We had a project to migrate a Domino server from a dedicated host to new Virtual Machine (VM) host.  We typically don’t do much server administration.  Having migrated over a hundred Domino servers in my previous job, I didn’t think this would be any different than any other Domino migration.

The requirement for this project was a migration instead of a move.  The customer wanted a clean server install without any legacy installs from years of previous Domino installs, plus the new OS was newer and it was running 64 bit.  There were a couple of complications, the customer is running all of these services:  DAOS, Transaction logging, BES, Traveler, ReplicAction, SMTP.  Having all these services running on the one Domino server.  We decided to move BES to a new host and replace ReplicAction with another tool.

I setup the new Domino server with a new name, setup transaction logging, DAOS then started replicating the databases over to the new server.  At this point everything worked great.  I had a user switch to the new Domino server and everything worked fine.  To minimze distrubtion with having users switch to the new server name, we opted to switch server ID files and updated DNS.  The next day we started hearing from users that they couldn’t open certain files.  We then realized that the DAOS encrypts the files with server ID, the attachments replicated during the setup period of the new server were encrypted with the temporary ID we used to setup the new server and the original server ID could not decrypt the attchments.  I found a good article here that explains DAOS encryption:


Luckily we were able to copy the encrypted DAOS NLO files and corrected the problem.  For anyone reading this, remember to turn off DAOS encryption (DAOS_ENCRYPT_NLO=0) when swapping servers.