There used to be quite a few poorly documented parameters — these have been removed. All parameters now include a reference to the official HCL sources.
Note: Despite careful research, the notes.ini parameters listed here may be incorrect or incomplete. Please verify each parameter in a test environment before using it in production!
Current status:
205 Parameters
205 Parameters
Parameter
Information
Push mechanism for calendar overlays on Notes clients (10+): a predefined Google Calendar, Notes Application, or iCalendar feed URL appears in the 'Add a calendar' dialog the next time the calendar is opened, and is accepted by the user with a single click.
Number of minutes that the Administration Process (AdminP) waits before checking again for pending Interval requests.
Hour of the day (0–23) at which the Administration Process (AdminP) processes its Daily requests.
Local access list: explicitly allowed users/groups for this server (override of the server ACL)
List of users, servers, and groups that may instruct this server to initiate a call to another server in order to establish a pass-through routing path. Corresponds to the 'Cause calling' field in the server document.
List of destination servers to which this server may route clients via pass-through. Corresponds to the 'Destinations allowed' field in the server document. Default empty = all servers allowed.
Disables the Agent Manager's mail lookup check for mail-triggered agents ("After new mail has arrived") — workaround when the signer has no person document on its mail server (typical in cluster setups).
Minimum elapsed time (in minutes) between two executions of the same document update-triggered agent. Default: 30 minutes. Applies to servers and Notes clients.
Delay in minutes that the Agent Manager applies when scheduling a document update trigger after the event. Default 5 minutes.
Minimum interval in minutes between two executions of the same new mail-triggered agent. Default: 0 (no minimum interval).
Delay in minutes that the Agent Manager applies when scheduling a new mail trigger after mail arrival. Default 1 minute.
Delay in minutes between runs of the Agent Manager scheduler. Values 1–60, default 1.
Interval (minutes) at which the Agent Manager checks for unprocessed "On new mail" agents (catch-up check).
Defines the weekdays on which agents with the "Don't run on weekends" option should not run. Default: Saturday (7) and Sunday (1).
Activates the Domino billing subsystem and specifies which activity classes are billed — Agent, Database, Document, HttpRequest, Mail, Replication, Session.
Accepts the Let's Encrypt license terms (ACME Terms of Use). Required for automatic certificate requests — without this parameter, automatic requests fail because ACME account documents ship with the License Agree setting disabled.
Automatically starts HTTP when the server is auto-configured via CertMgr. HTTP must additionally be configured for permanent autostart via ServerTasks or a Program document.
Automatically detects the host name and generates a certificate request using the default configuration via the Certificate Manager (CertMgr).
Configures the interval (in seconds) that CertMgr waits between processing certificate requests. Default 30 seconds.
Maximum number of HTTP redirects that CertMgr follows when verifying an ACME HTTP-01 challenge. Default 5. 0 disables following redirects.
Disables the internal HTTP-01 challenge verification by CertMgr before confirming in the ACME flow. Useful when the server cannot reach the challenge internally but the ACME provider can verify it externally.
Defines the proxy that the Certificate Manager uses for all outbound connections (e.g. to the ACME CA). For authenticated proxies an account document in the configuration database should be used instead.
Defines the Domino server that hosts the Certificate Store database certstore.nsf. Default is the local server.
Notes client tracing: logs time, call stack, and server response times per transaction — a standard tool for diagnosing slow client operations and authentication problems.
Number of cluster replicator tasks running in parallel. By default HCL Domino starts exactly one cluster replicator.
Enables the collection of LockWaits and AvgWait values for the Show DBS command. Set only temporarily.
Persistently enables console logging to the file console.log across server restarts. Counterpart to the console command Start Consolelog.
Sets the maximum size of the Domino console log file (
console.log) and its mirror files in kilobytes. When the maximum size is reached, the file is overwritten in a circular fashion.Enables console log mirroring: Domino starts an additional server thread that writes every console output in parallel to numbered mirror files (
console1.log, console2.log, …), providing a real log history instead of just circular overwriting.Limits the maximum size of the Domino server's shared memory segment in megabytes. Important on 32-bit systems and when the memory budget is tight.
For DAOS Tier 2 (S3/MinIO over HTTPS): skips verification of the SSL certificate. Intended only for self-signed certificates.
For DAOS Tier 2 (S3/MinIO storage): forces unencrypted HTTP instead of HTTPS for the connection to the storage endpoint.
Automatically enables NIFNSF — separate view index files (.NDX) outside the NSF — when new databases are created.
Forces newly created or
compact -c-converted Notes databases to be created with on-disk structure 53 (R10 ODS). Predecessor of Create_R12_Databases. Usable on server and client.Forces newly created Notes databases to be created in ODS 55 (R12 on-disk structure). Also enables raising existing databases via
compact -c. Usable on server and client.Activates the current ODS level (R85 / ODS 51) for newly created NSF databases.
Creates new transaction logs in the 8.5+ format with properly aligned blocks — important for disk block sizes ≠ 512 bytes.
Activates the Symmetrical Cluster feature. On every cluster server, also add AutoRepair and RprCleanup to ServerTasks.
Enables/disables encryption of DAOS NLO files (Notes Large Objects). Before Domino 12 this was the primary control setting; from Domino 12 it was replaced by the 'DAOS object encryption' field in the Server document, but the notes.ini value is still honored.
Forces the legacy encryption algorithm ("Domino classic") for DAOS NLO objects, suppressing the AES-128 encryption used by default from Domino 12 onward. Mandatory setting before the upgrade to Domino 12 if you must still be able to roll back to a pre-11.0.1 version later — otherwise older servers can no longer read the NLOs created with AES-128.
Defines the base path of the DAOS repository in which the deduplicated attachments are stored as NLO files. Equivalent to the field „DAOS base path“ in the Server document, tab „DAOS“.
Shows the current state of the DAOS catalog (
daoscat.nsf): 0 = Down/Disabled, 1 = Needs Resync, 2 = Synchronized. The value is written by Domino itself and should not be changed manually.Defines in days how long an NLO file with 0 references is kept before it is physically deleted from the DAOS repository. Equivalent to the field „Deferred deletion interval“ in the Server document, tab „DAOS“.
Enables or disables the Domino Attachment and Object Service (DAOS) at the server level:
1 = DAOS active, 0 = DAOS disabled. Equivalent to the field „Store file attachments in: DAOS“ in the Server document, tab „DAOS“.Defines the minimum size in bytes from which an attachment is offloaded to the DAOS storage. Attachments below this size remain inside the NSF. Equivalent to the field „Minimum size of object before Domino will store in DAOS“ in the Server document, tab „DAOS“.
Path to the Notes/Domino data directory. Set during setup and should not be changed afterwards.
Interval (seconds) at which changes to the Database Directory Cache are written to the run-time DB. Default 900 (15 min). Replaces DBDIR_REFRESH_INTERVAL.
Interval (seconds) at which the Database Directory Cache is validated against the physical file system. Default 900 (15 min). Replaces DBDIR_REFRESH_INTERVAL.
Interval (seconds) at which the Database Directory Cache is refreshed from the physical data directory. Default 900 (15 min). Replaces DBDIR_REFRESH_INTERVAL.
Restricts which NSF databases the Database Maintenance Tool (dbmt) processes — e.g. only mail/*.nsf or specific directories.
Enables detailed Agent Manager tracing — fine-grained per subsystem (scheduling, loading, memory, performance, run-time, verbose) — the main diagnostic tool for Agent Manager problems.
Writes debug output to the console window or the server console — a standard companion parameter for almost every Domino debug setup.
Enables debug tracing for HTTP Bearer token authentication in Domino. Helps analyze failed OIDC bearer logins (e.g. invalid aud claims, expired tokens, missing scopes) on the server console.
Enables debug output for view updates and rebuilds (database, view, user); default 0.
Enables debug tracing for the global OIDC provider cache (JWK cache) starting with Domino 14.0. Replaces the earlier DEBUG_JWK_CACHE and DEBUG_JWK_CACHE_MGR parameters from 12.0.2.
Enables debug tracing from Domino 14.0 onward for the validation of OIDC provider configurations and access tokens against the providers and keys stored in idpcat.nsf. First choice for new OIDC configurations.
Enables debug tracing for the Domino server's HTTPS connection to the OIDC provider (libcurl calls). First choice for connection, proxy, or TLS trust issues between Domino and the IdP.
Enables debug tracing for JSON parsing of OIDC data structures (discovery document, JWKs, JWT claims). At level 4, Domino writes the complete JWT bearer token to the server console.
Enables tracing specifically for the auto-redirect logic (
OIDC_LOGIN_ENABLE_REDIRECT) for OIDC web login. Companion to DEBUG_OIDCLogin.Enables detailed tracing of the web-login-with-OIDC flow on the Domino server console. Five levels (0–4) from disabled to maximally verbose.
General Domino debug parameter that defines the path and filename to which various debug tasks (e.g. SMTPDebug, SMTPDebugIO, replication debug) write their output. Prerequisite for many other notes.ini debug flags.
Diagnostic switch for the advanced port encryption options controlled by PORT_ENC_ADV. With 1, the Domino server writes detailed debug logging about the bitmask to the server log; use only temporarily, since the output becomes extensive and can contain sensitive configuration details.
Enables the debug output for SAML authentication on the Domino web server. The value is a bitmask; HCL recommends
DEBUG_SAML=31 for general diagnostics and DEBUG_SAML=287 additionally for SSL/TLS certificate errors.Enables the output of the process ID/thread ID in front of every Domino console/log line. Produces entries in the format
[PID:HEX-TID] and is a prerequisite for nearly all advanced diagnostics in which threads need to be correlated.Number of days after which
Updall discards unused view indexes. Default 45 days.Path to the Notes/Domino data directory. On the Notes client, Directory points to the Notes data directory; on the Domino server, it points to the Domino data directory. Set automatically by setup and required for startup.
Disables or explicitly enables cluster replication on a Domino server. By default, cluster replication is enabled.
Disables the obsolete SSLv3 protocol for incoming Domino SSL/TLS connections. Mandatory parameter to defend against POODLE and comparable attacks.
Disables the optimized view rebuild; HCL recommends using only as a last resort when
View_Rebuild_Dir has insufficient space.Controls whether web agents (triggered by browser clients) may run simultaneously. 0 = sequential (default), 1 = asynchronous.
Enables cluster-safe, sprayer-capable single-server session cookies by appending a server-specific suffix to the DomAuthSessId cookie.
Lists the Extension Manager libraries (DLL/.so/.lib) that Domino or Notes registers in the Extension Manager at startup.
Suppresses failover prompts on the Notes client when the current server stops responding — the actual cluster failover remains active and is transparent to the user.
Refresh interval (seconds) for iCal feed overlays in the Notes calendar. Default 3600 (one hour). Only takes effect if the user has additionally enabled ‘Refresh this calendar frequently’ on the overlay.
Number of indexing threads for Domain Search. Default: 2 threads per CPU. HCL recommendation: max. 8 threads per server.
Disables automatic on-the-fly full-text indexing during FT searches on non-indexed databases.
Controls the full-text indexing of attachments server-wide (1 = without filter, 2 = never, 3 = with filters).
Whitelist of allowed file extensions for full-text indexing of attachments — overrides the default list of all formats supported by Tika.
Companion setting to FT_INDEX_FILTER_ATTACHMENT_TYPES: sets an upper size limit (in MiB) for attachments from the whitelist; larger files are not indexed.
Extends the FT indexer's default ignore list with additional file extensions that should not be included in the full-text index.
Overflow slot to FT_INDEX_IGNORE_ATTACHMENT_TYPES (256-character limit). The FT indexer concatenates both lists.
Raises (or lowers) the default 5,000-document return limit for full-text searches on indexed databases.
Activates the default whitelist when full-text indexing attachments; only extensions on the whitelist are processed via the Tika filter. Extendable via FT_INDEX_FILTER_ATTACHMENT_TYPES.
Discards the default whitelist when full-text indexing attachments and forces exclusively the file extensions defined in FT_INDEX_FILTER_ATTACHMENT_TYPES.
Relocates the base directory for full-text indexes to an alternative, typically faster volume.
Activates memory detection and memory monitoring of the GTR FT engine per search thread, allowing memory-hungry full-text searches to be identified early.
Maximum size of an individual document/attachment for full-text indexing; default 6 MB (Win/Linux), 1 MB (macOS).
Maximum permitted memory (in MB) per FT search thread — hard limit against individual memory-hungry full-text searches.
Maximum number of concurrent FT search threads — multiplied by FTG_MB_PER_THREAD this yields the global memory pool limit of the FT engine.
Maximum working memory per full-text indexer thread for Tika attachment conversion; default 1 MB.
Has the FT engine (GTR) request memory directly from the operating system via malloc instead of from the Domino memory pool — eliminates typical memory-allocation errors during FT indexing and FT search.
Pause (in seconds) between two full-text index operations of the separate FT thread. Only takes effect when
UPDATE_FULLTEXT_THREAD=1 is active. Default 5 seconds.Pause (in milliseconds) between two full-text index operations of the separate FT thread. Only takes effect when
UPDATE_FULLTEXT_THREAD=1 is active.Disables selected HTTP methods (e.g. TRACE, OPTIONS) on the Domino web server. Only takes effect when the server uses the Web Configurations view rather than Internet Sites.
Extends the HTTP request logging with the data received in the POST body. Takes effect in addition to HTTPEnableThreadDebug. Only for troubleshooting.
Activates thread-based HTTP request logging in the Domino web server. Creates a file
htthr_<pid>_<tid>_<date>.log per HTTP worker thread in the IBM_TECHNICAL_SUPPORT directory.Sets the maximum heap size of the Java Virtual Machine used by the Domino HTTP task (XPages, Servlets, Java DSAPI). Default: 1 GB.
Controls the MIME format of outgoing iCalendar meeting invitations from the Domino router. With
0, Domino reverts to pre-12.0.1 behavior (no multipart/related) — standard workaround so that O365/Outlook recipients receive invitations as calendar entries again instead of plain text or a bare ICS attachment.Controls the work-week display in the HCL iNotes calendar (Web Access). With
0, the five-day work week Mon–Fri is enforced; Saturday and Sunday are hidden as the weekend — the default display layout.Sets the maximum heap size of the Java Virtual Machine for all Domino server processes outside the HTTP task (Agent Manager, periodic Java agents, runjava). Default: 256 MB.
Interval (in minutes) at which the LDAP task reloads its configuration changes from the configuration document. Default: 3 minutes.
Activates detailed debug logging of the LDAP task in HCL Domino — bind attempts, search filters, schema lookups, and referrals.
Stores in the Notes client notes.ini the name of the currently active Location document from the local names.nsf. The value is updated automatically when the Location is switched via the status bar in the Notes client.
Controls whether the start of an agent execution is recorded in the log file and on the server console. Values 0/1/2.
Activates authentication logging on the server or Notes client — logs every successful Authenticate call with name and key size.
Controls the level of detail of the mail router logging on the server console and in log.nsf. Values: 0, 10, 20, 30, 40 — default: 20.
Sets, for the current server, the level of detail for logging replication events. Values 0–5, default 1.
Controls whether individual sessions are recorded in the log file and on the server console. Values 0/1.
Controls whether the current status of server tasks is recorded in the log file and on the server console. Values 0/1.
Toggles logging of view rebuild messages on (1) or off (0). Removing the parameter from notes.ini also disables the logging.
Controls whether all mail event messages additionally appear in the Miscellaneous Events view of the log file. 0 = router decides, 1 = always also in Misc Events.
Enables cluster failover for the mail router: if a recipient's home server fails, the router automatically forwards the message to a cluster replica of the mail file on another server.
Prevents the Domino router from aborting running compact/dbmt operations on mail files due to incoming mail deliveries.
Sets the maximum number of threads the mail router can create to perform mail transfers.
Defines the wait time (in minutes) after which undeliverable messages are returned to the sender from the retry state with a non-delivery report (NDR). This allows the default of one day (
MailTimeout=1) to be shortened to sub-day resolution — useful for environments where faster NDRs are desired.Maximum virtual memory (in MB) the Domino server may allocate. Minimum value 4 MB; without setting it, the server uses all available memory.
Minimum interval (in minutes) between mail polls of a Notes client to the server. Overrides the client setting in the mail setup.
Enables Dynamic Indexing of High-Usage Views — the server keeps the top 10 most active views up to date via dedicated indexer threads.
Path where externalized view indexes (NIF NSF) are stored when NIFNSFEnable is active.
Activates NIFNSF: view indexes are stored separately from the NSF (requires ODS 51 or newer).
Prevents (1) the Statlog task from automatically enabling activity logging for all databases. Without an entry, Statlog enables activity logging everywhere (+64 KB per DB).
Disables per-user message caching by the IMAP task. Reduces memory consumption but can slow down individual IMAP operations.
Path to the Notes/Domino program directory (binaries). Written automatically by setup and typically located on a different path than the data directory (Directory). Important for separating program and data partitions.
Maximum size (in bytes) of the NSF buffer pool — a memory area that buffers I/O transfers between Domino and disk.
Sets the maximum size of the NSF buffer pool (database cache of the NSF engine) in megabytes. Larger values can significantly reduce I/O on large servers.
Maximum number of databases the server keeps open simultaneously in the database cache. Higher values reduce repeated opens but require more memory and handles.
Raises the ACL size limit of an ODS 55 database from the classic ~950 to up to 65535 entries. Per HCL, must be set on both servers and clients that edit such ACLs. Only takes effect once the database has been raised to ODS 55 (Domino 12+).
Automatically raises existing local databases on
compact -c to the respective current ODS level of the running Notes/Domino version. Unlike Create_RXX_Databases for a specific ODS generation, NSF_UpdateODS=1 also automatically updates ODS levels that appear in the future.Tolerance for clock differences (clock skew) between the Domino server and the OIDC provider during web login with OIDC, in seconds. Default: 15. Permitted range: 0–600.
Lifetime of the cookies that maintain the OIDC authentication state during the login flow (in seconds). Default: 120. Permitted range: 30–900.
Defines an alternative claim name in the OIDC id_token that is used instead of the
email claim to identify the user — helpful with OIDC providers that do not return an email address.Enables workarounds for Microsoft Azure AD B2C as an OIDC provider — in particular the
client_id is additionally sent as a requested scope, which Azure AD B2C strictly requires.Controls whether Domino, during web login with OIDC, automatically redirects from the old URL
/names.nsf?OIDCLogin to the new URL /auth/protocol/oidc. Default: 1 (enabled).Enables workarounds for OIDC providers that strictly reject extra fields in the request body when authenticating with "Client Secret Basic". With OIDC_LOGIN_ENABLE_ROEID_WORKAROUNDS=1, Domino avoids the "Error 500 You are not authorized to perform this operation" error during OIDC login.
Controls whether Domino, during web login with OIDC, requests the
profile scope in addition to openid and email. Default: 1 (enabled) — Domino requests scope=openid email profile.Controls whether Domino, during web login with OIDC, requests
response_mode=form_post (token response as HTTP POST body) instead of the default query (token in URL parameters). Prerequisite: provider supports form_post.Percentage share of system resources (memory) that the Domino server is allowed to claim for itself. Acts in particular on automatic memory sizing.
Controls whether phone calls (modem connections) are written to the Notes log file. Values 0/1/2; default 2.
Disables platform statistics on the Domino server. Default: platform statistics are enabled. With value 1 they are turned off.
Interval (in minutes) at which the POP3 task refreshes its configuration information. Default 2 minutes.
Enables SSL/TLS debug logging for the Domino POP3 task. Diagnoses STARTTLS/TLS handshakes and certificate issues for POP3S and STARTTLS connections.
Advanced Notes port encryption options on the Domino server. Values are added together as a bitmask (1, 2, 4, 8, 16, 32, 64); each bit value enables a particular additional option. Effective only on the server side and only after a restart of the server task.
Number of replication errors of the same type between two databases at which the server terminates replication. Default: 2.
Controls whether the Replicator task obeys database quotas. Default: 0 = quotas are ignored.
Number of attempts to perform a push replication to a Domino server. Helpful in conflict situations when several Notes users access the same replica at the same time.
Global maximum duration (in minutes) for replication sessions on this server. Corresponds to the Connection document field 'Replication Time Limit'. Empty = unlimited.
Number of Replicator tasks that can run concurrently on the server. By default 1 Replicator task runs; changes require a server restart.
Allows the Reporter task to send statistics to another server in the same domain via the mail router instead of using the network directly.
Prevents existing mirror console logs from being deleted at server startup. Only with
Retain_Mirror_Logs=1 do the console1.log…console999.log files generated by Console_Log_Mirror=1 survive server restarts.Allows multiple concurrent Notes-routing transfer threads to destinations outside the local Notes Named Network (NNN) — including connections via Connection documents and into other Domino domains.
Enables detailed logging for the cluster replicator (
clrepl): displays status and statistics messages about cluster replication on the server console and in the log — a key diagnostic tool for cluster-replication problems.Specifies the acceptable minimum level of available system resources for a server. In a cluster, this value is used to control workload distribution.
Additional NRPC ports used in the cluster if the primary port set via Server_Cluster_Default_Port is not reachable.
Specifies the port used for intracluster network traffic.
Maximum number of server threads allowed to handle an NRPC client transaction concurrently. Counterpart to Server_Pool_Tasks (pool size per NRPC port).
Upper bound (in microseconds) for a single transaction in the Server Availability Index (SAI/LoadMon) calculation. Transactions that take longer are capped at this value.
Limits the maximum number of concurrent NRPC sessions on a Domino server. Default: 65535 (effectively unlimited). A limit forces the server to drop sessions idle for more than 1 minute before accepting new sessions.
Maximum number of users allowed to access a server simultaneously. When the value is reached, the server enters the MAXUSERS state and accepts no new Open-Database requests.
Lower bound (in microseconds) for the Server Availability Index (SAI) Loadmon calculation. On modern, fast servers the default lower bound yields an unrealistically low Availability Index. Recommendation from HCL Support / Nashed blog: 1500–2000.
Sets the size of the NRPC worker thread pool per Notes port. Default: 40 threads per active Notes port. Scales the number of concurrent NRPC requests the server task can handle.
Enables or disables server access. When access is restricted, the server no longer accepts new open-database requests; administrators can still open databases.
Number of minutes of inactivity after which the server automatically terminates network and mobile connections.
Enables the display of server performance events on the Domino console (value 1). By default, these events are not displayed.
Forces all scheduled replications initiated from the server to be pure pull replications — this server does not push changes back.
List of tasks that the Domino server runs automatically at startup and keeps active throughout its lifetime.
Defines server tasks that are started automatically every day at 01:00. By default, the Catalog task (database catalog update) is entered here. Overwritten on upgrade installs unless SetupLeaveServerTasks is set.
Defines server tasks that are started automatically every day at 02:00. By default, the UPDALL task (full-text and view index update) is entered here. Overwritten on upgrade installs unless SetupLeaveServerTasks is set.
Defines server tasks that are started automatically every day at 03:00. By default, the Object Collect task on mailbox.box is entered here. Overwritten on upgrade installs unless SetupLeaveServerTasks is set.
Prevents a Domino upgrade install from resetting the ServerTasks and ServerTasksAt entries to the new default values. With SetupLeaveServerTasks=1, individually customized task lists are preserved across the upgrade.
Path to the shared data directory in multi-user installations of the Notes client on Windows. Written automatically by setup and is a marker of a multi-user installation; not present in single-user installs.
Extends the output of Show Task with the currently executing command per session message. 0 = off, 1 = on.
Enables logging of outbound SMTP protocol conversations that the Domino router sends to external servers. Output goes into the "Miscellaneous" section of log.nsf.
Enables capturing of inbound SMTP protocol conversations that the Domino SMTP listener receives from other servers and clients. Four detail levels (1–4); additionally requires
debug_outfile.Enables capturing of the complete bytes (including RFC822 body) of the inbound SMTP conversation. Four detail levels (1–4); additionally requires
debug_outfile.Enables SSL/TLS debug logging for the Domino SMTP task. Very useful for diagnosing STARTTLS negotiations, certificate issues, and SSL handshakes for inbound and outbound SMTP mail.
Defines the greeting text (220 banner) that Domino sends on inbound SMTP connections. Set to remove hostname and version information from the banner response, denying attackers profiling of OS and Domino version. The default banner contains the server hostname plus the Domino version; with a custom value it is reduced to a neutral string.
Binds the SMTP listener to a specific Notes NRPC port (and thus to a specific IP address / NIC) on servers with multiple TCP/IP ports. Without setting this variable, the SMTP service uses the first port listed in notes.ini.
Prevents Domino from writing its software version into the
Received: headers of outgoing SMTP mail. Complementary to SMTPGreeting: this parameter hardens the mail header, the other one the banner. Mandatory setting for banner-hardening compliance, since without it the Domino version still travels with every outbound mail despite the hidden banner.Controls whether Domino saves a copy as a file when inbound SMTP messages cannot be imported into the Notes store. Value
2 additionally saves the corresponding RFC822 source.Diagnostic switch that saves every outbound SMTP mail (including the complete MIME body) as a temporary file in the Domino data directory. Counterpart to HCL's own outbound trapping from KB0037179, when the complete MIME content of an outgoing mail is needed for support diagnostics. Only enable briefly — with this parameter active, the data directory grows fast.
Disables TLS protocol version 1.0 for all SSL-capable Domino tasks (HTTP, SMTP, IMAP, POP3, LDAP). Mandatory parameter for the compliance-driven disablement of TLS 1.0.
Defines server-wide the allowed SSL/TLS cipher suites in HCL Domino via a concatenation of 4-digit hex cipher IDs. On Domino 10.0.1 and higher, the notes.ini value is automatically migrated during upgrade and subsequently ignored.
Specifies the directory in which Notes/Domino stores temporary swap files (.tmp / VBS files). Used on systems where the system temp directory is unsuitable (separate volume for performance, anti-virus exclusion paths, separation between user and server temp areas). Default: system temp directory (e.g.
%TEMP% on Windows, /tmp on Linux/AIX).Limits the maximum number of documents per temporary full-text index that the Notes client/server can build for a database without a permanent FT index. Without this limit, large databases (mail file > 50,000 documents, archives) can lead to memory issues and slow searches when implicitly indexing for the search bar.
Selects the SHA hash algorithm for SAML and Kerberos tickets in the SSO context on the Domino server. With 9.0.1 FP7, the default was raised from SHA-1 to SHA-256; possible values are 1, 256, 384, and 512. Must match the identity provider configuration and be consistent across all Domino servers in the SSO realm.
Controls whether Domino automatically runs a Fixup on the affected database after translog recovery errors:
1 = automatic Fixup (default and recommendation), 0 = database is blocked from access instead.Sets the maximum total size of the Domino transaction log in megabytes. Corresponds to the "Maximum log space" field in the server document, "Transactional Logging" tab.
Sets the path where Domino stores its transaction log files (
*.TXN, logctrl.lfh). Corresponds to the "Log path" field in the server document, "Transactional Logging" tab.Determines the trade-off between runtime performance and restart/recovery time for transaction logging:
1 = Favor runtime, 2 = Standard (default), 3 = Favor restart recovery time. Corresponds to the "Runtime/Restart Performance" field in the server document.Enables transaction logging for all Release 5 and later databases on the server. Default 0 (disabled), 1 = enabled.
Determines the logging style of the transaction log:
0 = Circular (default, max 4 GB, circularly overwritten), 1 = Archive (logs are archived, prerequisite for incremental/point-in-time backups via DAOS or third-party backup).Controls how often the Update/Updall tasks refresh the Last-Accessed timestamp of databases (NEVER / DAILY / ALWAYS).
Disables automatic full-text index updates by the Update task. Full-text indexes are then only refreshed via scheduled
Updall runs.Disables automatic view index updates by the Update task. View indexes are then only rebuilt on demand (when opened) or via scheduled
Updall runs.Makes the Update task run view updates and full-text index updates in separate threads, so that long FT indexing operations don't block the view update queue.
Pause (in seconds) between two Update task operations. Default 5 seconds — lower values speed up index maintenance at the cost of additional system load.
Pause (in milliseconds) between two Update task operations. Finer-grained variant of UPDATE_IDLE_TIME for very powerful servers.
Disables full-text indexing on a server. 0 = full-text indexing enabled, 1 = disabled.
Minimum number of changed notes (documents) before the Update task actually refreshes a view index in a database. Default 20.
Maximum size (number of requests) of the Update task's deferred queue. Default: 32767.
How long (in minutes) deferred update requests of the Update task are held in the queue. Default: 15. Negative values = seconds.
Number of Update tasks that can run simultaneously on the server. Without an entry, only one Update task runs; changes require a server restart.
Path for temporary files during view rebuilds (
updall -R, opening a view with a deleted index). Default: system temp (e.g. C:TEMP) or the Domino data folder as fallback. Recommended: separate drive with plenty of space.Enables verbose tracing of web server authentication on the Domino console and in the log file.
Allgemein
Allgemein
Parameter
Information
Activates the Domino billing subsystem and specifies which activity classes are billed — Agent, Database, Document, HttpRequest, Mail, Replication, Session.
Forces newly created or
compact -c-converted Notes databases to be created with on-disk structure 53 (R10 ODS). Predecessor of Create_R12_Databases. Usable on server and client.Forces newly created Notes databases to be created in ODS 55 (R12 on-disk structure). Also enables raising existing databases via
compact -c. Usable on server and client.Path to the Notes/Domino data directory. Set during setup and should not be changed afterwards.
Lists the Extension Manager libraries (DLL/.so/.lib) that Domino or Notes registers in the Extension Manager at startup.
Interval (in minutes) at which the LDAP task reloads its configuration changes from the configuration document. Default: 3 minutes.
Raises the ACL size limit of an ODS 55 database from the classic ~950 to up to 65535 entries. Per HCL, must be set on both servers and clients that edit such ACLs. Only takes effect once the database has been raised to ODS 55 (Domino 12+).
Automatically raises existing local databases on
compact -c to the respective current ODS level of the running Notes/Domino version. Unlike Create_RXX_Databases for a specific ODS generation, NSF_UpdateODS=1 also automatically updates ODS levels that appear in the future.Enables workarounds for OIDC providers that strictly reject extra fields in the request body when authenticating with "Client Secret Basic". With OIDC_LOGIN_ENABLE_ROEID_WORKAROUNDS=1, Domino avoids the "Error 500 You are not authorized to perform this operation" error during OIDC login.
Number of replication errors of the same type between two databases at which the server terminates replication. Default: 2.
Controls whether the Replicator task obeys database quotas. Default: 0 = quotas are ignored.
Number of attempts to perform a push replication to a Domino server. Helpful in conflict situations when several Notes users access the same replica at the same time.
Number of Replicator tasks that can run concurrently on the server. By default 1 Replicator task runs; changes require a server restart.
Limits the maximum number of concurrent NRPC sessions on a Domino server. Default: 65535 (effectively unlimited). A limit forces the server to drop sessions idle for more than 1 minute before accepting new sessions.
Lower bound (in microseconds) for the Server Availability Index (SAI) Loadmon calculation. On modern, fast servers the default lower bound yields an unrealistically low Availability Index. Recommendation from HCL Support / Nashed blog: 1500–2000.
Sets the size of the NRPC worker thread pool per Notes port. Default: 40 threads per active Notes port. Scales the number of concurrent NRPC requests the server task can handle.
Forces all scheduled replications initiated from the server to be pure pull replications — this server does not push changes back.
Client-Konfiguration
Client-Konfiguration
Parameter
Information
Push mechanism for calendar overlays on Notes clients (10+): a predefined Google Calendar, Notes Application, or iCalendar feed URL appears in the 'Add a calendar' dialog the next time the calendar is opened, and is accepted by the user with a single click.
Path to the Notes/Domino data directory. On the Notes client, Directory points to the Notes data directory; on the Domino server, it points to the Domino data directory. Set automatically by setup and required for startup.
Refresh interval (seconds) for iCal feed overlays in the Notes calendar. Default 3600 (one hour). Only takes effect if the user has additionally enabled ‘Refresh this calendar frequently’ on the overlay.
Controls the work-week display in the HCL iNotes calendar (Web Access). With
0, the five-day work week Mon–Fri is enforced; Saturday and Sunday are hidden as the weekend — the default display layout.Stores in the Notes client notes.ini the name of the currently active Location document from the local names.nsf. The value is updated automatically when the Location is switched via the status bar in the Notes client.
Path to the Notes/Domino program directory (binaries). Written automatically by setup and typically located on a different path than the data directory (Directory). Important for separating program and data partitions.
Path to the shared data directory in multi-user installations of the Notes client on Windows. Written automatically by setup and is a marker of a multi-user installation; not present in single-user installs.
Cluster
Cluster
Parameter
Information
Number of cluster replicator tasks running in parallel. By default HCL Domino starts exactly one cluster replicator.
Activates the Symmetrical Cluster feature. On every cluster server, also add AutoRepair and RprCleanup to ServerTasks.
Disables or explicitly enables cluster replication on a Domino server. By default, cluster replication is enabled.
Suppresses failover prompts on the Notes client when the current server stops responding — the actual cluster failover remains active and is transparent to the user.
Enables cluster failover for the mail router: if a recipient's home server fails, the router automatically forwards the message to a cluster replica of the mail file on another server.
Global maximum duration (in minutes) for replication sessions on this server. Corresponds to the Connection document field 'Replication Time Limit'. Empty = unlimited.
Enables detailed logging for the cluster replicator (
clrepl): displays status and statistics messages about cluster replication on the server console and in the log — a key diagnostic tool for cluster-replication problems.Specifies the acceptable minimum level of available system resources for a server. In a cluster, this value is used to control workload distribution.
Additional NRPC ports used in the cluster if the primary port set via Server_Cluster_Default_Port is not reachable.
Specifies the port used for intracluster network traffic.
DAOS
DAOS
Parameter
Information
For DAOS Tier 2 (S3/MinIO over HTTPS): skips verification of the SSL certificate. Intended only for self-signed certificates.
For DAOS Tier 2 (S3/MinIO storage): forces unencrypted HTTP instead of HTTPS for the connection to the storage endpoint.
Enables/disables encryption of DAOS NLO files (Notes Large Objects). Before Domino 12 this was the primary control setting; from Domino 12 it was replaced by the 'DAOS object encryption' field in the Server document, but the notes.ini value is still honored.
Forces the legacy encryption algorithm ("Domino classic") for DAOS NLO objects, suppressing the AES-128 encryption used by default from Domino 12 onward. Mandatory setting before the upgrade to Domino 12 if you must still be able to roll back to a pre-11.0.1 version later — otherwise older servers can no longer read the NLOs created with AES-128.
Defines the base path of the DAOS repository in which the deduplicated attachments are stored as NLO files. Equivalent to the field „DAOS base path“ in the Server document, tab „DAOS“.
Shows the current state of the DAOS catalog (
daoscat.nsf): 0 = Down/Disabled, 1 = Needs Resync, 2 = Synchronized. The value is written by Domino itself and should not be changed manually.Defines in days how long an NLO file with 0 references is kept before it is physically deleted from the DAOS repository. Equivalent to the field „Deferred deletion interval“ in the Server document, tab „DAOS“.
Enables or disables the Domino Attachment and Object Service (DAOS) at the server level:
1 = DAOS active, 0 = DAOS disabled. Equivalent to the field „Store file attachments in: DAOS“ in the Server document, tab „DAOS“.Defines the minimum size in bytes from which an attachment is offloaded to the DAOS storage. Attachments below this size remain inside the NSF. Equivalent to the field „Minimum size of object before Domino will store in DAOS“ in the Server document, tab „DAOS“.
HTTP / Web
HTTP / Web
Parameter
Information
Controls whether web agents (triggered by browser clients) may run simultaneously. 0 = sequential (default), 1 = asynchronous.
Enables cluster-safe, sprayer-capable single-server session cookies by appending a server-specific suffix to the DomAuthSessId cookie.
Disables selected HTTP methods (e.g. TRACE, OPTIONS) on the Domino web server. Only takes effect when the server uses the Web Configurations view rather than Internet Sites.
Sets the maximum heap size of the Java Virtual Machine used by the Domino HTTP task (XPages, Servlets, Java DSAPI). Default: 1 GB.
Logging / Debug
Logging / Debug
Parameter
Information
Notes client tracing: logs time, call stack, and server response times per transaction — a standard tool for diagnosing slow client operations and authentication problems.
Enables the collection of LockWaits and AvgWait values for the Show DBS command. Set only temporarily.
Persistently enables console logging to the file console.log across server restarts. Counterpart to the console command Start Consolelog.
Sets the maximum size of the Domino console log file (
console.log) and its mirror files in kilobytes. When the maximum size is reached, the file is overwritten in a circular fashion.Enables console log mirroring: Domino starts an additional server thread that writes every console output in parallel to numbered mirror files (
console1.log, console2.log, …), providing a real log history instead of just circular overwriting.Enables detailed Agent Manager tracing — fine-grained per subsystem (scheduling, loading, memory, performance, run-time, verbose) — the main diagnostic tool for Agent Manager problems.
Writes debug output to the console window or the server console — a standard companion parameter for almost every Domino debug setup.
Enables debug tracing for HTTP Bearer token authentication in Domino. Helps analyze failed OIDC bearer logins (e.g. invalid aud claims, expired tokens, missing scopes) on the server console.
Enables debug output for view updates and rebuilds (database, view, user); default 0.
Enables debug tracing for the global OIDC provider cache (JWK cache) starting with Domino 14.0. Replaces the earlier DEBUG_JWK_CACHE and DEBUG_JWK_CACHE_MGR parameters from 12.0.2.
Enables debug tracing from Domino 14.0 onward for the validation of OIDC provider configurations and access tokens against the providers and keys stored in idpcat.nsf. First choice for new OIDC configurations.
Enables debug tracing for the Domino server's HTTPS connection to the OIDC provider (libcurl calls). First choice for connection, proxy, or TLS trust issues between Domino and the IdP.
Enables debug tracing for JSON parsing of OIDC data structures (discovery document, JWKs, JWT claims). At level 4, Domino writes the complete JWT bearer token to the server console.
Enables tracing specifically for the auto-redirect logic (
OIDC_LOGIN_ENABLE_REDIRECT) for OIDC web login. Companion to DEBUG_OIDCLogin.Enables detailed tracing of the web-login-with-OIDC flow on the Domino server console. Five levels (0–4) from disabled to maximally verbose.
General Domino debug parameter that defines the path and filename to which various debug tasks (e.g. SMTPDebug, SMTPDebugIO, replication debug) write their output. Prerequisite for many other notes.ini debug flags.
Diagnostic switch for the advanced port encryption options controlled by PORT_ENC_ADV. With 1, the Domino server writes detailed debug logging about the bitmask to the server log; use only temporarily, since the output becomes extensive and can contain sensitive configuration details.
Enables the debug output for SAML authentication on the Domino web server. The value is a bitmask; HCL recommends
DEBUG_SAML=31 for general diagnostics and DEBUG_SAML=287 additionally for SSL/TLS certificate errors.Enables the output of the process ID/thread ID in front of every Domino console/log line. Produces entries in the format
[PID:HEX-TID] and is a prerequisite for nearly all advanced diagnostics in which threads need to be correlated.Extends the HTTP request logging with the data received in the POST body. Takes effect in addition to HTTPEnableThreadDebug. Only for troubleshooting.
Activates thread-based HTTP request logging in the Domino web server. Creates a file
htthr_<pid>_<tid>_<date>.log per HTTP worker thread in the IBM_TECHNICAL_SUPPORT directory.Activates detailed debug logging of the LDAP task in HCL Domino — bind attempts, search filters, schema lookups, and referrals.
Controls whether the start of an agent execution is recorded in the log file and on the server console. Values 0/1/2.
Activates authentication logging on the server or Notes client — logs every successful Authenticate call with name and key size.
Sets, for the current server, the level of detail for logging replication events. Values 0–5, default 1.
Controls whether individual sessions are recorded in the log file and on the server console. Values 0/1.
Controls whether the current status of server tasks is recorded in the log file and on the server console. Values 0/1.
Toggles logging of view rebuild messages on (1) or off (0). Removing the parameter from notes.ini also disables the logging.
Prevents (1) the Statlog task from automatically enabling activity logging for all databases. Without an entry, Statlog enables activity logging everywhere (+64 KB per DB).
Controls whether phone calls (modem connections) are written to the Notes log file. Values 0/1/2; default 2.
Disables platform statistics on the Domino server. Default: platform statistics are enabled. With value 1 they are turned off.
Enables SSL/TLS debug logging for the Domino POP3 task. Diagnoses STARTTLS/TLS handshakes and certificate issues for POP3S and STARTTLS connections.
Prevents existing mirror console logs from being deleted at server startup. Only with
Retain_Mirror_Logs=1 do the console1.log…console999.log files generated by Console_Log_Mirror=1 survive server restarts.Enables the display of server performance events on the Domino console (value 1). By default, these events are not displayed.
Extends the output of Show Task with the currently executing command per session message. 0 = off, 1 = on.
Enables SSL/TLS debug logging for the Domino SMTP task. Very useful for diagnosing STARTTLS negotiations, certificate issues, and SSL handshakes for inbound and outbound SMTP mail.
Diagnostic switch that saves every outbound SMTP mail (including the complete MIME body) as a temporary file in the Domino data directory. Counterpart to HCL's own outbound trapping from KB0037179, when the complete MIME content of an outgoing mail is needed for support diagnostics. Only enable briefly — with this parameter active, the data directory grows fast.
Enables verbose tracing of web server authentication on the Domino console and in the log file.
Mail / Router
Mail / Router
Parameter
Information
Controls the MIME format of outgoing iCalendar meeting invitations from the Domino router. With
0, Domino reverts to pre-12.0.1 behavior (no multipart/related) — standard workaround so that O365/Outlook recipients receive invitations as calendar entries again instead of plain text or a bare ICS attachment.Controls the level of detail of the mail router logging on the server console and in log.nsf. Values: 0, 10, 20, 30, 40 — default: 20.
Controls whether all mail event messages additionally appear in the Miscellaneous Events view of the log file. 0 = router decides, 1 = always also in Misc Events.
Prevents the Domino router from aborting running compact/dbmt operations on mail files due to incoming mail deliveries.
Sets the maximum number of threads the mail router can create to perform mail transfers.
Defines the wait time (in minutes) after which undeliverable messages are returned to the sender from the retry state with a non-delivery report (NDR). This allows the default of one day (
MailTimeout=1) to be shortened to sub-day resolution — useful for environments where faster NDRs are desired.Minimum interval (in minutes) between mail polls of a Notes client to the server. Overrides the client setting in the mail setup.
Disables per-user message caching by the IMAP task. Reduces memory consumption but can slow down individual IMAP operations.
Interval (in minutes) at which the POP3 task refreshes its configuration information. Default 2 minutes.
Allows the Reporter task to send statistics to another server in the same domain via the mail router instead of using the network directly.
Allows multiple concurrent Notes-routing transfer threads to destinations outside the local Notes Named Network (NNN) — including connections via Connection documents and into other Domino domains.
Enables logging of outbound SMTP protocol conversations that the Domino router sends to external servers. Output goes into the "Miscellaneous" section of log.nsf.
Enables capturing of inbound SMTP protocol conversations that the Domino SMTP listener receives from other servers and clients. Four detail levels (1–4); additionally requires
debug_outfile.Enables capturing of the complete bytes (including RFC822 body) of the inbound SMTP conversation. Four detail levels (1–4); additionally requires
debug_outfile.Defines the greeting text (220 banner) that Domino sends on inbound SMTP connections. Set to remove hostname and version information from the banner response, denying attackers profiling of OS and Domino version. The default banner contains the server hostname plus the Domino version; with a custom value it is reduced to a neutral string.
Binds the SMTP listener to a specific Notes NRPC port (and thus to a specific IP address / NIC) on servers with multiple TCP/IP ports. Without setting this variable, the SMTP service uses the first port listed in notes.ini.
Prevents Domino from writing its software version into the
Received: headers of outgoing SMTP mail. Complementary to SMTPGreeting: this parameter hardens the mail header, the other one the banner. Mandatory setting for banner-hardening compliance, since without it the Domino version still travels with every outbound mail despite the hidden banner.Controls whether Domino saves a copy as a file when inbound SMTP messages cannot be imported into the Notes store. Value
2 additionally saves the corresponding RFC822 source.Performance / Memory
Performance / Memory
Parameter
Information
Minimum elapsed time (in minutes) between two executions of the same document update-triggered agent. Default: 30 minutes. Applies to servers and Notes clients.
Delay in minutes that the Agent Manager applies when scheduling a document update trigger after the event. Default 5 minutes.
Delay in minutes that the Agent Manager applies when scheduling a new mail trigger after mail arrival. Default 1 minute.
Delay in minutes between runs of the Agent Manager scheduler. Values 1–60, default 1.
Interval (minutes) at which the Agent Manager checks for unprocessed "On new mail" agents (catch-up check).
Limits the maximum size of the Domino server's shared memory segment in megabytes. Important on 32-bit systems and when the memory budget is tight.
Automatically enables NIFNSF — separate view index files (.NDX) outside the NSF — when new databases are created.
Activates the current ODS level (R85 / ODS 51) for newly created NSF databases.
Interval (seconds) at which changes to the Database Directory Cache are written to the run-time DB. Default 900 (15 min). Replaces DBDIR_REFRESH_INTERVAL.
Interval (seconds) at which the Database Directory Cache is validated against the physical file system. Default 900 (15 min). Replaces DBDIR_REFRESH_INTERVAL.
Interval (seconds) at which the Database Directory Cache is refreshed from the physical data directory. Default 900 (15 min). Replaces DBDIR_REFRESH_INTERVAL.
Restricts which NSF databases the Database Maintenance Tool (dbmt) processes — e.g. only mail/*.nsf or specific directories.
Number of days after which
Updall discards unused view indexes. Default 45 days.Disables the optimized view rebuild; HCL recommends using only as a last resort when
View_Rebuild_Dir has insufficient space.Number of indexing threads for Domain Search. Default: 2 threads per CPU. HCL recommendation: max. 8 threads per server.
Disables automatic on-the-fly full-text indexing during FT searches on non-indexed databases.
Controls the full-text indexing of attachments server-wide (1 = without filter, 2 = never, 3 = with filters).
Whitelist of allowed file extensions for full-text indexing of attachments — overrides the default list of all formats supported by Tika.
Companion setting to FT_INDEX_FILTER_ATTACHMENT_TYPES: sets an upper size limit (in MiB) for attachments from the whitelist; larger files are not indexed.
Extends the FT indexer's default ignore list with additional file extensions that should not be included in the full-text index.
Overflow slot to FT_INDEX_IGNORE_ATTACHMENT_TYPES (256-character limit). The FT indexer concatenates both lists.
Raises (or lowers) the default 5,000-document return limit for full-text searches on indexed databases.
Activates the default whitelist when full-text indexing attachments; only extensions on the whitelist are processed via the Tika filter. Extendable via FT_INDEX_FILTER_ATTACHMENT_TYPES.
Discards the default whitelist when full-text indexing attachments and forces exclusively the file extensions defined in FT_INDEX_FILTER_ATTACHMENT_TYPES.
Relocates the base directory for full-text indexes to an alternative, typically faster volume.
Activates memory detection and memory monitoring of the GTR FT engine per search thread, allowing memory-hungry full-text searches to be identified early.
Maximum size of an individual document/attachment for full-text indexing; default 6 MB (Win/Linux), 1 MB (macOS).
Maximum permitted memory (in MB) per FT search thread — hard limit against individual memory-hungry full-text searches.
Maximum number of concurrent FT search threads — multiplied by FTG_MB_PER_THREAD this yields the global memory pool limit of the FT engine.
Maximum working memory per full-text indexer thread for Tika attachment conversion; default 1 MB.
Has the FT engine (GTR) request memory directly from the operating system via malloc instead of from the Domino memory pool — eliminates typical memory-allocation errors during FT indexing and FT search.
Pause (in seconds) between two full-text index operations of the separate FT thread. Only takes effect when
UPDATE_FULLTEXT_THREAD=1 is active. Default 5 seconds.Pause (in milliseconds) between two full-text index operations of the separate FT thread. Only takes effect when
UPDATE_FULLTEXT_THREAD=1 is active.Sets the maximum heap size of the Java Virtual Machine for all Domino server processes outside the HTTP task (Agent Manager, periodic Java agents, runjava). Default: 256 MB.
Maximum virtual memory (in MB) the Domino server may allocate. Minimum value 4 MB; without setting it, the server uses all available memory.
Enables Dynamic Indexing of High-Usage Views — the server keeps the top 10 most active views up to date via dedicated indexer threads.
Path where externalized view indexes (NIF NSF) are stored when NIFNSFEnable is active.
Activates NIFNSF: view indexes are stored separately from the NSF (requires ODS 51 or newer).
Maximum size (in bytes) of the NSF buffer pool — a memory area that buffers I/O transfers between Domino and disk.
Sets the maximum size of the NSF buffer pool (database cache of the NSF engine) in megabytes. Larger values can significantly reduce I/O on large servers.
Maximum number of databases the server keeps open simultaneously in the database cache. Higher values reduce repeated opens but require more memory and handles.
Percentage share of system resources (memory) that the Domino server is allowed to claim for itself. Acts in particular on automatic memory sizing.
Maximum number of server threads allowed to handle an NRPC client transaction concurrently. Counterpart to Server_Pool_Tasks (pool size per NRPC port).
Upper bound (in microseconds) for a single transaction in the Server Availability Index (SAI/LoadMon) calculation. Transactions that take longer are capped at this value.
Maximum number of users allowed to access a server simultaneously. When the value is reached, the server enters the MAXUSERS state and accepts no new Open-Database requests.
Number of minutes of inactivity after which the server automatically terminates network and mobile connections.
Specifies the directory in which Notes/Domino stores temporary swap files (.tmp / VBS files). Used on systems where the system temp directory is unsuitable (separate volume for performance, anti-virus exclusion paths, separation between user and server temp areas). Default: system temp directory (e.g.
%TEMP% on Windows, /tmp on Linux/AIX).Limits the maximum number of documents per temporary full-text index that the Notes client/server can build for a database without a permanent FT index. Without this limit, large databases (mail file > 50,000 documents, archives) can lead to memory issues and slow searches when implicitly indexing for the search bar.
Disables automatic full-text index updates by the Update task. Full-text indexes are then only refreshed via scheduled
Updall runs.Disables automatic view index updates by the Update task. View indexes are then only rebuilt on demand (when opened) or via scheduled
Updall runs.Security / TLS
Security / TLS
Parameter
Information
Local access list: explicitly allowed users/groups for this server (override of the server ACL)
List of users, servers, and groups that may instruct this server to initiate a call to another server in order to establish a pass-through routing path. Corresponds to the 'Cause calling' field in the server document.
List of destination servers to which this server may route clients via pass-through. Corresponds to the 'Destinations allowed' field in the server document. Default empty = all servers allowed.
Accepts the Let's Encrypt license terms (ACME Terms of Use). Required for automatic certificate requests — without this parameter, automatic requests fail because ACME account documents ship with the License Agree setting disabled.
Automatically starts HTTP when the server is auto-configured via CertMgr. HTTP must additionally be configured for permanent autostart via ServerTasks or a Program document.
Automatically detects the host name and generates a certificate request using the default configuration via the Certificate Manager (CertMgr).
Configures the interval (in seconds) that CertMgr waits between processing certificate requests. Default 30 seconds.
Maximum number of HTTP redirects that CertMgr follows when verifying an ACME HTTP-01 challenge. Default 5. 0 disables following redirects.
Disables the internal HTTP-01 challenge verification by CertMgr before confirming in the ACME flow. Useful when the server cannot reach the challenge internally but the ACME provider can verify it externally.
Defines the proxy that the Certificate Manager uses for all outbound connections (e.g. to the ACME CA). For authenticated proxies an account document in the configuration database should be used instead.
Defines the Domino server that hosts the Certificate Store database certstore.nsf. Default is the local server.
Disables the obsolete SSLv3 protocol for incoming Domino SSL/TLS connections. Mandatory parameter to defend against POODLE and comparable attacks.
Tolerance for clock differences (clock skew) between the Domino server and the OIDC provider during web login with OIDC, in seconds. Default: 15. Permitted range: 0–600.
Lifetime of the cookies that maintain the OIDC authentication state during the login flow (in seconds). Default: 120. Permitted range: 30–900.
Defines an alternative claim name in the OIDC id_token that is used instead of the
email claim to identify the user — helpful with OIDC providers that do not return an email address.Enables workarounds for Microsoft Azure AD B2C as an OIDC provider — in particular the
client_id is additionally sent as a requested scope, which Azure AD B2C strictly requires.Controls whether Domino, during web login with OIDC, automatically redirects from the old URL
/names.nsf?OIDCLogin to the new URL /auth/protocol/oidc. Default: 1 (enabled).Controls whether Domino, during web login with OIDC, requests the
profile scope in addition to openid and email. Default: 1 (enabled) — Domino requests scope=openid email profile.Controls whether Domino, during web login with OIDC, requests
response_mode=form_post (token response as HTTP POST body) instead of the default query (token in URL parameters). Prerequisite: provider supports form_post.Advanced Notes port encryption options on the Domino server. Values are added together as a bitmask (1, 2, 4, 8, 16, 32, 64); each bit value enables a particular additional option. Effective only on the server side and only after a restart of the server task.
Enables or disables server access. When access is restricted, the server no longer accepts new open-database requests; administrators can still open databases.
Disables TLS protocol version 1.0 for all SSL-capable Domino tasks (HTTP, SMTP, IMAP, POP3, LDAP). Mandatory parameter for the compliance-driven disablement of TLS 1.0.
Defines server-wide the allowed SSL/TLS cipher suites in HCL Domino via a concatenation of 4-digit hex cipher IDs. On Domino 10.0.1 and higher, the notes.ini value is automatically migrated during upgrade and subsequently ignored.
Selects the SHA hash algorithm for SAML and Kerberos tickets in the SSO context on the Domino server. With 9.0.1 FP7, the default was raised from SHA-1 to SHA-256; possible values are 1, 256, 384, and 512. Must match the identity provider configuration and be consistent across all Domino servers in the SSO realm.
Startup / Tasks
Startup / Tasks
Parameter
Information
Number of minutes that the Administration Process (AdminP) waits before checking again for pending Interval requests.
Hour of the day (0–23) at which the Administration Process (AdminP) processes its Daily requests.
Disables the Agent Manager's mail lookup check for mail-triggered agents ("After new mail has arrived") — workaround when the signer has no person document on its mail server (typical in cluster setups).
Minimum interval in minutes between two executions of the same new mail-triggered agent. Default: 0 (no minimum interval).
Defines the weekdays on which agents with the "Don't run on weekends" option should not run. Default: Saturday (7) and Sunday (1).
List of tasks that the Domino server runs automatically at startup and keeps active throughout its lifetime.
Defines server tasks that are started automatically every day at 01:00. By default, the Catalog task (database catalog update) is entered here. Overwritten on upgrade installs unless SetupLeaveServerTasks is set.
Defines server tasks that are started automatically every day at 02:00. By default, the UPDALL task (full-text and view index update) is entered here. Overwritten on upgrade installs unless SetupLeaveServerTasks is set.
Defines server tasks that are started automatically every day at 03:00. By default, the Object Collect task on mailbox.box is entered here. Overwritten on upgrade installs unless SetupLeaveServerTasks is set.
Prevents a Domino upgrade install from resetting the ServerTasks and ServerTasksAt entries to the new default values. With SetupLeaveServerTasks=1, individually customized task lists are preserved across the upgrade.
Controls how often the Update/Updall tasks refresh the Last-Accessed timestamp of databases (NEVER / DAILY / ALWAYS).
Transaktionslog
Transaktionslog
Parameter
Information
Creates new transaction logs in the 8.5+ format with properly aligned blocks — important for disk block sizes ≠ 512 bytes.
Controls whether Domino automatically runs a Fixup on the affected database after translog recovery errors:
1 = automatic Fixup (default and recommendation), 0 = database is blocked from access instead.Sets the maximum total size of the Domino transaction log in megabytes. Corresponds to the "Maximum log space" field in the server document, "Transactional Logging" tab.
Sets the path where Domino stores its transaction log files (
*.TXN, logctrl.lfh). Corresponds to the "Log path" field in the server document, "Transactional Logging" tab.Determines the trade-off between runtime performance and restart/recovery time for transaction logging:
1 = Favor runtime, 2 = Standard (default), 3 = Favor restart recovery time. Corresponds to the "Runtime/Restart Performance" field in the server document.Enables transaction logging for all Release 5 and later databases on the server. Default 0 (disabled), 1 = enabled.
Determines the logging style of the transaction log:
0 = Circular (default, max 4 GB, circularly overwritten), 1 = Archive (logs are archived, prerequisite for incremental/point-in-time backups via DAOS or third-party backup).Parameter
Information
Number of minutes that the Administration Process (AdminP) waits before checking again for pending Interval requests.
Hour of the day (0–23) at which the Administration Process (AdminP) processes its Daily requests.
Local access list: explicitly allowed users/groups for this server (override of the server ACL)
List of users, servers, and groups that may instruct this server to initiate a call to another server in order to establish a pass-through routing path. Corresponds to the 'Cause calling' field in the server document.
List of destination servers to which this server may route clients via pass-through. Corresponds to the 'Destinations allowed' field in the server document. Default empty = all servers allowed.
Disables the Agent Manager's mail lookup check for mail-triggered agents ("After new mail has arrived") — workaround when the signer has no person document on its mail server (typical in cluster setups).
Minimum elapsed time (in minutes) between two executions of the same document update-triggered agent. Default: 30 minutes. Applies to servers and Notes clients.
Delay in minutes that the Agent Manager applies when scheduling a document update trigger after the event. Default 5 minutes.
Minimum interval in minutes between two executions of the same new mail-triggered agent. Default: 0 (no minimum interval).
Delay in minutes that the Agent Manager applies when scheduling a new mail trigger after mail arrival. Default 1 minute.
Delay in minutes between runs of the Agent Manager scheduler. Values 1–60, default 1.
Interval (minutes) at which the Agent Manager checks for unprocessed "On new mail" agents (catch-up check).
Defines the weekdays on which agents with the "Don't run on weekends" option should not run. Default: Saturday (7) and Sunday (1).
Activates the Domino billing subsystem and specifies which activity classes are billed — Agent, Database, Document, HttpRequest, Mail, Replication, Session.
Accepts the Let's Encrypt license terms (ACME Terms of Use). Required for automatic certificate requests — without this parameter, automatic requests fail because ACME account documents ship with the License Agree setting disabled.
Automatically starts HTTP when the server is auto-configured via CertMgr. HTTP must additionally be configured for permanent autostart via ServerTasks or a Program document.
Automatically detects the host name and generates a certificate request using the default configuration via the Certificate Manager (CertMgr).
Configures the interval (in seconds) that CertMgr waits between processing certificate requests. Default 30 seconds.
Maximum number of HTTP redirects that CertMgr follows when verifying an ACME HTTP-01 challenge. Default 5. 0 disables following redirects.
Disables the internal HTTP-01 challenge verification by CertMgr before confirming in the ACME flow. Useful when the server cannot reach the challenge internally but the ACME provider can verify it externally.
Defines the proxy that the Certificate Manager uses for all outbound connections (e.g. to the ACME CA). For authenticated proxies an account document in the configuration database should be used instead.
Defines the Domino server that hosts the Certificate Store database certstore.nsf. Default is the local server.
Notes client tracing: logs time, call stack, and server response times per transaction — a standard tool for diagnosing slow client operations and authentication problems.
Number of cluster replicator tasks running in parallel. By default HCL Domino starts exactly one cluster replicator.
Enables the collection of LockWaits and AvgWait values for the Show DBS command. Set only temporarily.
Persistently enables console logging to the file console.log across server restarts. Counterpart to the console command Start Consolelog.
Sets the maximum size of the Domino console log file (
console.log) and its mirror files in kilobytes. When the maximum size is reached, the file is overwritten in a circular fashion.Enables console log mirroring: Domino starts an additional server thread that writes every console output in parallel to numbered mirror files (
console1.log, console2.log, …), providing a real log history instead of just circular overwriting.Limits the maximum size of the Domino server's shared memory segment in megabytes. Important on 32-bit systems and when the memory budget is tight.
For DAOS Tier 2 (S3/MinIO over HTTPS): skips verification of the SSL certificate. Intended only for self-signed certificates.
For DAOS Tier 2 (S3/MinIO storage): forces unencrypted HTTP instead of HTTPS for the connection to the storage endpoint.
Automatically enables NIFNSF — separate view index files (.NDX) outside the NSF — when new databases are created.
Forces newly created or
compact -c-converted Notes databases to be created with on-disk structure 53 (R10 ODS). Predecessor of Create_R12_Databases. Usable on server and client.Forces newly created Notes databases to be created in ODS 55 (R12 on-disk structure). Also enables raising existing databases via
compact -c. Usable on server and client.Activates the current ODS level (R85 / ODS 51) for newly created NSF databases.
Creates new transaction logs in the 8.5+ format with properly aligned blocks — important for disk block sizes ≠ 512 bytes.
Activates the Symmetrical Cluster feature. On every cluster server, also add AutoRepair and RprCleanup to ServerTasks.
Enables/disables encryption of DAOS NLO files (Notes Large Objects). Before Domino 12 this was the primary control setting; from Domino 12 it was replaced by the 'DAOS object encryption' field in the Server document, but the notes.ini value is still honored.
Forces the legacy encryption algorithm ("Domino classic") for DAOS NLO objects, suppressing the AES-128 encryption used by default from Domino 12 onward. Mandatory setting before the upgrade to Domino 12 if you must still be able to roll back to a pre-11.0.1 version later — otherwise older servers can no longer read the NLOs created with AES-128.
Defines the base path of the DAOS repository in which the deduplicated attachments are stored as NLO files. Equivalent to the field „DAOS base path“ in the Server document, tab „DAOS“.
Shows the current state of the DAOS catalog (
daoscat.nsf): 0 = Down/Disabled, 1 = Needs Resync, 2 = Synchronized. The value is written by Domino itself and should not be changed manually.Defines in days how long an NLO file with 0 references is kept before it is physically deleted from the DAOS repository. Equivalent to the field „Deferred deletion interval“ in the Server document, tab „DAOS“.
Enables or disables the Domino Attachment and Object Service (DAOS) at the server level:
1 = DAOS active, 0 = DAOS disabled. Equivalent to the field „Store file attachments in: DAOS“ in the Server document, tab „DAOS“.Defines the minimum size in bytes from which an attachment is offloaded to the DAOS storage. Attachments below this size remain inside the NSF. Equivalent to the field „Minimum size of object before Domino will store in DAOS“ in the Server document, tab „DAOS“.
Path to the Notes/Domino data directory. Set during setup and should not be changed afterwards.
Interval (seconds) at which changes to the Database Directory Cache are written to the run-time DB. Default 900 (15 min). Replaces DBDIR_REFRESH_INTERVAL.
Interval (seconds) at which the Database Directory Cache is validated against the physical file system. Default 900 (15 min). Replaces DBDIR_REFRESH_INTERVAL.
Interval (seconds) at which the Database Directory Cache is refreshed from the physical data directory. Default 900 (15 min). Replaces DBDIR_REFRESH_INTERVAL.
Restricts which NSF databases the Database Maintenance Tool (dbmt) processes — e.g. only mail/*.nsf or specific directories.
Enables detailed Agent Manager tracing — fine-grained per subsystem (scheduling, loading, memory, performance, run-time, verbose) — the main diagnostic tool for Agent Manager problems.
Writes debug output to the console window or the server console — a standard companion parameter for almost every Domino debug setup.
Enables debug tracing for HTTP Bearer token authentication in Domino. Helps analyze failed OIDC bearer logins (e.g. invalid aud claims, expired tokens, missing scopes) on the server console.
Enables debug output for view updates and rebuilds (database, view, user); default 0.
Enables debug tracing for the global OIDC provider cache (JWK cache) starting with Domino 14.0. Replaces the earlier DEBUG_JWK_CACHE and DEBUG_JWK_CACHE_MGR parameters from 12.0.2.
Enables debug tracing from Domino 14.0 onward for the validation of OIDC provider configurations and access tokens against the providers and keys stored in idpcat.nsf. First choice for new OIDC configurations.
Enables debug tracing for the Domino server's HTTPS connection to the OIDC provider (libcurl calls). First choice for connection, proxy, or TLS trust issues between Domino and the IdP.
Enables debug tracing for JSON parsing of OIDC data structures (discovery document, JWKs, JWT claims). At level 4, Domino writes the complete JWT bearer token to the server console.
Enables tracing specifically for the auto-redirect logic (
OIDC_LOGIN_ENABLE_REDIRECT) for OIDC web login. Companion to DEBUG_OIDCLogin.Enables detailed tracing of the web-login-with-OIDC flow on the Domino server console. Five levels (0–4) from disabled to maximally verbose.
General Domino debug parameter that defines the path and filename to which various debug tasks (e.g. SMTPDebug, SMTPDebugIO, replication debug) write their output. Prerequisite for many other notes.ini debug flags.
Diagnostic switch for the advanced port encryption options controlled by PORT_ENC_ADV. With 1, the Domino server writes detailed debug logging about the bitmask to the server log; use only temporarily, since the output becomes extensive and can contain sensitive configuration details.
Enables the debug output for SAML authentication on the Domino web server. The value is a bitmask; HCL recommends
DEBUG_SAML=31 for general diagnostics and DEBUG_SAML=287 additionally for SSL/TLS certificate errors.Enables the output of the process ID/thread ID in front of every Domino console/log line. Produces entries in the format
[PID:HEX-TID] and is a prerequisite for nearly all advanced diagnostics in which threads need to be correlated.Number of days after which
Updall discards unused view indexes. Default 45 days.Path to the Notes/Domino data directory. On the Notes client, Directory points to the Notes data directory; on the Domino server, it points to the Domino data directory. Set automatically by setup and required for startup.
Disables or explicitly enables cluster replication on a Domino server. By default, cluster replication is enabled.
Disables the obsolete SSLv3 protocol for incoming Domino SSL/TLS connections. Mandatory parameter to defend against POODLE and comparable attacks.
Disables the optimized view rebuild; HCL recommends using only as a last resort when
View_Rebuild_Dir has insufficient space.Controls whether web agents (triggered by browser clients) may run simultaneously. 0 = sequential (default), 1 = asynchronous.
Enables cluster-safe, sprayer-capable single-server session cookies by appending a server-specific suffix to the DomAuthSessId cookie.
Lists the Extension Manager libraries (DLL/.so/.lib) that Domino or Notes registers in the Extension Manager at startup.
Number of indexing threads for Domain Search. Default: 2 threads per CPU. HCL recommendation: max. 8 threads per server.
Disables automatic on-the-fly full-text indexing during FT searches on non-indexed databases.
Controls the full-text indexing of attachments server-wide (1 = without filter, 2 = never, 3 = with filters).
Whitelist of allowed file extensions for full-text indexing of attachments — overrides the default list of all formats supported by Tika.
Companion setting to FT_INDEX_FILTER_ATTACHMENT_TYPES: sets an upper size limit (in MiB) for attachments from the whitelist; larger files are not indexed.
Extends the FT indexer's default ignore list with additional file extensions that should not be included in the full-text index.
Overflow slot to FT_INDEX_IGNORE_ATTACHMENT_TYPES (256-character limit). The FT indexer concatenates both lists.
Raises (or lowers) the default 5,000-document return limit for full-text searches on indexed databases.
Activates the default whitelist when full-text indexing attachments; only extensions on the whitelist are processed via the Tika filter. Extendable via FT_INDEX_FILTER_ATTACHMENT_TYPES.
Discards the default whitelist when full-text indexing attachments and forces exclusively the file extensions defined in FT_INDEX_FILTER_ATTACHMENT_TYPES.
Relocates the base directory for full-text indexes to an alternative, typically faster volume.
Activates memory detection and memory monitoring of the GTR FT engine per search thread, allowing memory-hungry full-text searches to be identified early.
Maximum size of an individual document/attachment for full-text indexing; default 6 MB (Win/Linux), 1 MB (macOS).
Maximum permitted memory (in MB) per FT search thread — hard limit against individual memory-hungry full-text searches.
Maximum number of concurrent FT search threads — multiplied by FTG_MB_PER_THREAD this yields the global memory pool limit of the FT engine.
Maximum working memory per full-text indexer thread for Tika attachment conversion; default 1 MB.
Has the FT engine (GTR) request memory directly from the operating system via malloc instead of from the Domino memory pool — eliminates typical memory-allocation errors during FT indexing and FT search.
Pause (in seconds) between two full-text index operations of the separate FT thread. Only takes effect when
UPDATE_FULLTEXT_THREAD=1 is active. Default 5 seconds.Pause (in milliseconds) between two full-text index operations of the separate FT thread. Only takes effect when
UPDATE_FULLTEXT_THREAD=1 is active.Disables selected HTTP methods (e.g. TRACE, OPTIONS) on the Domino web server. Only takes effect when the server uses the Web Configurations view rather than Internet Sites.
Extends the HTTP request logging with the data received in the POST body. Takes effect in addition to HTTPEnableThreadDebug. Only for troubleshooting.
Activates thread-based HTTP request logging in the Domino web server. Creates a file
htthr_<pid>_<tid>_<date>.log per HTTP worker thread in the IBM_TECHNICAL_SUPPORT directory.Sets the maximum heap size of the Java Virtual Machine used by the Domino HTTP task (XPages, Servlets, Java DSAPI). Default: 1 GB.
Controls the MIME format of outgoing iCalendar meeting invitations from the Domino router. With
0, Domino reverts to pre-12.0.1 behavior (no multipart/related) — standard workaround so that O365/Outlook recipients receive invitations as calendar entries again instead of plain text or a bare ICS attachment.Controls the work-week display in the HCL iNotes calendar (Web Access). With
0, the five-day work week Mon–Fri is enforced; Saturday and Sunday are hidden as the weekend — the default display layout.Sets the maximum heap size of the Java Virtual Machine for all Domino server processes outside the HTTP task (Agent Manager, periodic Java agents, runjava). Default: 256 MB.
Interval (in minutes) at which the LDAP task reloads its configuration changes from the configuration document. Default: 3 minutes.
Activates detailed debug logging of the LDAP task in HCL Domino — bind attempts, search filters, schema lookups, and referrals.
Controls whether the start of an agent execution is recorded in the log file and on the server console. Values 0/1/2.
Activates authentication logging on the server or Notes client — logs every successful Authenticate call with name and key size.
Controls the level of detail of the mail router logging on the server console and in log.nsf. Values: 0, 10, 20, 30, 40 — default: 20.
Sets, for the current server, the level of detail for logging replication events. Values 0–5, default 1.
Controls whether individual sessions are recorded in the log file and on the server console. Values 0/1.
Controls whether the current status of server tasks is recorded in the log file and on the server console. Values 0/1.
Toggles logging of view rebuild messages on (1) or off (0). Removing the parameter from notes.ini also disables the logging.
Controls whether all mail event messages additionally appear in the Miscellaneous Events view of the log file. 0 = router decides, 1 = always also in Misc Events.
Enables cluster failover for the mail router: if a recipient's home server fails, the router automatically forwards the message to a cluster replica of the mail file on another server.
Prevents the Domino router from aborting running compact/dbmt operations on mail files due to incoming mail deliveries.
Sets the maximum number of threads the mail router can create to perform mail transfers.
Defines the wait time (in minutes) after which undeliverable messages are returned to the sender from the retry state with a non-delivery report (NDR). This allows the default of one day (
MailTimeout=1) to be shortened to sub-day resolution — useful for environments where faster NDRs are desired.Maximum virtual memory (in MB) the Domino server may allocate. Minimum value 4 MB; without setting it, the server uses all available memory.
Minimum interval (in minutes) between mail polls of a Notes client to the server. Overrides the client setting in the mail setup.
Enables Dynamic Indexing of High-Usage Views — the server keeps the top 10 most active views up to date via dedicated indexer threads.
Path where externalized view indexes (NIF NSF) are stored when NIFNSFEnable is active.
Activates NIFNSF: view indexes are stored separately from the NSF (requires ODS 51 or newer).
Prevents (1) the Statlog task from automatically enabling activity logging for all databases. Without an entry, Statlog enables activity logging everywhere (+64 KB per DB).
Disables per-user message caching by the IMAP task. Reduces memory consumption but can slow down individual IMAP operations.
Path to the Notes/Domino program directory (binaries). Written automatically by setup and typically located on a different path than the data directory (Directory). Important for separating program and data partitions.
Maximum size (in bytes) of the NSF buffer pool — a memory area that buffers I/O transfers between Domino and disk.
Sets the maximum size of the NSF buffer pool (database cache of the NSF engine) in megabytes. Larger values can significantly reduce I/O on large servers.
Maximum number of databases the server keeps open simultaneously in the database cache. Higher values reduce repeated opens but require more memory and handles.
Raises the ACL size limit of an ODS 55 database from the classic ~950 to up to 65535 entries. Per HCL, must be set on both servers and clients that edit such ACLs. Only takes effect once the database has been raised to ODS 55 (Domino 12+).
Automatically raises existing local databases on
compact -c to the respective current ODS level of the running Notes/Domino version. Unlike Create_RXX_Databases for a specific ODS generation, NSF_UpdateODS=1 also automatically updates ODS levels that appear in the future.Tolerance for clock differences (clock skew) between the Domino server and the OIDC provider during web login with OIDC, in seconds. Default: 15. Permitted range: 0–600.
Lifetime of the cookies that maintain the OIDC authentication state during the login flow (in seconds). Default: 120. Permitted range: 30–900.
Defines an alternative claim name in the OIDC id_token that is used instead of the
email claim to identify the user — helpful with OIDC providers that do not return an email address.Enables workarounds for Microsoft Azure AD B2C as an OIDC provider — in particular the
client_id is additionally sent as a requested scope, which Azure AD B2C strictly requires.Controls whether Domino, during web login with OIDC, automatically redirects from the old URL
/names.nsf?OIDCLogin to the new URL /auth/protocol/oidc. Default: 1 (enabled).Enables workarounds for OIDC providers that strictly reject extra fields in the request body when authenticating with "Client Secret Basic". With OIDC_LOGIN_ENABLE_ROEID_WORKAROUNDS=1, Domino avoids the "Error 500 You are not authorized to perform this operation" error during OIDC login.
Controls whether Domino, during web login with OIDC, requests the
profile scope in addition to openid and email. Default: 1 (enabled) — Domino requests scope=openid email profile.Controls whether Domino, during web login with OIDC, requests
response_mode=form_post (token response as HTTP POST body) instead of the default query (token in URL parameters). Prerequisite: provider supports form_post.Percentage share of system resources (memory) that the Domino server is allowed to claim for itself. Acts in particular on automatic memory sizing.
Controls whether phone calls (modem connections) are written to the Notes log file. Values 0/1/2; default 2.
Disables platform statistics on the Domino server. Default: platform statistics are enabled. With value 1 they are turned off.
Interval (in minutes) at which the POP3 task refreshes its configuration information. Default 2 minutes.
Enables SSL/TLS debug logging for the Domino POP3 task. Diagnoses STARTTLS/TLS handshakes and certificate issues for POP3S and STARTTLS connections.
Advanced Notes port encryption options on the Domino server. Values are added together as a bitmask (1, 2, 4, 8, 16, 32, 64); each bit value enables a particular additional option. Effective only on the server side and only after a restart of the server task.
Number of replication errors of the same type between two databases at which the server terminates replication. Default: 2.
Controls whether the Replicator task obeys database quotas. Default: 0 = quotas are ignored.
Number of attempts to perform a push replication to a Domino server. Helpful in conflict situations when several Notes users access the same replica at the same time.
Global maximum duration (in minutes) for replication sessions on this server. Corresponds to the Connection document field 'Replication Time Limit'. Empty = unlimited.
Number of Replicator tasks that can run concurrently on the server. By default 1 Replicator task runs; changes require a server restart.
Allows the Reporter task to send statistics to another server in the same domain via the mail router instead of using the network directly.
Prevents existing mirror console logs from being deleted at server startup. Only with
Retain_Mirror_Logs=1 do the console1.log…console999.log files generated by Console_Log_Mirror=1 survive server restarts.Allows multiple concurrent Notes-routing transfer threads to destinations outside the local Notes Named Network (NNN) — including connections via Connection documents and into other Domino domains.
Enables detailed logging for the cluster replicator (
clrepl): displays status and statistics messages about cluster replication on the server console and in the log — a key diagnostic tool for cluster-replication problems.Specifies the acceptable minimum level of available system resources for a server. In a cluster, this value is used to control workload distribution.
Additional NRPC ports used in the cluster if the primary port set via Server_Cluster_Default_Port is not reachable.
Specifies the port used for intracluster network traffic.
Maximum number of server threads allowed to handle an NRPC client transaction concurrently. Counterpart to Server_Pool_Tasks (pool size per NRPC port).
Upper bound (in microseconds) for a single transaction in the Server Availability Index (SAI/LoadMon) calculation. Transactions that take longer are capped at this value.
Limits the maximum number of concurrent NRPC sessions on a Domino server. Default: 65535 (effectively unlimited). A limit forces the server to drop sessions idle for more than 1 minute before accepting new sessions.
Maximum number of users allowed to access a server simultaneously. When the value is reached, the server enters the MAXUSERS state and accepts no new Open-Database requests.
Lower bound (in microseconds) for the Server Availability Index (SAI) Loadmon calculation. On modern, fast servers the default lower bound yields an unrealistically low Availability Index. Recommendation from HCL Support / Nashed blog: 1500–2000.
Sets the size of the NRPC worker thread pool per Notes port. Default: 40 threads per active Notes port. Scales the number of concurrent NRPC requests the server task can handle.
Enables or disables server access. When access is restricted, the server no longer accepts new open-database requests; administrators can still open databases.
Number of minutes of inactivity after which the server automatically terminates network and mobile connections.
Enables the display of server performance events on the Domino console (value 1). By default, these events are not displayed.
Forces all scheduled replications initiated from the server to be pure pull replications — this server does not push changes back.
List of tasks that the Domino server runs automatically at startup and keeps active throughout its lifetime.
Defines server tasks that are started automatically every day at 01:00. By default, the Catalog task (database catalog update) is entered here. Overwritten on upgrade installs unless SetupLeaveServerTasks is set.
Defines server tasks that are started automatically every day at 02:00. By default, the UPDALL task (full-text and view index update) is entered here. Overwritten on upgrade installs unless SetupLeaveServerTasks is set.
Defines server tasks that are started automatically every day at 03:00. By default, the Object Collect task on mailbox.box is entered here. Overwritten on upgrade installs unless SetupLeaveServerTasks is set.
Prevents a Domino upgrade install from resetting the ServerTasks and ServerTasksAt entries to the new default values. With SetupLeaveServerTasks=1, individually customized task lists are preserved across the upgrade.
Extends the output of Show Task with the currently executing command per session message. 0 = off, 1 = on.
Enables logging of outbound SMTP protocol conversations that the Domino router sends to external servers. Output goes into the "Miscellaneous" section of log.nsf.
Enables capturing of inbound SMTP protocol conversations that the Domino SMTP listener receives from other servers and clients. Four detail levels (1–4); additionally requires
debug_outfile.Enables capturing of the complete bytes (including RFC822 body) of the inbound SMTP conversation. Four detail levels (1–4); additionally requires
debug_outfile.Enables SSL/TLS debug logging for the Domino SMTP task. Very useful for diagnosing STARTTLS negotiations, certificate issues, and SSL handshakes for inbound and outbound SMTP mail.
Defines the greeting text (220 banner) that Domino sends on inbound SMTP connections. Set to remove hostname and version information from the banner response, denying attackers profiling of OS and Domino version. The default banner contains the server hostname plus the Domino version; with a custom value it is reduced to a neutral string.
Binds the SMTP listener to a specific Notes NRPC port (and thus to a specific IP address / NIC) on servers with multiple TCP/IP ports. Without setting this variable, the SMTP service uses the first port listed in notes.ini.
Prevents Domino from writing its software version into the
Received: headers of outgoing SMTP mail. Complementary to SMTPGreeting: this parameter hardens the mail header, the other one the banner. Mandatory setting for banner-hardening compliance, since without it the Domino version still travels with every outbound mail despite the hidden banner.Controls whether Domino saves a copy as a file when inbound SMTP messages cannot be imported into the Notes store. Value
2 additionally saves the corresponding RFC822 source.Diagnostic switch that saves every outbound SMTP mail (including the complete MIME body) as a temporary file in the Domino data directory. Counterpart to HCL's own outbound trapping from KB0037179, when the complete MIME content of an outgoing mail is needed for support diagnostics. Only enable briefly — with this parameter active, the data directory grows fast.
Disables TLS protocol version 1.0 for all SSL-capable Domino tasks (HTTP, SMTP, IMAP, POP3, LDAP). Mandatory parameter for the compliance-driven disablement of TLS 1.0.
Defines server-wide the allowed SSL/TLS cipher suites in HCL Domino via a concatenation of 4-digit hex cipher IDs. On Domino 10.0.1 and higher, the notes.ini value is automatically migrated during upgrade and subsequently ignored.
Specifies the directory in which Notes/Domino stores temporary swap files (.tmp / VBS files). Used on systems where the system temp directory is unsuitable (separate volume for performance, anti-virus exclusion paths, separation between user and server temp areas). Default: system temp directory (e.g.
%TEMP% on Windows, /tmp on Linux/AIX).Limits the maximum number of documents per temporary full-text index that the Notes client/server can build for a database without a permanent FT index. Without this limit, large databases (mail file > 50,000 documents, archives) can lead to memory issues and slow searches when implicitly indexing for the search bar.
Selects the SHA hash algorithm for SAML and Kerberos tickets in the SSO context on the Domino server. With 9.0.1 FP7, the default was raised from SHA-1 to SHA-256; possible values are 1, 256, 384, and 512. Must match the identity provider configuration and be consistent across all Domino servers in the SSO realm.
Controls whether Domino automatically runs a Fixup on the affected database after translog recovery errors:
1 = automatic Fixup (default and recommendation), 0 = database is blocked from access instead.Sets the maximum total size of the Domino transaction log in megabytes. Corresponds to the "Maximum log space" field in the server document, "Transactional Logging" tab.
Sets the path where Domino stores its transaction log files (
*.TXN, logctrl.lfh). Corresponds to the "Log path" field in the server document, "Transactional Logging" tab.Determines the trade-off between runtime performance and restart/recovery time for transaction logging:
1 = Favor runtime, 2 = Standard (default), 3 = Favor restart recovery time. Corresponds to the "Runtime/Restart Performance" field in the server document.Enables transaction logging for all Release 5 and later databases on the server. Default 0 (disabled), 1 = enabled.
Determines the logging style of the transaction log:
0 = Circular (default, max 4 GB, circularly overwritten), 1 = Archive (logs are archived, prerequisite for incremental/point-in-time backups via DAOS or third-party backup).Controls how often the Update/Updall tasks refresh the Last-Accessed timestamp of databases (NEVER / DAILY / ALWAYS).
Disables automatic full-text index updates by the Update task. Full-text indexes are then only refreshed via scheduled
Updall runs.Disables automatic view index updates by the Update task. View indexes are then only rebuilt on demand (when opened) or via scheduled
Updall runs.Makes the Update task run view updates and full-text index updates in separate threads, so that long FT indexing operations don't block the view update queue.
Pause (in seconds) between two Update task operations. Default 5 seconds — lower values speed up index maintenance at the cost of additional system load.
Pause (in milliseconds) between two Update task operations. Finer-grained variant of UPDATE_IDLE_TIME for very powerful servers.
Disables full-text indexing on a server. 0 = full-text indexing enabled, 1 = disabled.
Minimum number of changed notes (documents) before the Update task actually refreshes a view index in a database. Default 20.
Maximum size (number of requests) of the Update task's deferred queue. Default: 32767.
How long (in minutes) deferred update requests of the Update task are held in the queue. Default: 15. Negative values = seconds.
Number of Update tasks that can run simultaneously on the server. Without an entry, only one Update task runs; changes require a server restart.
Path for temporary files during view rebuilds (
updall -R, opening a view with a deleted index). Default: system temp (e.g. C:TEMP) or the Domino data folder as fallback. Recommended: separate drive with plenty of space.Enables verbose tracing of web server authentication on the Domino console and in the log file.
Parameter
Information
Push mechanism for calendar overlays on Notes clients (10+): a predefined Google Calendar, Notes Application, or iCalendar feed URL appears in the 'Add a calendar' dialog the next time the calendar is opened, and is accepted by the user with a single click.
Minimum elapsed time (in minutes) between two executions of the same document update-triggered agent. Default: 30 minutes. Applies to servers and Notes clients.
Minimum interval in minutes between two executions of the same new mail-triggered agent. Default: 0 (no minimum interval).
Defines the weekdays on which agents with the "Don't run on weekends" option should not run. Default: Saturday (7) and Sunday (1).
Notes client tracing: logs time, call stack, and server response times per transaction — a standard tool for diagnosing slow client operations and authentication problems.
Forces newly created or
compact -c-converted Notes databases to be created with on-disk structure 53 (R10 ODS). Predecessor of Create_R12_Databases. Usable on server and client.Forces newly created Notes databases to be created in ODS 55 (R12 on-disk structure). Also enables raising existing databases via
compact -c. Usable on server and client.Activates the current ODS level (R85 / ODS 51) for newly created NSF databases.
Path to the Notes/Domino data directory. Set during setup and should not be changed afterwards.
Writes debug output to the console window or the server console — a standard companion parameter for almost every Domino debug setup.
Path to the Notes/Domino data directory. On the Notes client, Directory points to the Notes data directory; on the Domino server, it points to the Domino data directory. Set automatically by setup and required for startup.
Lists the Extension Manager libraries (DLL/.so/.lib) that Domino or Notes registers in the Extension Manager at startup.
Suppresses failover prompts on the Notes client when the current server stops responding — the actual cluster failover remains active and is transparent to the user.
Refresh interval (seconds) for iCal feed overlays in the Notes calendar. Default 3600 (one hour). Only takes effect if the user has additionally enabled ‘Refresh this calendar frequently’ on the overlay.
Whitelist of allowed file extensions for full-text indexing of attachments — overrides the default list of all formats supported by Tika.
Companion setting to FT_INDEX_FILTER_ATTACHMENT_TYPES: sets an upper size limit (in MiB) for attachments from the whitelist; larger files are not indexed.
Extends the FT indexer's default ignore list with additional file extensions that should not be included in the full-text index.
Overflow slot to FT_INDEX_IGNORE_ATTACHMENT_TYPES (256-character limit). The FT indexer concatenates both lists.
Raises (or lowers) the default 5,000-document return limit for full-text searches on indexed databases.
Activates the default whitelist when full-text indexing attachments; only extensions on the whitelist are processed via the Tika filter. Extendable via FT_INDEX_FILTER_ATTACHMENT_TYPES.
Discards the default whitelist when full-text indexing attachments and forces exclusively the file extensions defined in FT_INDEX_FILTER_ATTACHMENT_TYPES.
Stores in the Notes client notes.ini the name of the currently active Location document from the local names.nsf. The value is updated automatically when the Location is switched via the status bar in the Notes client.
Activates authentication logging on the server or Notes client — logs every successful Authenticate call with name and key size.
Controls whether all mail event messages additionally appear in the Miscellaneous Events view of the log file. 0 = router decides, 1 = always also in Misc Events.
Path to the Notes/Domino program directory (binaries). Written automatically by setup and typically located on a different path than the data directory (Directory). Important for separating program and data partitions.
Maximum size (in bytes) of the NSF buffer pool — a memory area that buffers I/O transfers between Domino and disk.
Raises the ACL size limit of an ODS 55 database from the classic ~950 to up to 65535 entries. Per HCL, must be set on both servers and clients that edit such ACLs. Only takes effect once the database has been raised to ODS 55 (Domino 12+).
Automatically raises existing local databases on
compact -c to the respective current ODS level of the running Notes/Domino version. Unlike Create_RXX_Databases for a specific ODS generation, NSF_UpdateODS=1 also automatically updates ODS levels that appear in the future.Controls whether phone calls (modem connections) are written to the Notes log file. Values 0/1/2; default 2.
Path to the shared data directory in multi-user installations of the Notes client on Windows. Written automatically by setup and is a marker of a multi-user installation; not present in single-user installs.
Controls whether Domino automatically runs a Fixup on the affected database after translog recovery errors:
1 = automatic Fixup (default and recommendation), 0 = database is blocked from access instead.Sets the maximum total size of the Domino transaction log in megabytes. Corresponds to the "Maximum log space" field in the server document, "Transactional Logging" tab.