ sudo apt-get install --no-install-recommends ubuntu-desktop
$ reboot

Install the open-vm-tools:
Note: These steps have not been needed for Ubuntu 16.04 and Ubuntu 18.04. Skip this step.
For terminal:
$ sudo apt-get install open-vm-tools
$ sudo apt-get install open-vm-tools-lts
(... for the specific version - typically the first one works just fine)

For terminal and desktop, if you have the GUI installed:
$ sudo apt-get install open-vm-tools open-vm-tools-desktop
(Not been needed last couple releases of Ubuntu. Already installed automatically w/ system.)

Update the Network and Set Static IP:
a. Locate the NIC / network interface card.
$ ls /etc/network/interfaces
Note the name of the interface. You'll either be editing the file named interfaces, or another with a custom name. eg. en160

b. Edit the file and switch it to a static IP address.
If NOT using netplan:
$ sudo vi /etc/network/interfaces

Make updates similar to the following:
auto ens160
iface ens160 inet static

Save the file and exit. <esc> :wq.

If using netplan:
Locate the network:
$ cd /etc/netplan
e.g. 00-installer-config.yaml
$ vi 00-installer-config.yaml
replace the dhcp4 section with the following, adding the new entries underneath.
dhcp4: no
addresses: []
nameservers: []
Save the file and exit. <esc> :wq.

c. Restart/apply the network change:

If NOT using netplan, restart the network and verify it restarts okay.
$ sudo service networking restart
$ sudo systemctl restart networking
$ sudo systemctl status networking
< response message will show Active, and show the stopping, starting, and started comments at the bottom>

If using netplan, apply the change.
$ sudo netplan apply
$ sudo ip addr show dev ens160

Update the hosts File
Update the /etc/hosts file with the IP address and name of the server.
$ sudo vi /etc/hosts

Make edits similar to the following under the localhost line:
Insert a comment for the entry that recent Linux entries have been adding. It confuses app servers. (Don't touch the entry for localhost. )
# myserver myserver.mindwatering.net myserver
Save the file and exit. <esc> :wq.

Update the Hostname:
If needed, update the hostname of the server, if it doesn't match what you entered during install. (Only needed if you use VM templates like we do.)
$ sudo hostnamectl set-hostname myserver

Confirm it:
$ hostname
$ hostname -f
The first command above prints myserver. The second command prints out myserver.mindwatering.net.

Increase the Display Size:
If you selected to install the desktop, increase display size from the 800x600 resolution.
From desktop, choose Settings --> Display. Adjust to desired size.

Set-up NTP if not Using VMware/OpenVM Tools to Do Sync:
(Optional. You can also use VMware Tools to sync the time by enabling it in both the VM's settings panel and the client.)
$ touch /etc/cron.daily/ntpdate
$ vi /etc/cron.daily/ntpdate
Add the following line and save: ntpdate ntp.ubuntu.com
$ sudo chmod 755 /etc/cron.daily/ntpdate

Install Domino 9/10/11 Prerequisites:
1. Increase file-handles for Domino.
Edit /etc/security/limits.conf using sudo and add or modify the lines:
$ sudo vi /etc/security/limits.conf

Add / modify the following lines:
notes soft nofile 65535
notes hard nofile 65535
(where notes is / will be the o/s username for the server. Use 65535 for 64 bit Linux for both the soft and hard limit, per HCL, as of 2019/12.)

2. Create new user & home folder.
$ sudo useradd -d /home/notes -m notes

3. Give the new notes user a password. After enter, enter your password and then notes user password twice.
$ sudo passwd notes

4. Add firewall rules for common Domino ports. Enter the following applicable commands to open your server's ports for the Domino services you are going to run:
$ sudo ufw allow proto tcp to any port 22 from
$ sudo ufw allow proto tcp to any port 25 from
$ sudo ufw allow proto tcp to any port 1352
$ sudo ufw allow proto tcp to any port 80
$ sudo ufw allow proto tcp to any port 443

If server is also an IBM Sametime server:
$ sudo ufw allow proto tcp to any port 544
$ sudo ufw allow proto tcp to any port 9092
$ sudo ufw allow proto tcp to any port 9094
$ sudo ufw allow proto tcp to any port 8088
$ sudo ufw allow proto tcp to any port 1533
$ sudo ufw allow proto tcp to any port 1516
$ sudo ufw allow proto tcp to any port 8082
$ sudo ufw allow proto tcp to any port 8081
$ sudo ufw allow proto tcp to any port 1503
$ sudo ufw allow 1:65535/udp
$ sudo ufw allow proto udp to any port 1:65535 from
Add the mongo db port for internal use by Sametime Proxy if installing:
$ sudo ufw allow proto tcp to any port 27017 from

Enable the firewall. Make sure you have an actual "real" terminal in-case you locked yourself out. Check for any errors.
$ sudo ufw enable

5. Install needed libraries for Domino.
For Domino, no additional libraries were needed.
Sametime is no longer 32-bit, so we don't need to do --add-architecture i386 and we don't need the compat-x libs.
We used the Domino Directory option again for Sametime and didn't to the LDAP and port 636 secure GSKit setup.

We did not explicitly install any of the R9 dependancies below, although some were installed with the OS and the GNOME Desktop.
$ sudo apt-get install libstdc++5
$ sudo apt-get install libstdc++6
$ sudo apt-get install ttf-xfree86-nonfree

$ sudo apt-get install libxmu6
$ sudo apt-get install libxp6
$ sudo apt-get install libxp-java
$ sudo apt-get install libxtst6
$ sudo apt-get install gawk
$ sudo apt-get install libgnomeprintui2.2-0
$ sudo apt-get install bc
$ sudo apt-get install gtk2-engines
$ sudo apt-get install elfutils
$ sudo apt-get install ksh
$ sudo apt-get install libc6
$ sudo apt-get install gcc-4.8-base libgcc-4.8-dev

6. For Ubuntu, we need to update the shell, so that it uses /bin/sh, a.k.a. bash.
Note: You could update the notes user/s .profile instead. There are a few different solutions for this.

Replace / relink sh:
(The server script uses /bin/sh, we do this to ensure we are using bash, not dash. These instructions will save the old config with old in-case you wish to every put it back. )
$ sudo mv /bin/sh /bin/sh-old
$ sudo ln -s /bin/bash /bin/sh

Set up the notes user to use DOMINO_LINUX_SET_PARMS:
# vi /home/notes/.bashrc
Add to the end of the file: export DOMINO_LINUX_SET_PARMS=1

7. Make the server's data folder and give the ownership of the notesdata folder to the new notes user.
Note: We leave the /opt/hcl folder owned by root after the install.
$ sudo mkdir /local/
$ sudo mkdir /local/notesdata
$ sudo chown -R notes /local/notesdata
$ sudo chgrp -R notes /local/notesdata
$ sudo chmod g+w /local/notesdata

Install Domino Start-up Scripts:
For the Nashed start-up script, follow the instructions that come with the start-up script.
For the domino.service file in /etc/systemd/system, update lines 7, 10, and 11 for your paths.
For the rc_domino_script in /opt/ibm/domino or /opt/ibm/notes, update lines 42 and 65 for the server OS ID and paths.
For the rc_domino in /etc/init.d/, update lines 31, 35, and 43, for your server OS ID and paths.
For the rc_domino.script_notes file to /etc/domino/, updates similar lines as rc_domino.script.
Update all the file permissions to 755.
$ sudo systemctl enable domino.service

Note: This server is an upgrade, not a new install. We are re-using the /local/notesdata, and we chose to keep the existing /opt/ibm/domino path. Our existing start-up script is already in/opt/ibm/domino If this is a new install, the script path will be /opt/nashed/, as Daniel Nashed now has his scripts set to be in a separate /opt/nashcom/ folder.

previous page