Note: Despite careful research, the notes.ini parameters listed here may be incorrect or incomplete. Please verify each parameter in a test environment before using it in production!
Parameter
Information
Temporary directory (local path or UNC) where the Domino server stores ID files during user registration and password changes.
Server administrator (Distinguished Name).
Full-access administrators of the server (corresponds to 'Full Access Administrators' in the Server document).
Interval at which the Administration Process (AdminP) works through its queue.
Time of day at which AdminP runs daily, potentially long-running actions (name / person renames, etc.).
Wait time after server start before the Admin Process (adminp) first becomes active – prevents load on the freshly started server.
Local access list: users / groups explicitly allowed on this server (override to the server ACL).
Global access control for passthru connections via this server.
List of servers / users / groups that may use this server as a passthru server (routing).
Notes clients that may use this server as a passthru.
Servers to which passthru connections via this server are allowed.
Disables mail-related lookups when evaluating new mail trigger agents.
Disables the additional process security check of the Agent Manager (diagnostic use only).
Minimum time interval (minutes) between two runs of an "On document update" agent by the Agent Manager.
Controls how aggressively the Agent Manager triggers document-update trigger agents.
Maximum number of retries the Agent Manager performs for a failed agent run before giving up and writing an error to the log.
Minimum time interval (minutes) between two runs of an "On new mail" agent.
Interval (minutes) at which the Agent Manager checks for untriggered "On new mail" agents (catch-up check).
Defines which days of the week the Agent Manager treats as "weekend" (allows a different thread configuration).
Controls whether AutoUpdate distributes newly available Interim Fixes (IFs) automatically or only reports them for manual approval.
Limits the number of busytime lookups per request and the stored time window.
Interval (minutes) at which the busytime task refreshes the free/busy information for schedule lookups.
Polling interval of the CertMgr task in seconds – how often it scans for new / renewable TLS credentials.
Maximum number of HTTP redirects allowed during a Let's Encrypt HTTP-01 challenge by CertMgr.
Skips CertMgr's self-verification of the Let's Encrypt HTTP challenge when the server cannot reach itself via DNS (internal vs. external address).
Number of days before expiry at which CertMgr should automatically renew a TLS certificate (Let's Encrypt / ACME / manual CA).
Enables display of execution times (operation durations) in the Notes Client status bar – helpful for performance analysis.
Sets the time format (12-hour / 24-hour) for Notes / Domino. Affects the display of times in mail, calendar, and logs.
Minimum interval (hours) between cluster probes.
Number of parallel cluster replicator threads on a server in the Domino cluster.
Controls how verbosely Compact actions are logged to the console / log.
Number of parallel threads for the Compact task – speeds up nightly maintenance runs on multi-core systems.
Prevents a temporary backup copy (.BAK) of the NSF from being created during in-place Compact (faster, less disk space – but no rollback possible).
Enables the persistent console log (console.log in the IBM_TECHNICAL_SUPPORT directory).
Maximum number of rotated console log files in the IBM_TECHNICAL_SUPPORT directory (older files are deleted automatically).
Time interval (minutes) at which a timestamp is written to the console log.
Maximum size (in KB) of an individual console.log file before it is rotated.
Language and country code setting of the client (locale).
Causes newly created NSFs to automatically use AES encryption (AES-128 or AES-256) instead of RC4.
Who is allowed to create master templates on this server.
Enables NIFNSF: view indexes are offloaded to a separate .ndx file when databases are created or compacted (relieves the NSF, improves I/O performance).
Forces ODS 52 (Domino 10) when creating or compacting databases.
Forces newly created NSFs on this server to use ODS format 53 (Notes / Domino 11) – compatibility bridge for environments that still contain older clients.
Forces newly created databases to be created in the Domino 12 ODS format (ODS 54).
New databases are created with ODS 55 (R14 format) – prerequisite for the newest features (e.g. larger attachments, optimizations).
Who is allowed to create replicas on this server.
Base path of the DAOS repository where the offloaded NLO files are stored.
Number of days that DAOS NLOs are retained after dereferencing before being permanently deleted ("deferred deletion interval").
Wait time (days) before orphaned NLO files are removed from the DAOS repository.
Enables DAOS (Domino Attachment and Object Service) to consolidate file attachments outside of the NSF.
Enables encryption of new NLO files (DAOS encryption).
Enables encryption of the offloaded DAOS NLO files at the file-system level.
Directory for DAOS installation / migration log files.
Controls the verbosity of DAOS logging (NLO operations, resync, checks).
Minimum size (in bytes) at which a file attachment is offloaded to DAOS.
Path where new NLO files are stored preferentially.
Day of the week on which the DAOS manager runs the full resync.
End time (HH:MM) of the time window for the DAOS resync.
Start time (HH:MM) of the DAOS resync.
Path to the Notes / Domino data directory. Set during setup and should not be changed afterwards.
Defines how verbosely the Fixup task logs corrected notes / views and detected inconsistencies (important for post-crash analysis).
Number of parallel Compact threads the Database Maintenance Tool (dbmt) starts during a maintenance run.
Restricts which NSF databases the Database Maintenance Tool (dbmt) processes – e.g. only mail/*.nsf or only specific directories.
Completely disables Domino Domain Monitoring (DDM) – useful in small environments without central monitoring where DDM overhead should be avoided.
Debug output for the Administration Process (adminp) – shows processing of individual request documents, name changes, certifications, and replica creations.
Extended debug output for the Agent Manager (in addition to DEBUG_AMGR).
Enables Agent Manager debug output for the analysis of scheduled / triggered agents, runtimes, and queue states.
Enables debug output for the Domino backup task (dominobackup.nsf).
Automatically triggers an NSD-style data capture when a semaphore / thread is blocked longer than the specified period.
Enables detailed debug output for the Certificate Manager (CertMgr).
Debug output of the cluster components (Cluster Manager, Cluster Replicator, Cluster Probes) – shows failover decisions and member availability.
Enables verbose debug output of the Compact task (per NSF: start, end, space saved, errors) – helpful for compact issues and ODS upgrades.
Opens a second console window ("Debug Console") with detailed debug output for HCL Support.
Logs all commands sent to the server console, including the sender (local, live console, remote) – audit trail for admin actions.
Debug output of DAOS housekeeping and resync runs (daosmgr resync, daosmgr prune) – shows orphan NLOs and corrected references.
Detailed tracing of the DBMT task (Database Maintenance Tool).
Debug level of the Directory Sync task for synchronization from Active Directory into the Domino directory.
Excludes pure AD members from security groups during Directory Sync – only registered Domino users are synchronized (new in 14.5.1).
Enables detailed tracing of server console processing (DOMINO Console).
Enables debug output for the Domino IQ AI inference task.
Enables debug output for dynamic client / server configuration (DynConfig).
Debug output of the Event task – logs triggered event generators, associated handlers, and sent notifications (SMTP, mail, relay).
Writes additional diagnostic information to the console during a fault recovery (crash handling, NSD start, automatic restart).
Detailed tracing of full-text indexing and search.
Debug output of the full-text indexer (Update / UpdAll task) – reports per database start / end, document count, and errors during index build or incremental update.
Enables memory heap checks to diagnose memory errors (significant performance impact).
Logs HTTP response headers and status codes returned by the Domino HTTP stack – counterpart to DEBUG_HTTPINOUT, focused on the response side.
Writes all incoming HTTP request and outgoing response headers to the Debug_Outfile – the basis for analyzing reverse-proxy, XPages, and Verse issues.
Debug output of the LDAP task: bind attempts, search filters, schema lookups, and referrals.
Enables detailed tracing for LTPA token handling (SSO with WebSphere / Sametime).
Enables the router's detailed mail-trace logging (per recipient: lookup, hop, delivery decision).
Enables debug output of the NAMELookup API (directory resolution, group expansion, Directory Assistance) – the most important tool for authentication and ACL issues.
Enables protocol debugging at the NRPC transport layer (Notes Remote Procedure Call) – shows session setup, keepalives, and auth handshakes between Notes client and server.
Enables all NSF subsystem debug output.
Debug output during ODS upgrades (compact -c) and ODS-specific operations – shows old / new version per NSF and upgrade errors.
Enables debug output for the OIDC provider and OIDC client functionality introduced in 14.5 – shows token requests, ID-token claims, and IdP catalog lookups.
Enables debug output for OIDC authentication against the ID Vault.
Enables debug output for OIDC login on the Domino web server. Higher values = more detail.
Redirects debug / console output to a specified file (for troubleshooting and HCL Support).
Creates a separate, timestamped Debug_Outfile file at every server start instead of overwriting the existing one.
Enables debug output for policy processing on server and client.
Enables very verbose debug output of the replicator (per database, per document, per note class) – enable only temporarily, since the logs grow rapidly.
Logs per replicated note which note ID / UNID was transferred from which server into which target database – helpful for disputed replication conflicts.
Enables debug output of the Domino REST API ("Project Keep" / DRAPI) – logs JSON endpoints, token validation, and runtime errors.
Debug mode for the execution of agents on the server.
Logs the complete SAML federated login flow: metadata parsing, assertion validation, signature / encryption checks, attribute mapping.
Logs the entire server startup sequence (memory init, port binding, task start) – the primary tool for startup errors or hung services.
Logs setup, duration, and end of NRPC sessions including bytes-in / bytes-out per session – helpful for detecting session leaks and long-lived connections.
Logs the complete shutdown sequence of the server (task order, blocks, timeouts) – helpful when "quit" / "exit" hangs at the console.
Trace level for diagnosing LTPA / SSO token decoding and validation.
Detailed task statistics on the console. Shows current task actions.
Tracing of the TCP / IP layer (connection setup, errors).
Augments console / log messages with PID and thread ID (very helpful for multi-thread debugging).
Enables debug output of the shared thread pool (event pool, scheduler, agent manager, etc.) – helpful for performance issues with hung tasks.
Detailed logging for server threads.
Enables detailed TLS handshake logging (certificate chain, cipher negotiation, alerts) – the new successor to DEBUG_SSL_ALL with the OpenSSL backend.
Logs per XPages request the start time, runtime, and memory consumption – helpful for identifying slow XPages / Verse operations.
Default mail template used for newly registered users.
Local deny list: explicitly denied users / groups for this server.
FQDN that the DIIOP task publishes to clients in the IOR – important in NAT / reverse-proxy environments.
Sets the data directory of the Domino server or Notes client (NSFs, notes.ini, IDs).
Disables caching of DAOS NLO file handles (for error diagnosis, with performance impact).
List of disabled ports (configured but not loaded).
Disables the automatic update check / installation (AutoUpdate) of the Notes client.
Disables the mail recall function server-wide. Prevents users from withdrawing messages that have already been delivered.
Domino domain name to which the server is assigned.
Enables the extended HTTP access log in Combined / CLF format in addition to domlog.nsf – directly available via log rotation.
Concrete value of the Content-Security-Policy header that Domino delivers when DOMINO_ENABLE_CSP=1.
Enables sending of the Content-Security-Policy header by the Domino HTTP stack (counterpart to HSTS).
Allows fully overriding the HSTS header (Strict-Transport-Security).
Disables caching of Web Site Rule / Web Site Document changes in the HTTP stack so that changes in names.nsf take effect immediately (without tell http refresh).
Sets the X-Permitted-Cross-Domain-Policies header for HTTP responses.
Sets the Referrer-Policy header for HTTP responses.
Sets the X-Content-Type-Options header (e.g. 'nosniff') for HTTP responses.
Path / file name of the current log file of the Domino Controller (dctrl); rotated on every restart.
Enables the Domino Credential Store (credstore.nsf) for the encrypted storage of secrets for OAuth / REST / integrations.
Log level of the Domino IQ task (LLM / RAG integration).
Suppresses the display of banner / copyright / version information over SMTP, POP3, IMAP, and HTTP (security hardening).
Enables / disables the execution of Java agents on the server.
Enables the "Search this View" function newly introduced in Notes 14.5 in the workspace. A value of 0 disables the feature.
Enables the XPages runtime in the Notes client (XPiNC) so that XPages applications can run locally in the rich client.
Encrypts incoming mail for all recipients on this server.
Forces full conversion of doclinks (e.g. into MIME).
Size of the event pool (memory for the Event task); should be increased on large servers with many monitoring events.
Interval at which the Events task runs event generators and handlers from events4.nsf.
Additional search directory for Extension Manager add-ins. From 14.5, Extension Manager add-ins are loaded for security reasons only from the Domino binary directory and the Windows system directories; this parameter allows one additional, trusted path.
Enables fault recovery: the Domino server automatically restarts itself after a crash and produces an NSD.
Upper limit for the number of hits returned by a full-text search (FT search) when the caller does not set its own limit.
Disables 'on-the-fly' full-text indexing for search queries against databases without an existing FT index.
Prevents scheduled full-text indexing via the 'Indexer' task.
Prevents documents from being compressed during full-text indexing (higher disk usage, faster search).
Indexes fields in the full-text index even when they are marked as 'noindex'. Required for Domino IQ RAG.
Maximum number of active HTTP worker threads on the Domino web server.
Specifies which DSAPI filters should be loaded in advance at HTTP startup – avoids longer load times on the first request.
Adds the Secure flag to HTTP session and LTPA cookies so that they are transmitted only over HTTPS connections.
Allows or blocks double URL decoding or % characters in URL paths – a protection against certain HTTP smuggling and path-traversal attacks.
Shared secret between the reverse proxy and Domino HTTP, so that upstream headers (e.g. $WSRA, $WSRU) are accepted only from trusted proxies – mandatory from 12.0.1 in combination with HTTPEnableConnectorHeaders.
Writes only the most recent HTTP request to the HTTP debug log – useful when reproducing specific errors.
Disables HTTP Basic authentication on the Domino HTTP task.
Disables certain HTTP methods (e.g. TRACE, DELETE, PUT) to harden the web server.
Disables the HTTP TRACE method on the web server (security hardening against cross-site tracing).
Disables the automatic setting of the X-Frame-Options header.
Enables SPNEGO / Kerberos authentication on the Domino HTTP stack – prerequisite for "Single Sign-On via Windows Domain" in Verse and iNotes.
Allows acceptance of connector headers (e.g. $WSRA for reverse-proxy SSO). For security reasons, enable only when the HTTP server is not directly reachable from the Internet.
Enables preloading of XPages applications when the HTTP task starts (faster first page request).
Enables the 'includeSubDomains' attribute in the HSTS response header.
Sets the max-age value for the HSTS header (Strict-Transport-Security) – forces browsers to use HTTPS exclusively for the configured period.
Maximum Java heap size for the HTTP JVM (relevant for XPages, Domino REST API, Java servlets).
Stack size per thread for the HTTP JVM (XPages / Verse) – increase in case of StackOverflowError in deeply nested XPage controls.
Enables HTTP Keep-Alive – multiple HTTP requests over the same TCP connection (significant performance improvement).
Size of the internal queue for HTTP log entries.
List of URL paths / patterns that should not appear in the HTTP access log (e.g. health-check URLs).
Configures the format / behavior of the HTTP access log.
Limits the number of concurrent HTTP connections per source IP address to mitigate DoS effects.
Maximum size (in bytes) of an HTTP request body – limits, among other things, file uploads in XPages, Verse, and the Domino REST API.
Limits the number of HTTP requests served over a single Keep-Alive connection before the connection is closed.
Prevents the creation of HTTP sessions (disables Single Sign-On / session authentication).
Enables server-side processing of redirect rules.
Delivers a simplified HTML rendering of Notes documents without Notes-specific elements.
Forces 'Connection: close' for all HTTP responses. Helps with reverse-proxy issues but disables Keep-Alive.
Interval in minutes at which the IMAP task re-reads configuration changes from the Server document.
Blocks individual users from accessing iNotes / Verse.
Enables logging of all AJAX requests between the iNotes / Verse browser and the server – helpful for UI issues and timeouts.
Fallback language of the iNotes / Verse UI when the browser does not send a matching Accept-Language and the user has no personal setting.
List of iNotes / Verse-on-Web functions that are hidden from users (feature restriction in the web client).
URL to which iNotes / Verse should redirect after logout (e.g. central portal or IdP logout page).
Maximum size of a single file that iNotes / Verse users may upload via the browser.
Maximum heap size of the Java VM for agents and HTTP tasks.
Class path for Java agents and Java code on the Domino server / Notes client.
Disables the automatic backup of the KYR / PEM file when it is written.
Path or filename of the server's or Notes user's ID file.
Stores the password of the server ID file in encrypted form for unattended server start (e.g. with the Domino Server Password Tool).
Indicates the installation type (server vs. client). Set by setup.
Version identifier of the installed Notes / Domino kit. Written by the installer.
Disables the LDAP query result cache so that directory updates take effect immediately in LDAP (at the cost of performance).
Interval in minutes at which the LDAP task re-reads the configuration (directory, schema).
Enables debug output for the LDAP task.
Upper limit for the number of entries the LDAP task returns per search query (DoS protection and performance).
Currently active Location document of the Notes client – controls mail mode, replication, and ports.
Defines the log database (log.nsf) including retention options; classic Notes / Domino log configuration.
Controls logging of Agent Manager activity (executed agents, schedules, errors).
Logs incoming and outgoing NRPC connections in log.nsf (setup, duration, protocol).
Verbosity of mail routing: controls how much detail the router writes about events (deliveries, connections, errors) to log.nsf and the console.
Controls the level of detail in replication logging written to log.nsf.
Logs individual user sessions (logins / connections) to log.nsf and to the console.
Periodically writes the status of all server tasks to log.nsf and the console (similar to 'show tasks').
Verbosity of the indexer / Updater: controls how much detail the Updater / UpdAll task writes to the console and log.nsf.
Directory for HTTP and other debug log files. Default is IBM_TECHNICAL_SUPPORT in the data directory.
Logs detailed errors when building the certificate chain.
Number of days that undeliverable messages are held in MAIL.BOX before they are marked as dead mail.
Additionally writes mail routing messages to the Miscellaneous Events log (log.nsf).
Enables automatic mail failover in a Domino cluster.
Detailed tracing of mail processing (Router, Mail Box).
Disables mail encryption server-wide (for diagnostics or migrations).
Controls encryption of outgoing emails by the Notes Client.
Controls the encryption of saved emails (Sent / Drafts) in the Notes Client.
Path / name of the Notes user's mail file (relative to the data directory of the mail server).
When a mail hold is enabled (router paused), only undeliverable mail is held in mail.box, while normal deliveries continue unchanged.
Enables journaling of all mails handled by the router (compliance / archiving).
Maximum number of parallel router threads (delivery to local mail databases).
Name of the Notes user's mail server (home server of the mail file).
Maximum age (days) of messages in MAIL.BOX before they are marked as undeliverable.
Sets a hard limit on the shared memory a Notes process (especially the 32-bit Notes Client) is allowed to allocate.
Enables strict Content-ID resolution for MIME inline images; prevents incorrectly referenced attachments from being shown in mails.
Enforces Notes Federated Login (NFL) for all Notes Clients. Notes client logon is then only possible via the configured IdP.
Base path under which the NIFNSF .ndx index files are stored (should be on fast local storage / SSD).
Size (in bytes) of the server's name lookup cache.
Disables the certificate revocation list (CRL) check for SSL/TLS connections – useful when CRL servers are unreachable, but security-critical.
Enables debug output for internal Domino queues and thread pools.
Maximum number of simultaneously open file handles for the Notes / Domino process.
Size of the individual shared memory pools (DPools) from which Notes / Domino allocates memory – fine tuning for very large servers.
Sets the size of the NSF buffer pool (cache for database pages) in megabytes – the most important tuning parameter for server performance.
Completely disables the NSF database cache – set only for debugging or in case of cache-related corruption, since performance drops drastically.
Maximum number of databases kept open simultaneously in the NSF database cache.
Minimum number of NSFs the database cache always keeps open – prevents flapping under highly variable load.
Global switch for document locking at the NSF level (in addition to the database property).
Maximum size of a DPool block in the Domino memory manager (64-bit); affects handle limits and memory fragmentation when many NSFs are loaded.
Logs when NSF databases are removed from the database cache and closed – helpful for evaluating cache tuning (MaxEntries / MinEntries).
Timeout (in seconds) when opening an NSF database before the operation is aborted.
Enables OCSP revocation checks for client certificates during TLS client authentication (HTTPS, SMTP / LDAP STARTTLS).
Controls whether OCSP verification of certificates is skipped.
Permitted clock skew (seconds) between the Domino server and the OIDC provider when validating the id_token.
Duration of the OIDC login session in seconds before the user must re-authenticate with the OIDC provider.
Enables or disables server-wide redirects to the OIDC provider during web login. A value of 0 disables the redirect.
Controls server-side enforcement of Notes ID password quality and password expiration during authentication.
Enables Platform Statistics (CPU, memory, disk, network) – viewable in domlog.nsf / ServerHealth.
Interval in minutes at which the POP3 task re-reads its configuration.
List of enabled network ports used by Notes / Domino (order = priority).
Forces the replicator to respect the quota settings of a target NSF and to stop writing documents once the limit is reached.
Number of retries the replicator performs after a failed push replication (e.g. for transient network issues between cluster nodes).
Maximum duration (minutes) for a single replication run – if it runs longer, replication is aborted and resumed later.
List of operations (e.g. Console, RestrictedAgent) that may only be executed by authorized users.
Allows defining named lists for use with 'RestrictedOperations'.
Adds counters of transferred / rejected / journaled mails to the router log after each message processing – useful for reporting and event monitoring.
Maximum number of router delivery attempts before a message is marked as definitively undeliverable and returned via NDR.
Prevents emptying / compacting an empty mail.box at router startup – useful on reverse-proxy edge servers that only forward mails.
Allows concurrent mail transfers to all external domains, not only to configured hosts.
Timeout (in seconds) for the router's SMTP commands sent to external hosts.
Blocks routing to the specified domains.
Suppresses sending of Non-Delivery Reports (NDR) by the router – useful to avoid backscatter spam.
Maximum number of concurrent mail-router transfer threads to a single target server.
Interval (in minutes) for the router's path check (verifying the routing topology).
Forces Domino as a SAML service provider to accept only signed assertions (protection against tampered SSO responses).
Prevents the Schedule task from automatically creating or updating Calendar profiles in other users' mail databases.
Enables debug output for the Scheduler task (calendar availability, free-time lookups, busytime.nsf / clubusy.nsf access).
Forces internet passwords to be stored in the more secure hash format (salted SHA instead of @Password).
Threshold for the availability index: below this value the server stops accepting new client sessions (cluster load balancing).
Default port for cluster communication.
Interval (in minutes) at which cluster mates probe each other to determine availability and latency.
Maximum wait time (in minutes) between cluster probe cycles – determines how quickly a failed cluster mate is detected.
Interval at which the server checks for thread deadlocks and, if needed, automatically triggers an NSD with stack trace.
Maximum expected transaction time (in 1/100 sec); above this value the availability index drops to 0 %.
Maximum number of concurrent transactions the server processes.
Maximum number of concurrently active NRPC sessions on the server.
Maximum number of concurrently logged-in users – additional logins are rejected (SERVER_MAXUSERS_TYPE controls the behavior).
Minimum transaction time (in 1/100 sec) below which the availability index stays at 100 %.
Number of worker threads in the general server task pool – affects throughput of background tasks (agents, events, admin requests).
Default number of server pool tasks per port (network threads).
Switches the server into a restricted operating mode (e.g. only admins may connect); the console command 'set restricted' uses this value.
Time in minutes after which inactive Notes / NRPC sessions are disconnected by the server (frees licenses / resources).
Shows detailed performance statistics on the server console.
Adds an extra header line to the 'show performance' console command.
Shows user activity on the console (User Activity).
Time window (in seconds) over which the transaction statistics for the availability index are averaged.
Hierarchical name of the server (certified Common Name).
Status of the initial server setup. Set automatically by the setup program and should not be changed manually.
Defines the server tasks that are loaded automatically when the Domino server starts.
Delays the start of tasks from ServerTasks / ServerTasksAtX to avoid CPU and I/O spikes at boot (staggered start).
Defines time-scheduled server tasks that run automatically at a specific hour (ServerTasksAt1 … ServerTasksAt5).
Scheduled server tasks at the respective full hours (2–12). Counterpart to ServerTasksAt1; each is a comma-separated task list.
First name of the first admin user that is registered automatically during one-touch setup.
Last name of the first admin user that is registered automatically during one-touch setup.
Organization name (O=) for the new certifier hierarchy created during one-touch setup of a first server.
Defines the server type to be created in the new domain document during one-touch setup (OTS) – first server vs. additional server.
Shows detailed task information (including sub-threads) in 'show tasks' and other console output.
Shows the current progress (percent) per database on the console during a compact run.
Logs the entire SMTP dialog (HELO/EHLO, MAIL FROM, RCPT TO, DATA) to the console / Debug_Outfile – the central tool for mail routing problems.
Sets the SMTP greeting text (220 banner) of the Domino SMTP listener – useful for hiding product / version information.
Enables or disables the inbound SMTP listener, overriding the Server document – useful for emergency shutdowns or cluster-specific configurations.
TCP port on which the Domino SMTP listener accepts connections (default 25).
Logs the TLS version and the negotiated cipher suite for every incoming and outgoing SMTP connection – useful for compliance and interoperability evidence.
Maximum number of concurrent inbound SMTP connections.
Maximum recipients per inbound SMTP message (protection against mail bombing / spam).
Maximum number of recipients per inbound SMTP message.
Whitelist of hosts / domains that are allowed to relay through the server.
Interval at which the router forwards outbound mail from mail.box to external SMTP servers.
Disables TLS / SSL renegotiation on the Domino server (protection against CVE-2009-3555). Source: HCL KB0036502. Controls whether TLS / SSL renegotiation is allowed on the Domino server. A value of 1 disables renegotiation – recommended to harden the server against SSL renegotiation attacks (CVE-2009-3555). The setting affects, for example, the HTTP task; a restart or 'restart task http' is required after changing the value.
Disables TLS 1.0 for all server protocols (HTTP, SMTP, IMAP, POP3, LDAP) – security hardening.
Disables TLS 1.1 for all server protocols (HTTP, SMTP, IMAP, POP3, LDAP) – should be set on modern servers.
Disables TLS version 1.2 for Domino internet ports.
Disables TLS 1.3 in the Domino TLS stack (counterpart to SSL_DISABLE_TLS_10/11/12; from version 14 onward TLS 1.3 is enabled by default).
Defines the elliptic curves (EC key-exchange groups) accepted by the OpenSSL-based TLS stack and their order.
Allows legacy clients without RFC 5746 support to continue using insecure TLS renegotiation – use only as a temporary transition until clients are upgraded.
Allows TLS renegotiation for inbound connections.
Defines the TLS / SSL cipher suites supported by Domino (overrides the default list).
Controls the stacking of application icons in the Workspace (multiple replicas of a database).
Defines the default font family for the Notes Client; from 14.5.1 onward, 'Inter Medium' is the new default font (part of the UI refresh).
Configuration of the TCP/IP port (bound IP address / hostname and port number for NRPC, default 1352).
Temporary working directory for Notes / Domino processes (e.g. for installation and compact operations).
Allows or denies TLS renegotiation in the Domino TLS stack (disabled by default for security reasons).
User-defined list of permitted TLS cipher suites (overrides the values from the Server document / Internet Site).
Enables (1) or disables (0) the automatic Fixup after a transaction-log recovery at server start.
Maximum number of archive extents in the archive transaction-log style. Limits the disk usage of the archive log.
Maximum total size of the transaction log in megabytes.
Defines the path where the transaction log files are stored (should reside on a dedicated physical volume).
Performance / recovery mode of the transaction log (balance between write throughput and crash recovery).
Enables or disables transactional logging on the Domino server.
Determines the transaction-log mode (circular or archived).
Determines whether the transaction log may use the entire available space on the translog volume.
List of trusted servers whose authentication is accepted as 'on-behalf-of' (e.g. for DOLS).
Time interval (in minutes) at which the Indexer task processes background view updates.
Number of parallel index processes the Indexer (Update task) launches.
Controls full-text indexing in a separate thread to avoid blocking other operations.
Disables automatic creation / refresh of full-text indexes by the Indexer.
Limits how often a view can be re-updated before the Indexer suppresses it (anti-thrashing).
Time window (minutes) within which a view is no longer rebuilt after multiple updates.
Path for temporary index files when the Indexer rebuilds views.
Suppresses console messages from the HCL Volt task in the server console.
Validates the IP address against the session token for HTTP authentication (anti session-hijacking).
Lifetime of an HTTP session (in minutes) before the user has to re-authenticate.
Enables extended HTTP statistics in domlog.nsf and platform statistics.
Custom title for the server console window – useful for distinguishing multiple instances.
List of databases whose XPages are preloaded after server start (faster first response time).
Client Configuration
Client Configuration
Parameter
Information
Sets the time format (12-hour / 24-hour) for Notes / Domino. Affects the display of times in mail, calendar, and logs.
Language and country code setting of the client (locale).
Disables the automatic update check / installation (AutoUpdate) of the Notes client.
Enables the "Search this View" function newly introduced in Notes 14.5 in the workspace. A value of 0 disables the feature.
Enables the XPages runtime in the Notes client (XPiNC) so that XPages applications can run locally in the rich client.
Currently active Location document of the Notes client – controls mail mode, replication, and ports.
Controls the stacking of application icons in the Workspace (multiple replicas of a database).
Defines the default font family for the Notes Client; from 14.5.1 onward, 'Inter Medium' is the new default font (part of the UI refresh).
Cluster
Cluster
Parameter
Information
Minimum interval (hours) between cluster probes.
Number of parallel cluster replicator threads on a server in the Domino cluster.
Enables automatic mail failover in a Domino cluster.
Forces the replicator to respect the quota settings of a target NSF and to stop writing documents once the limit is reached.
Number of retries the replicator performs after a failed push replication (e.g. for transient network issues between cluster nodes).
Maximum duration (minutes) for a single replication run – if it runs longer, replication is aborted and resumed later.
Default port for cluster communication.
Interval (in minutes) at which cluster mates probe each other to determine availability and latency.
Maximum wait time (in minutes) between cluster probe cycles – determines how quickly a failed cluster mate is detected.
DAOS
DAOS
Parameter
Information
Base path of the DAOS repository where the offloaded NLO files are stored.
Number of days that DAOS NLOs are retained after dereferencing before being permanently deleted ("deferred deletion interval").
Wait time (days) before orphaned NLO files are removed from the DAOS repository.
Enables DAOS (Domino Attachment and Object Service) to consolidate file attachments outside of the NSF.
Enables encryption of new NLO files (DAOS encryption).
Enables encryption of the offloaded DAOS NLO files at the file-system level.
Directory for DAOS installation / migration log files.
Controls the verbosity of DAOS logging (NLO operations, resync, checks).
Minimum size (in bytes) at which a file attachment is offloaded to DAOS.
Path where new NLO files are stored preferentially.
Day of the week on which the DAOS manager runs the full resync.
End time (HH:MM) of the time window for the DAOS resync.
Start time (HH:MM) of the DAOS resync.
Disables caching of DAOS NLO file handles (for error diagnosis, with performance impact).
General
General
Parameter
Information
Forces newly created NSFs on this server to use ODS format 53 (Notes / Domino 11) – compatibility bridge for environments that still contain older clients.
Path to the Notes / Domino data directory. Set during setup and should not be changed afterwards.
Sets the data directory of the Domino server or Notes client (NSFs, notes.ini, IDs).
List of disabled ports (configured but not loaded).
Class path for Java agents and Java code on the Domino server / Notes client.
Version identifier of the installed Notes / Domino kit. Written by the installer.
List of enabled network ports used by Notes / Domino (order = priority).
Configuration of the TCP/IP port (bound IP address / hostname and port number for NRPC, default 1352).
Temporary working directory for Notes / Domino processes (e.g. for installation and compact operations).
Custom title for the server console window – useful for distinguishing multiple instances.
HTTP / Web
HTTP / Web
Parameter
Information
FQDN that the DIIOP task publishes to clients in the IOR – important in NAT / reverse-proxy environments.
Allows fully overriding the HSTS header (Strict-Transport-Security).
Disables caching of Web Site Rule / Web Site Document changes in the HTTP stack so that changes in names.nsf take effect immediately (without tell http refresh).
Sets the X-Permitted-Cross-Domain-Policies header for HTTP responses.
Sets the Referrer-Policy header for HTTP responses.
Sets the X-Content-Type-Options header (e.g. 'nosniff') for HTTP responses.
Indexes fields in the full-text index even when they are marked as 'noindex'. Required for Domino IQ RAG.
Maximum number of active HTTP worker threads on the Domino web server.
Specifies which DSAPI filters should be loaded in advance at HTTP startup – avoids longer load times on the first request.
Allows or blocks double URL decoding or % characters in URL paths – a protection against certain HTTP smuggling and path-traversal attacks.
Disables HTTP Basic authentication on the Domino HTTP task.
Disables the HTTP TRACE method on the web server (security hardening against cross-site tracing).
Disables the automatic setting of the X-Frame-Options header.
Enables preloading of XPages applications when the HTTP task starts (faster first page request).
Enables the 'includeSubDomains' attribute in the HSTS response header.
Maximum Java heap size for the HTTP JVM (relevant for XPages, Domino REST API, Java servlets).
Enables HTTP Keep-Alive – multiple HTTP requests over the same TCP connection (significant performance improvement).
Size of the internal queue for HTTP log entries.
List of URL paths / patterns that should not appear in the HTTP access log (e.g. health-check URLs).
Configures the format / behavior of the HTTP access log.
Limits the number of concurrent HTTP connections per source IP address to mitigate DoS effects.
Maximum size (in bytes) of an HTTP request body – limits, among other things, file uploads in XPages, Verse, and the Domino REST API.
Limits the number of HTTP requests served over a single Keep-Alive connection before the connection is closed.
Prevents the creation of HTTP sessions (disables Single Sign-On / session authentication).
Enables server-side processing of redirect rules.
Delivers a simplified HTML rendering of Notes documents without Notes-specific elements.
Forces 'Connection: close' for all HTTP responses. Helps with reverse-proxy issues but disables Keep-Alive.
Blocks individual users from accessing iNotes / Verse.
Fallback language of the iNotes / Verse UI when the browser does not send a matching Accept-Language and the user has no personal setting.
List of iNotes / Verse-on-Web functions that are hidden from users (feature restriction in the web client).
URL to which iNotes / Verse should redirect after logout (e.g. central portal or IdP logout page).
Maximum size of a single file that iNotes / Verse users may upload via the browser.
Disables the LDAP query result cache so that directory updates take effect immediately in LDAP (at the cost of performance).
List of databases whose XPages are preloaded after server start (faster first response time).
Logging / Debug
Logging / Debug
Parameter
Information
Enables display of execution times (operation durations) in the Notes Client status bar – helpful for performance analysis.
Controls how verbosely Compact actions are logged to the console / log.
Enables the persistent console log (console.log in the IBM_TECHNICAL_SUPPORT directory).
Maximum number of rotated console log files in the IBM_TECHNICAL_SUPPORT directory (older files are deleted automatically).
Time interval (minutes) at which a timestamp is written to the console log.
Maximum size (in KB) of an individual console.log file before it is rotated.
Defines how verbosely the Fixup task logs corrected notes / views and detected inconsistencies (important for post-crash analysis).
Completely disables Domino Domain Monitoring (DDM) – useful in small environments without central monitoring where DDM overhead should be avoided.
Debug output for the Administration Process (adminp) – shows processing of individual request documents, name changes, certifications, and replica creations.
Extended debug output for the Agent Manager (in addition to DEBUG_AMGR).
Enables Agent Manager debug output for the analysis of scheduled / triggered agents, runtimes, and queue states.
Enables debug output for the Domino backup task (dominobackup.nsf).
Automatically triggers an NSD-style data capture when a semaphore / thread is blocked longer than the specified period.
Enables detailed debug output for the Certificate Manager (CertMgr).
Debug output of the cluster components (Cluster Manager, Cluster Replicator, Cluster Probes) – shows failover decisions and member availability.
Enables verbose debug output of the Compact task (per NSF: start, end, space saved, errors) – helpful for compact issues and ODS upgrades.
Opens a second console window ("Debug Console") with detailed debug output for HCL Support.
Logs all commands sent to the server console, including the sender (local, live console, remote) – audit trail for admin actions.
Debug output of DAOS housekeeping and resync runs (daosmgr resync, daosmgr prune) – shows orphan NLOs and corrected references.
Detailed tracing of the DBMT task (Database Maintenance Tool).
Debug level of the Directory Sync task for synchronization from Active Directory into the Domino directory.
Enables detailed tracing of server console processing (DOMINO Console).
Enables debug output for the Domino IQ AI inference task.
Enables debug output for dynamic client / server configuration (DynConfig).
Debug output of the Event task – logs triggered event generators, associated handlers, and sent notifications (SMTP, mail, relay).
Writes additional diagnostic information to the console during a fault recovery (crash handling, NSD start, automatic restart).
Detailed tracing of full-text indexing and search.
Debug output of the full-text indexer (Update / UpdAll task) – reports per database start / end, document count, and errors during index build or incremental update.
Enables memory heap checks to diagnose memory errors (significant performance impact).
Logs HTTP response headers and status codes returned by the Domino HTTP stack – counterpart to DEBUG_HTTPINOUT, focused on the response side.
Writes all incoming HTTP request and outgoing response headers to the Debug_Outfile – the basis for analyzing reverse-proxy, XPages, and Verse issues.
Debug output of the LDAP task: bind attempts, search filters, schema lookups, and referrals.
Enables detailed tracing for LTPA token handling (SSO with WebSphere / Sametime).
Enables the router's detailed mail-trace logging (per recipient: lookup, hop, delivery decision).
Enables debug output of the NAMELookup API (directory resolution, group expansion, Directory Assistance) – the most important tool for authentication and ACL issues.
Enables protocol debugging at the NRPC transport layer (Notes Remote Procedure Call) – shows session setup, keepalives, and auth handshakes between Notes client and server.
Enables all NSF subsystem debug output.
Debug output during ODS upgrades (compact -c) and ODS-specific operations – shows old / new version per NSF and upgrade errors.
Enables debug output for the OIDC provider and OIDC client functionality introduced in 14.5 – shows token requests, ID-token claims, and IdP catalog lookups.
Enables debug output for OIDC authentication against the ID Vault.
Enables debug output for OIDC login on the Domino web server. Higher values = more detail.
Redirects debug / console output to a specified file (for troubleshooting and HCL Support).
Creates a separate, timestamped Debug_Outfile file at every server start instead of overwriting the existing one.
Enables debug output for policy processing on server and client.
Enables very verbose debug output of the replicator (per database, per document, per note class) – enable only temporarily, since the logs grow rapidly.
Logs per replicated note which note ID / UNID was transferred from which server into which target database – helpful for disputed replication conflicts.
Enables debug output of the Domino REST API ("Project Keep" / DRAPI) – logs JSON endpoints, token validation, and runtime errors.
Debug mode for the execution of agents on the server.
Logs the complete SAML federated login flow: metadata parsing, assertion validation, signature / encryption checks, attribute mapping.
Logs the entire server startup sequence (memory init, port binding, task start) – the primary tool for startup errors or hung services.
Mail / Router
Mail / Router
Parameter
Information
Limits the number of busytime lookups per request and the stored time window.
Interval (minutes) at which the busytime task refreshes the free/busy information for schedule lookups.
Default mail template used for newly registered users.
Disables the mail recall function server-wide. Prevents users from withdrawing messages that have already been delivered.
Encrypts incoming mail for all recipients on this server.
Forces full conversion of doclinks (e.g. into MIME).
Interval in minutes at which the IMAP task re-reads configuration changes from the Server document.
Verbosity of mail routing: controls how much detail the router writes about events (deliveries, connections, errors) to log.nsf and the console.
Number of days that undeliverable messages are held in MAIL.BOX before they are marked as dead mail.
Additionally writes mail routing messages to the Miscellaneous Events log (log.nsf).
Disables mail encryption server-wide (for diagnostics or migrations).
Controls encryption of outgoing emails by the Notes Client.
Controls the encryption of saved emails (Sent / Drafts) in the Notes Client.
Path / name of the Notes user's mail file (relative to the data directory of the mail server).
When a mail hold is enabled (router paused), only undeliverable mail is held in mail.box, while normal deliveries continue unchanged.
Enables journaling of all mails handled by the router (compliance / archiving).
Maximum number of parallel router threads (delivery to local mail databases).
Name of the Notes user's mail server (home server of the mail file).
Maximum age (days) of messages in MAIL.BOX before they are marked as undeliverable.
Enables strict Content-ID resolution for MIME inline images; prevents incorrectly referenced attachments from being shown in mails.
Interval in minutes at which the POP3 task re-reads its configuration.
Adds counters of transferred / rejected / journaled mails to the router log after each message processing – useful for reporting and event monitoring.
Maximum number of router delivery attempts before a message is marked as definitively undeliverable and returned via NDR.
Prevents emptying / compacting an empty mail.box at router startup – useful on reverse-proxy edge servers that only forward mails.
Allows concurrent mail transfers to all external domains, not only to configured hosts.
Timeout (in seconds) for the router's SMTP commands sent to external hosts.
Blocks routing to the specified domains.
Suppresses sending of Non-Delivery Reports (NDR) by the router – useful to avoid backscatter spam.
Maximum number of concurrent mail-router transfer threads to a single target server.
Interval (in minutes) for the router's path check (verifying the routing topology).
Prevents the Schedule task from automatically creating or updating Calendar profiles in other users' mail databases.
Sets the SMTP greeting text (220 banner) of the Domino SMTP listener – useful for hiding product / version information.
Enables or disables the inbound SMTP listener, overriding the Server document – useful for emergency shutdowns or cluster-specific configurations.
TCP port on which the Domino SMTP listener accepts connections (default 25).
Maximum number of concurrent inbound SMTP connections.
Maximum recipients per inbound SMTP message (protection against mail bombing / spam).
Maximum number of recipients per inbound SMTP message.
Whitelist of hosts / domains that are allowed to relay through the server.
Interval at which the router forwards outbound mail from mail.box to external SMTP servers.
Performance / Memory
Performance / Memory
Parameter
Information
Minimum time interval (minutes) between two runs of an "On document update" agent by the Agent Manager.
Minimum time interval (minutes) between two runs of an "On new mail" agent.
Interval (minutes) at which the Agent Manager checks for untriggered "On new mail" agents (catch-up check).
Defines which days of the week the Agent Manager treats as "weekend" (allows a different thread configuration).
Number of parallel threads for the Compact task – speeds up nightly maintenance runs on multi-core systems.
Prevents a temporary backup copy (.BAK) of the NSF from being created during in-place Compact (faster, less disk space – but no rollback possible).
Enables NIFNSF: view indexes are offloaded to a separate .ndx file when databases are created or compacted (relieves the NSF, improves I/O performance).
Forces ODS 52 (Domino 10) when creating or compacting databases.
Forces newly created databases to be created in the Domino 12 ODS format (ODS 54).
New databases are created with ODS 55 (R14 format) – prerequisite for the newest features (e.g. larger attachments, optimizations).
Number of parallel Compact threads the Database Maintenance Tool (dbmt) starts during a maintenance run.
Restricts which NSF databases the Database Maintenance Tool (dbmt) processes – e.g. only mail/*.nsf or only specific directories.
Size of the event pool (memory for the Event task); should be increased on large servers with many monitoring events.
Upper limit for the number of hits returned by a full-text search (FT search) when the caller does not set its own limit.
Disables 'on-the-fly' full-text indexing for search queries against databases without an existing FT index.
Prevents scheduled full-text indexing via the 'Indexer' task.
Prevents documents from being compressed during full-text indexing (higher disk usage, faster search).
Stack size per thread for the HTTP JVM (XPages / Verse) – increase in case of StackOverflowError in deeply nested XPage controls.
Maximum heap size of the Java VM for agents and HTTP tasks.
Sets a hard limit on the shared memory a Notes process (especially the 32-bit Notes Client) is allowed to allocate.
Base path under which the NIFNSF .ndx index files are stored (should be on fast local storage / SSD).
Size (in bytes) of the server's name lookup cache.
Maximum number of simultaneously open file handles for the Notes / Domino process.
Size of the individual shared memory pools (DPools) from which Notes / Domino allocates memory – fine tuning for very large servers.
Sets the size of the NSF buffer pool (cache for database pages) in megabytes – the most important tuning parameter for server performance.
Completely disables the NSF database cache – set only for debugging or in case of cache-related corruption, since performance drops drastically.
Maximum number of databases kept open simultaneously in the NSF database cache.
Minimum number of NSFs the database cache always keeps open – prevents flapping under highly variable load.
Global switch for document locking at the NSF level (in addition to the database property).
Maximum size of a DPool block in the Domino memory manager (64-bit); affects handle limits and memory fragmentation when many NSFs are loaded.
Timeout (in seconds) when opening an NSF database before the operation is aborted.
Threshold for the availability index: below this value the server stops accepting new client sessions (cluster load balancing).
Interval at which the server checks for thread deadlocks and, if needed, automatically triggers an NSD with stack trace.
Maximum expected transaction time (in 1/100 sec); above this value the availability index drops to 0 %.
Maximum number of concurrent transactions the server processes.
Maximum number of concurrently active NRPC sessions on the server.
Maximum number of concurrently logged-in users – additional logins are rejected (SERVER_MAXUSERS_TYPE controls the behavior).
Minimum transaction time (in 1/100 sec) below which the availability index stays at 100 %.
Number of worker threads in the general server task pool – affects throughput of background tasks (agents, events, admin requests).
Default number of server pool tasks per port (network threads).
Time in minutes after which inactive Notes / NRPC sessions are disconnected by the server (frees licenses / resources).
Shows detailed performance statistics on the server console.
Time window (in seconds) over which the transaction statistics for the availability index are averaged.
Time interval (in minutes) at which the Indexer task processes background view updates.
Controls full-text indexing in a separate thread to avoid blocking other operations.
Disables automatic creation / refresh of full-text indexes by the Indexer.
Limits how often a view can be re-updated before the Indexer suppresses it (anti-thrashing).
Time window (minutes) within which a view is no longer rebuilt after multiple updates.
Path for temporary index files when the Indexer rebuilds views.
Suppresses console messages from the HCL Volt task in the server console.
Security / TLS
Security / TLS
Parameter
Information
Temporary directory (local path or UNC) where the Domino server stores ID files during user registration and password changes.
Full-access administrators of the server (corresponds to 'Full Access Administrators' in the Server document).
Local access list: users / groups explicitly allowed on this server (override to the server ACL).
Global access control for passthru connections via this server.
List of servers / users / groups that may use this server as a passthru server (routing).
Notes clients that may use this server as a passthru.
Servers to which passthru connections via this server are allowed.
Polling interval of the CertMgr task in seconds – how often it scans for new / renewable TLS credentials.
Maximum number of HTTP redirects allowed during a Let's Encrypt HTTP-01 challenge by CertMgr.
Skips CertMgr's self-verification of the Let's Encrypt HTTP challenge when the server cannot reach itself via DNS (internal vs. external address).
Number of days before expiry at which CertMgr should automatically renew a TLS certificate (Let's Encrypt / ACME / manual CA).
Causes newly created NSFs to automatically use AES encryption (AES-128 or AES-256) instead of RC4.
Who is allowed to create master templates on this server.
Who is allowed to create replicas on this server.
Excludes pure AD members from security groups during Directory Sync – only registered Domino users are synchronized (new in 14.5.1).
Local deny list: explicitly denied users / groups for this server.
Concrete value of the Content-Security-Policy header that Domino delivers when DOMINO_ENABLE_CSP=1.
Enables sending of the Content-Security-Policy header by the Domino HTTP stack (counterpart to HSTS).
Enables the Domino Credential Store (credstore.nsf) for the encrypted storage of secrets for OAuth / REST / integrations.
Suppresses the display of banner / copyright / version information over SMTP, POP3, IMAP, and HTTP (security hardening).
Enables / disables the execution of Java agents on the server.
Additional search directory for Extension Manager add-ins. From 14.5, Extension Manager add-ins are loaded for security reasons only from the Domino binary directory and the Windows system directories; this parameter allows one additional, trusted path.
Adds the Secure flag to HTTP session and LTPA cookies so that they are transmitted only over HTTPS connections.
Shared secret between the reverse proxy and Domino HTTP, so that upstream headers (e.g. $WSRA, $WSRU) are accepted only from trusted proxies – mandatory from 12.0.1 in combination with HTTPEnableConnectorHeaders.
Disables certain HTTP methods (e.g. TRACE, DELETE, PUT) to harden the web server.
Enables SPNEGO / Kerberos authentication on the Domino HTTP stack – prerequisite for "Single Sign-On via Windows Domain" in Verse and iNotes.
Allows acceptance of connector headers (e.g. $WSRA for reverse-proxy SSO). For security reasons, enable only when the HTTP server is not directly reachable from the Internet.
Sets the max-age value for the HSTS header (Strict-Transport-Security) – forces browsers to use HTTPS exclusively for the configured period.
Disables the automatic backup of the KYR / PEM file when it is written.
Path or filename of the server's or Notes user's ID file.
Stores the password of the server ID file in encrypted form for unattended server start (e.g. with the Domino Server Password Tool).
Logs detailed errors when building the certificate chain.
Enforces Notes Federated Login (NFL) for all Notes Clients. Notes client logon is then only possible via the configured IdP.
Disables the certificate revocation list (CRL) check for SSL/TLS connections – useful when CRL servers are unreachable, but security-critical.
Enables OCSP revocation checks for client certificates during TLS client authentication (HTTPS, SMTP / LDAP STARTTLS).
Controls whether OCSP verification of certificates is skipped.
Permitted clock skew (seconds) between the Domino server and the OIDC provider when validating the id_token.
Duration of the OIDC login session in seconds before the user must re-authenticate with the OIDC provider.
Enables or disables server-wide redirects to the OIDC provider during web login. A value of 0 disables the redirect.
Controls server-side enforcement of Notes ID password quality and password expiration during authentication.
List of operations (e.g. Console, RestrictedAgent) that may only be executed by authorized users.
Allows defining named lists for use with 'RestrictedOperations'.
Forces Domino as a SAML service provider to accept only signed assertions (protection against tampered SSO responses).
Forces internet passwords to be stored in the more secure hash format (salted SHA instead of @Password).
Switches the server into a restricted operating mode (e.g. only admins may connect); the console command 'set restricted' uses this value.
Disables TLS / SSL renegotiation on the Domino server (protection against CVE-2009-3555). Source: HCL KB0036502. Controls whether TLS / SSL renegotiation is allowed on the Domino server. A value of 1 disables renegotiation – recommended to harden the server against SSL renegotiation attacks (CVE-2009-3555). The setting affects, for example, the HTTP task; a restart or 'restart task http' is required after changing the value.
Disables TLS 1.0 for all server protocols (HTTP, SMTP, IMAP, POP3, LDAP) – security hardening.
Disables TLS 1.1 for all server protocols (HTTP, SMTP, IMAP, POP3, LDAP) – should be set on modern servers.
Disables TLS version 1.2 for Domino internet ports.
Disables TLS 1.3 in the Domino TLS stack (counterpart to SSL_DISABLE_TLS_10/11/12; from version 14 onward TLS 1.3 is enabled by default).
Startup / Tasks
Startup / Tasks
Parameter
Information
Server administrator (Distinguished Name).
Interval at which the Administration Process (AdminP) works through its queue.
Time of day at which AdminP runs daily, potentially long-running actions (name / person renames, etc.).
Wait time after server start before the Admin Process (adminp) first becomes active – prevents load on the freshly started server.
Disables mail-related lookups when evaluating new mail trigger agents.
Disables the additional process security check of the Agent Manager (diagnostic use only).
Controls how aggressively the Agent Manager triggers document-update trigger agents.
Maximum number of retries the Agent Manager performs for a failed agent run before giving up and writing an error to the log.
Controls whether AutoUpdate distributes newly available Interim Fixes (IFs) automatically or only reports them for manual approval.
Domino domain name to which the server is assigned.
Interval at which the Events task runs event generators and handlers from events4.nsf.
Indicates the installation type (server vs. client). Set by setup.
Interval in minutes at which the LDAP task re-reads the configuration (directory, schema).
Upper limit for the number of entries the LDAP task returns per search query (DoS protection and performance).
Hierarchical name of the server (certified Common Name).
Status of the initial server setup. Set automatically by the setup program and should not be changed manually.
Defines the server tasks that are loaded automatically when the Domino server starts.
Delays the start of tasks from ServerTasks / ServerTasksAtX to avoid CPU and I/O spikes at boot (staggered start).
Defines time-scheduled server tasks that run automatically at a specific hour (ServerTasksAt1 … ServerTasksAt5).
Scheduled server tasks at the respective full hours (2–12). Counterpart to ServerTasksAt1; each is a comma-separated task list.
First name of the first admin user that is registered automatically during one-touch setup.
Last name of the first admin user that is registered automatically during one-touch setup.
Organization name (O=) for the new certifier hierarchy created during one-touch setup of a first server.
Defines the server type to be created in the new domain document during one-touch setup (OTS) – first server vs. additional server.
Number of parallel index processes the Indexer (Update task) launches.
Transaction Log
Transaction Log
Parameter
Information
Enables (1) or disables (0) the automatic Fixup after a transaction-log recovery at server start.
Maximum number of archive extents in the archive transaction-log style. Limits the disk usage of the archive log.
Maximum total size of the transaction log in megabytes.
Defines the path where the transaction log files are stored (should reside on a dedicated physical volume).
Performance / recovery mode of the transaction log (balance between write throughput and crash recovery).
Enables or disables transactional logging on the Domino server.
Determines the transaction-log mode (circular or archived).
Determines whether the transaction log may use the entire available space on the translog volume.
Parameter
Information
Temporary directory (local path or UNC) where the Domino server stores ID files during user registration and password changes.
Server administrator (Distinguished Name).
Full-access administrators of the server (corresponds to 'Full Access Administrators' in the Server document).
Interval at which the Administration Process (AdminP) works through its queue.
Time of day at which AdminP runs daily, potentially long-running actions (name / person renames, etc.).
Wait time after server start before the Admin Process (adminp) first becomes active – prevents load on the freshly started server.
Local access list: users / groups explicitly allowed on this server (override to the server ACL).
Global access control for passthru connections via this server.
List of servers / users / groups that may use this server as a passthru server (routing).
Notes clients that may use this server as a passthru.
Servers to which passthru connections via this server are allowed.
Disables mail-related lookups when evaluating new mail trigger agents.
Disables the additional process security check of the Agent Manager (diagnostic use only).
Minimum time interval (minutes) between two runs of an "On document update" agent by the Agent Manager.
Controls how aggressively the Agent Manager triggers document-update trigger agents.
Maximum number of retries the Agent Manager performs for a failed agent run before giving up and writing an error to the log.
Minimum time interval (minutes) between two runs of an "On new mail" agent.
Interval (minutes) at which the Agent Manager checks for untriggered "On new mail" agents (catch-up check).
Defines which days of the week the Agent Manager treats as "weekend" (allows a different thread configuration).
Controls whether AutoUpdate distributes newly available Interim Fixes (IFs) automatically or only reports them for manual approval.
Limits the number of busytime lookups per request and the stored time window.
Interval (minutes) at which the busytime task refreshes the free/busy information for schedule lookups.
Polling interval of the CertMgr task in seconds – how often it scans for new / renewable TLS credentials.
Maximum number of HTTP redirects allowed during a Let's Encrypt HTTP-01 challenge by CertMgr.
Skips CertMgr's self-verification of the Let's Encrypt HTTP challenge when the server cannot reach itself via DNS (internal vs. external address).
Number of days before expiry at which CertMgr should automatically renew a TLS certificate (Let's Encrypt / ACME / manual CA).
Sets the time format (12-hour / 24-hour) for Notes / Domino. Affects the display of times in mail, calendar, and logs.
Minimum interval (hours) between cluster probes.
Number of parallel cluster replicator threads on a server in the Domino cluster.
Controls how verbosely Compact actions are logged to the console / log.
Number of parallel threads for the Compact task – speeds up nightly maintenance runs on multi-core systems.
Prevents a temporary backup copy (.BAK) of the NSF from being created during in-place Compact (faster, less disk space – but no rollback possible).
Enables the persistent console log (console.log in the IBM_TECHNICAL_SUPPORT directory).
Maximum number of rotated console log files in the IBM_TECHNICAL_SUPPORT directory (older files are deleted automatically).
Time interval (minutes) at which a timestamp is written to the console log.
Maximum size (in KB) of an individual console.log file before it is rotated.
Causes newly created NSFs to automatically use AES encryption (AES-128 or AES-256) instead of RC4.
Who is allowed to create master templates on this server.
Enables NIFNSF: view indexes are offloaded to a separate .ndx file when databases are created or compacted (relieves the NSF, improves I/O performance).
Forces ODS 52 (Domino 10) when creating or compacting databases.
Forces newly created NSFs on this server to use ODS format 53 (Notes / Domino 11) – compatibility bridge for environments that still contain older clients.
Forces newly created databases to be created in the Domino 12 ODS format (ODS 54).
New databases are created with ODS 55 (R14 format) – prerequisite for the newest features (e.g. larger attachments, optimizations).
Who is allowed to create replicas on this server.
Base path of the DAOS repository where the offloaded NLO files are stored.
Number of days that DAOS NLOs are retained after dereferencing before being permanently deleted ("deferred deletion interval").
Wait time (days) before orphaned NLO files are removed from the DAOS repository.
Enables DAOS (Domino Attachment and Object Service) to consolidate file attachments outside of the NSF.
Enables encryption of new NLO files (DAOS encryption).
Enables encryption of the offloaded DAOS NLO files at the file-system level.
Directory for DAOS installation / migration log files.
Controls the verbosity of DAOS logging (NLO operations, resync, checks).
Minimum size (in bytes) at which a file attachment is offloaded to DAOS.
Path where new NLO files are stored preferentially.
Day of the week on which the DAOS manager runs the full resync.
End time (HH:MM) of the time window for the DAOS resync.
Start time (HH:MM) of the DAOS resync.
Path to the Notes / Domino data directory. Set during setup and should not be changed afterwards.
Defines how verbosely the Fixup task logs corrected notes / views and detected inconsistencies (important for post-crash analysis).
Number of parallel Compact threads the Database Maintenance Tool (dbmt) starts during a maintenance run.
Restricts which NSF databases the Database Maintenance Tool (dbmt) processes – e.g. only mail/*.nsf or only specific directories.
Completely disables Domino Domain Monitoring (DDM) – useful in small environments without central monitoring where DDM overhead should be avoided.
Debug output for the Administration Process (adminp) – shows processing of individual request documents, name changes, certifications, and replica creations.
Extended debug output for the Agent Manager (in addition to DEBUG_AMGR).
Enables Agent Manager debug output for the analysis of scheduled / triggered agents, runtimes, and queue states.
Enables debug output for the Domino backup task (dominobackup.nsf).
Automatically triggers an NSD-style data capture when a semaphore / thread is blocked longer than the specified period.
Enables detailed debug output for the Certificate Manager (CertMgr).
Debug output of the cluster components (Cluster Manager, Cluster Replicator, Cluster Probes) – shows failover decisions and member availability.
Enables verbose debug output of the Compact task (per NSF: start, end, space saved, errors) – helpful for compact issues and ODS upgrades.
Opens a second console window ("Debug Console") with detailed debug output for HCL Support.
Logs all commands sent to the server console, including the sender (local, live console, remote) – audit trail for admin actions.
Debug output of DAOS housekeeping and resync runs (daosmgr resync, daosmgr prune) – shows orphan NLOs and corrected references.
Detailed tracing of the DBMT task (Database Maintenance Tool).
Debug level of the Directory Sync task for synchronization from Active Directory into the Domino directory.
Excludes pure AD members from security groups during Directory Sync – only registered Domino users are synchronized (new in 14.5.1).
Enables detailed tracing of server console processing (DOMINO Console).
Enables debug output for the Domino IQ AI inference task.
Enables debug output for dynamic client / server configuration (DynConfig).
Debug output of the Event task – logs triggered event generators, associated handlers, and sent notifications (SMTP, mail, relay).
Writes additional diagnostic information to the console during a fault recovery (crash handling, NSD start, automatic restart).
Detailed tracing of full-text indexing and search.
Debug output of the full-text indexer (Update / UpdAll task) – reports per database start / end, document count, and errors during index build or incremental update.
Enables memory heap checks to diagnose memory errors (significant performance impact).
Logs HTTP response headers and status codes returned by the Domino HTTP stack – counterpart to DEBUG_HTTPINOUT, focused on the response side.
Writes all incoming HTTP request and outgoing response headers to the Debug_Outfile – the basis for analyzing reverse-proxy, XPages, and Verse issues.
Debug output of the LDAP task: bind attempts, search filters, schema lookups, and referrals.
Enables detailed tracing for LTPA token handling (SSO with WebSphere / Sametime).
Enables the router's detailed mail-trace logging (per recipient: lookup, hop, delivery decision).
Enables debug output of the NAMELookup API (directory resolution, group expansion, Directory Assistance) – the most important tool for authentication and ACL issues.
Enables protocol debugging at the NRPC transport layer (Notes Remote Procedure Call) – shows session setup, keepalives, and auth handshakes between Notes client and server.
Enables all NSF subsystem debug output.
Debug output during ODS upgrades (compact -c) and ODS-specific operations – shows old / new version per NSF and upgrade errors.
Enables debug output for the OIDC provider and OIDC client functionality introduced in 14.5 – shows token requests, ID-token claims, and IdP catalog lookups.
Enables debug output for OIDC authentication against the ID Vault.
Enables debug output for OIDC login on the Domino web server. Higher values = more detail.
Redirects debug / console output to a specified file (for troubleshooting and HCL Support).
Creates a separate, timestamped Debug_Outfile file at every server start instead of overwriting the existing one.
Enables debug output for policy processing on server and client.
Enables very verbose debug output of the replicator (per database, per document, per note class) – enable only temporarily, since the logs grow rapidly.
Logs per replicated note which note ID / UNID was transferred from which server into which target database – helpful for disputed replication conflicts.
Enables debug output of the Domino REST API ("Project Keep" / DRAPI) – logs JSON endpoints, token validation, and runtime errors.
Debug mode for the execution of agents on the server.
Logs the complete SAML federated login flow: metadata parsing, assertion validation, signature / encryption checks, attribute mapping.
Logs the entire server startup sequence (memory init, port binding, task start) – the primary tool for startup errors or hung services.
Logs setup, duration, and end of NRPC sessions including bytes-in / bytes-out per session – helpful for detecting session leaks and long-lived connections.
Logs the complete shutdown sequence of the server (task order, blocks, timeouts) – helpful when "quit" / "exit" hangs at the console.
Trace level for diagnosing LTPA / SSO token decoding and validation.
Detailed task statistics on the console. Shows current task actions.
Tracing of the TCP / IP layer (connection setup, errors).
Augments console / log messages with PID and thread ID (very helpful for multi-thread debugging).
Enables debug output of the shared thread pool (event pool, scheduler, agent manager, etc.) – helpful for performance issues with hung tasks.
Detailed logging for server threads.
Enables detailed TLS handshake logging (certificate chain, cipher negotiation, alerts) – the new successor to DEBUG_SSL_ALL with the OpenSSL backend.
Logs per XPages request the start time, runtime, and memory consumption – helpful for identifying slow XPages / Verse operations.
Default mail template used for newly registered users.
Local deny list: explicitly denied users / groups for this server.
FQDN that the DIIOP task publishes to clients in the IOR – important in NAT / reverse-proxy environments.
Sets the data directory of the Domino server or Notes client (NSFs, notes.ini, IDs).
Disables caching of DAOS NLO file handles (for error diagnosis, with performance impact).
List of disabled ports (configured but not loaded).
Disables the mail recall function server-wide. Prevents users from withdrawing messages that have already been delivered.
Domino domain name to which the server is assigned.
Enables the extended HTTP access log in Combined / CLF format in addition to domlog.nsf – directly available via log rotation.
Concrete value of the Content-Security-Policy header that Domino delivers when DOMINO_ENABLE_CSP=1.
Enables sending of the Content-Security-Policy header by the Domino HTTP stack (counterpart to HSTS).
Allows fully overriding the HSTS header (Strict-Transport-Security).
Disables caching of Web Site Rule / Web Site Document changes in the HTTP stack so that changes in names.nsf take effect immediately (without tell http refresh).
Sets the X-Permitted-Cross-Domain-Policies header for HTTP responses.
Sets the Referrer-Policy header for HTTP responses.
Sets the X-Content-Type-Options header (e.g. 'nosniff') for HTTP responses.
Path / file name of the current log file of the Domino Controller (dctrl); rotated on every restart.
Enables the Domino Credential Store (credstore.nsf) for the encrypted storage of secrets for OAuth / REST / integrations.
Log level of the Domino IQ task (LLM / RAG integration).
Suppresses the display of banner / copyright / version information over SMTP, POP3, IMAP, and HTTP (security hardening).
Enables / disables the execution of Java agents on the server.
Encrypts incoming mail for all recipients on this server.
Size of the event pool (memory for the Event task); should be increased on large servers with many monitoring events.
Interval at which the Events task runs event generators and handlers from events4.nsf.
Additional search directory for Extension Manager add-ins. From 14.5, Extension Manager add-ins are loaded for security reasons only from the Domino binary directory and the Windows system directories; this parameter allows one additional, trusted path.
Enables fault recovery: the Domino server automatically restarts itself after a crash and produces an NSD.
Upper limit for the number of hits returned by a full-text search (FT search) when the caller does not set its own limit.
Disables 'on-the-fly' full-text indexing for search queries against databases without an existing FT index.
Prevents scheduled full-text indexing via the 'Indexer' task.
Prevents documents from being compressed during full-text indexing (higher disk usage, faster search).
Indexes fields in the full-text index even when they are marked as 'noindex'. Required for Domino IQ RAG.
Maximum number of active HTTP worker threads on the Domino web server.
Specifies which DSAPI filters should be loaded in advance at HTTP startup – avoids longer load times on the first request.
Adds the Secure flag to HTTP session and LTPA cookies so that they are transmitted only over HTTPS connections.
Allows or blocks double URL decoding or % characters in URL paths – a protection against certain HTTP smuggling and path-traversal attacks.
Shared secret between the reverse proxy and Domino HTTP, so that upstream headers (e.g. $WSRA, $WSRU) are accepted only from trusted proxies – mandatory from 12.0.1 in combination with HTTPEnableConnectorHeaders.
Writes only the most recent HTTP request to the HTTP debug log – useful when reproducing specific errors.
Disables HTTP Basic authentication on the Domino HTTP task.
Disables certain HTTP methods (e.g. TRACE, DELETE, PUT) to harden the web server.
Disables the HTTP TRACE method on the web server (security hardening against cross-site tracing).
Disables the automatic setting of the X-Frame-Options header.
Enables SPNEGO / Kerberos authentication on the Domino HTTP stack – prerequisite for "Single Sign-On via Windows Domain" in Verse and iNotes.
Allows acceptance of connector headers (e.g. $WSRA for reverse-proxy SSO). For security reasons, enable only when the HTTP server is not directly reachable from the Internet.
Enables preloading of XPages applications when the HTTP task starts (faster first page request).
Enables the 'includeSubDomains' attribute in the HSTS response header.
Sets the max-age value for the HSTS header (Strict-Transport-Security) – forces browsers to use HTTPS exclusively for the configured period.
Maximum Java heap size for the HTTP JVM (relevant for XPages, Domino REST API, Java servlets).
Stack size per thread for the HTTP JVM (XPages / Verse) – increase in case of StackOverflowError in deeply nested XPage controls.
Enables HTTP Keep-Alive – multiple HTTP requests over the same TCP connection (significant performance improvement).
Size of the internal queue for HTTP log entries.
List of URL paths / patterns that should not appear in the HTTP access log (e.g. health-check URLs).
Configures the format / behavior of the HTTP access log.
Limits the number of concurrent HTTP connections per source IP address to mitigate DoS effects.
Maximum size (in bytes) of an HTTP request body – limits, among other things, file uploads in XPages, Verse, and the Domino REST API.
Limits the number of HTTP requests served over a single Keep-Alive connection before the connection is closed.
Prevents the creation of HTTP sessions (disables Single Sign-On / session authentication).
Enables server-side processing of redirect rules.
Delivers a simplified HTML rendering of Notes documents without Notes-specific elements.
Forces 'Connection: close' for all HTTP responses. Helps with reverse-proxy issues but disables Keep-Alive.
Interval in minutes at which the IMAP task re-reads configuration changes from the Server document.
Blocks individual users from accessing iNotes / Verse.
Enables logging of all AJAX requests between the iNotes / Verse browser and the server – helpful for UI issues and timeouts.
Fallback language of the iNotes / Verse UI when the browser does not send a matching Accept-Language and the user has no personal setting.
List of iNotes / Verse-on-Web functions that are hidden from users (feature restriction in the web client).
URL to which iNotes / Verse should redirect after logout (e.g. central portal or IdP logout page).
Maximum size of a single file that iNotes / Verse users may upload via the browser.
Maximum heap size of the Java VM for agents and HTTP tasks.
Class path for Java agents and Java code on the Domino server / Notes client.
Disables the automatic backup of the KYR / PEM file when it is written.
Path or filename of the server's or Notes user's ID file.
Stores the password of the server ID file in encrypted form for unattended server start (e.g. with the Domino Server Password Tool).
Indicates the installation type (server vs. client). Set by setup.
Version identifier of the installed Notes / Domino kit. Written by the installer.
Disables the LDAP query result cache so that directory updates take effect immediately in LDAP (at the cost of performance).
Interval in minutes at which the LDAP task re-reads the configuration (directory, schema).
Enables debug output for the LDAP task.
Upper limit for the number of entries the LDAP task returns per search query (DoS protection and performance).
Defines the log database (log.nsf) including retention options; classic Notes / Domino log configuration.
Controls logging of Agent Manager activity (executed agents, schedules, errors).
Logs incoming and outgoing NRPC connections in log.nsf (setup, duration, protocol).
Verbosity of mail routing: controls how much detail the router writes about events (deliveries, connections, errors) to log.nsf and the console.
Controls the level of detail in replication logging written to log.nsf.
Logs individual user sessions (logins / connections) to log.nsf and to the console.
Periodically writes the status of all server tasks to log.nsf and the console (similar to 'show tasks').
Verbosity of the indexer / Updater: controls how much detail the Updater / UpdAll task writes to the console and log.nsf.
Directory for HTTP and other debug log files. Default is IBM_TECHNICAL_SUPPORT in the data directory.
Logs detailed errors when building the certificate chain.
Number of days that undeliverable messages are held in MAIL.BOX before they are marked as dead mail.
Additionally writes mail routing messages to the Miscellaneous Events log (log.nsf).
Enables automatic mail failover in a Domino cluster.
Detailed tracing of mail processing (Router, Mail Box).
Disables mail encryption server-wide (for diagnostics or migrations).
When a mail hold is enabled (router paused), only undeliverable mail is held in mail.box, while normal deliveries continue unchanged.
Enables journaling of all mails handled by the router (compliance / archiving).
Maximum number of parallel router threads (delivery to local mail databases).
Maximum age (days) of messages in MAIL.BOX before they are marked as undeliverable.
Enables strict Content-ID resolution for MIME inline images; prevents incorrectly referenced attachments from being shown in mails.
Base path under which the NIFNSF .ndx index files are stored (should be on fast local storage / SSD).
Size (in bytes) of the server's name lookup cache.
Disables the certificate revocation list (CRL) check for SSL/TLS connections – useful when CRL servers are unreachable, but security-critical.
Enables debug output for internal Domino queues and thread pools.
Maximum number of simultaneously open file handles for the Notes / Domino process.
Size of the individual shared memory pools (DPools) from which Notes / Domino allocates memory – fine tuning for very large servers.
Sets the size of the NSF buffer pool (cache for database pages) in megabytes – the most important tuning parameter for server performance.
Completely disables the NSF database cache – set only for debugging or in case of cache-related corruption, since performance drops drastically.
Maximum number of databases kept open simultaneously in the NSF database cache.
Minimum number of NSFs the database cache always keeps open – prevents flapping under highly variable load.
Global switch for document locking at the NSF level (in addition to the database property).
Maximum size of a DPool block in the Domino memory manager (64-bit); affects handle limits and memory fragmentation when many NSFs are loaded.
Logs when NSF databases are removed from the database cache and closed – helpful for evaluating cache tuning (MaxEntries / MinEntries).
Timeout (in seconds) when opening an NSF database before the operation is aborted.
Enables OCSP revocation checks for client certificates during TLS client authentication (HTTPS, SMTP / LDAP STARTTLS).
Controls whether OCSP verification of certificates is skipped.
Permitted clock skew (seconds) between the Domino server and the OIDC provider when validating the id_token.
Duration of the OIDC login session in seconds before the user must re-authenticate with the OIDC provider.
Enables or disables server-wide redirects to the OIDC provider during web login. A value of 0 disables the redirect.
Controls server-side enforcement of Notes ID password quality and password expiration during authentication.
Enables Platform Statistics (CPU, memory, disk, network) – viewable in domlog.nsf / ServerHealth.
Interval in minutes at which the POP3 task re-reads its configuration.
List of enabled network ports used by Notes / Domino (order = priority).
Forces the replicator to respect the quota settings of a target NSF and to stop writing documents once the limit is reached.
Number of retries the replicator performs after a failed push replication (e.g. for transient network issues between cluster nodes).
Maximum duration (minutes) for a single replication run – if it runs longer, replication is aborted and resumed later.
List of operations (e.g. Console, RestrictedAgent) that may only be executed by authorized users.
Allows defining named lists for use with 'RestrictedOperations'.
Adds counters of transferred / rejected / journaled mails to the router log after each message processing – useful for reporting and event monitoring.
Maximum number of router delivery attempts before a message is marked as definitively undeliverable and returned via NDR.
Prevents emptying / compacting an empty mail.box at router startup – useful on reverse-proxy edge servers that only forward mails.
Allows concurrent mail transfers to all external domains, not only to configured hosts.
Timeout (in seconds) for the router's SMTP commands sent to external hosts.
Blocks routing to the specified domains.
Suppresses sending of Non-Delivery Reports (NDR) by the router – useful to avoid backscatter spam.
Maximum number of concurrent mail-router transfer threads to a single target server.
Interval (in minutes) for the router's path check (verifying the routing topology).
Forces Domino as a SAML service provider to accept only signed assertions (protection against tampered SSO responses).
Prevents the Schedule task from automatically creating or updating Calendar profiles in other users' mail databases.
Enables debug output for the Scheduler task (calendar availability, free-time lookups, busytime.nsf / clubusy.nsf access).
Forces internet passwords to be stored in the more secure hash format (salted SHA instead of @Password).
Threshold for the availability index: below this value the server stops accepting new client sessions (cluster load balancing).
Default port for cluster communication.
Interval (in minutes) at which cluster mates probe each other to determine availability and latency.
Maximum wait time (in minutes) between cluster probe cycles – determines how quickly a failed cluster mate is detected.
Interval at which the server checks for thread deadlocks and, if needed, automatically triggers an NSD with stack trace.
Maximum expected transaction time (in 1/100 sec); above this value the availability index drops to 0 %.
Maximum number of concurrent transactions the server processes.
Maximum number of concurrently active NRPC sessions on the server.
Maximum number of concurrently logged-in users – additional logins are rejected (SERVER_MAXUSERS_TYPE controls the behavior).
Minimum transaction time (in 1/100 sec) below which the availability index stays at 100 %.
Number of worker threads in the general server task pool – affects throughput of background tasks (agents, events, admin requests).
Default number of server pool tasks per port (network threads).
Switches the server into a restricted operating mode (e.g. only admins may connect); the console command 'set restricted' uses this value.
Time in minutes after which inactive Notes / NRPC sessions are disconnected by the server (frees licenses / resources).
Shows detailed performance statistics on the server console.
Adds an extra header line to the 'show performance' console command.
Shows user activity on the console (User Activity).
Time window (in seconds) over which the transaction statistics for the availability index are averaged.
Hierarchical name of the server (certified Common Name).
Status of the initial server setup. Set automatically by the setup program and should not be changed manually.
Defines the server tasks that are loaded automatically when the Domino server starts.
Delays the start of tasks from ServerTasks / ServerTasksAtX to avoid CPU and I/O spikes at boot (staggered start).
Defines time-scheduled server tasks that run automatically at a specific hour (ServerTasksAt1 … ServerTasksAt5).
Scheduled server tasks at the respective full hours (2–12). Counterpart to ServerTasksAt1; each is a comma-separated task list.
First name of the first admin user that is registered automatically during one-touch setup.
Last name of the first admin user that is registered automatically during one-touch setup.
Organization name (O=) for the new certifier hierarchy created during one-touch setup of a first server.
Defines the server type to be created in the new domain document during one-touch setup (OTS) – first server vs. additional server.
Shows detailed task information (including sub-threads) in 'show tasks' and other console output.
Shows the current progress (percent) per database on the console during a compact run.
Logs the entire SMTP dialog (HELO/EHLO, MAIL FROM, RCPT TO, DATA) to the console / Debug_Outfile – the central tool for mail routing problems.
Sets the SMTP greeting text (220 banner) of the Domino SMTP listener – useful for hiding product / version information.
Enables or disables the inbound SMTP listener, overriding the Server document – useful for emergency shutdowns or cluster-specific configurations.
TCP port on which the Domino SMTP listener accepts connections (default 25).
Logs the TLS version and the negotiated cipher suite for every incoming and outgoing SMTP connection – useful for compliance and interoperability evidence.
Maximum number of concurrent inbound SMTP connections.
Maximum recipients per inbound SMTP message (protection against mail bombing / spam).
Maximum number of recipients per inbound SMTP message.
Whitelist of hosts / domains that are allowed to relay through the server.
Interval at which the router forwards outbound mail from mail.box to external SMTP servers.
Disables TLS / SSL renegotiation on the Domino server (protection against CVE-2009-3555). Source: HCL KB0036502. Controls whether TLS / SSL renegotiation is allowed on the Domino server. A value of 1 disables renegotiation – recommended to harden the server against SSL renegotiation attacks (CVE-2009-3555). The setting affects, for example, the HTTP task; a restart or 'restart task http' is required after changing the value.
Disables TLS 1.0 for all server protocols (HTTP, SMTP, IMAP, POP3, LDAP) – security hardening.
Disables TLS 1.1 for all server protocols (HTTP, SMTP, IMAP, POP3, LDAP) – should be set on modern servers.
Disables TLS version 1.2 for Domino internet ports.
Disables TLS 1.3 in the Domino TLS stack (counterpart to SSL_DISABLE_TLS_10/11/12; from version 14 onward TLS 1.3 is enabled by default).
Defines the elliptic curves (EC key-exchange groups) accepted by the OpenSSL-based TLS stack and their order.
Allows legacy clients without RFC 5746 support to continue using insecure TLS renegotiation – use only as a temporary transition until clients are upgraded.
Allows TLS renegotiation for inbound connections.
Defines the TLS / SSL cipher suites supported by Domino (overrides the default list).
Configuration of the TCP/IP port (bound IP address / hostname and port number for NRPC, default 1352).
Temporary working directory for Notes / Domino processes (e.g. for installation and compact operations).
Allows or denies TLS renegotiation in the Domino TLS stack (disabled by default for security reasons).
User-defined list of permitted TLS cipher suites (overrides the values from the Server document / Internet Site).
Enables (1) or disables (0) the automatic Fixup after a transaction-log recovery at server start.
Maximum number of archive extents in the archive transaction-log style. Limits the disk usage of the archive log.
Maximum total size of the transaction log in megabytes.
Defines the path where the transaction log files are stored (should reside on a dedicated physical volume).
Performance / recovery mode of the transaction log (balance between write throughput and crash recovery).
Enables or disables transactional logging on the Domino server.
Determines the transaction-log mode (circular or archived).
Determines whether the transaction log may use the entire available space on the translog volume.
List of trusted servers whose authentication is accepted as 'on-behalf-of' (e.g. for DOLS).
Time interval (in minutes) at which the Indexer task processes background view updates.
Number of parallel index processes the Indexer (Update task) launches.
Controls full-text indexing in a separate thread to avoid blocking other operations.
Disables automatic creation / refresh of full-text indexes by the Indexer.
Limits how often a view can be re-updated before the Indexer suppresses it (anti-thrashing).
Time window (minutes) within which a view is no longer rebuilt after multiple updates.
Path for temporary index files when the Indexer rebuilds views.
Suppresses console messages from the HCL Volt task in the server console.
Validates the IP address against the session token for HTTP authentication (anti session-hijacking).
Lifetime of an HTTP session (in minutes) before the user has to re-authenticate.
Enables extended HTTP statistics in domlog.nsf and platform statistics.
List of databases whose XPages are preloaded after server start (faster first response time).
Parameter
Information
Enables display of execution times (operation durations) in the Notes Client status bar – helpful for performance analysis.
Sets the time format (12-hour / 24-hour) for Notes / Domino. Affects the display of times in mail, calendar, and logs.
Language and country code setting of the client (locale).
Causes newly created NSFs to automatically use AES encryption (AES-128 or AES-256) instead of RC4.
Forces ODS 52 (Domino 10) when creating or compacting databases.
Forces newly created databases to be created in the Domino 12 ODS format (ODS 54).
New databases are created with ODS 55 (R14 format) – prerequisite for the newest features (e.g. larger attachments, optimizations).
Path to the Notes / Domino data directory. Set during setup and should not be changed afterwards.
Enables debug output for dynamic client / server configuration (DynConfig).
Enables protocol debugging at the NRPC transport layer (Notes Remote Procedure Call) – shows session setup, keepalives, and auth handshakes between Notes client and server.
Redirects debug / console output to a specified file (for troubleshooting and HCL Support).
Creates a separate, timestamped Debug_Outfile file at every server start instead of overwriting the existing one.
Enables debug output for policy processing on server and client.
Augments console / log messages with PID and thread ID (very helpful for multi-thread debugging).
Sets the data directory of the Domino server or Notes client (NSFs, notes.ini, IDs).
List of disabled ports (configured but not loaded).
Disables the automatic update check / installation (AutoUpdate) of the Notes client.
Enables the "Search this View" function newly introduced in Notes 14.5 in the workspace. A value of 0 disables the feature.
Enables the XPages runtime in the Notes client (XPiNC) so that XPages applications can run locally in the rich client.
Forces full conversion of doclinks (e.g. into MIME).
Maximum heap size of the Java VM for agents and HTTP tasks.
Class path for Java agents and Java code on the Domino server / Notes client.
Path or filename of the server's or Notes user's ID file.
Indicates the installation type (server vs. client). Set by setup.
Version identifier of the installed Notes / Domino kit. Written by the installer.
Currently active Location document of the Notes client – controls mail mode, replication, and ports.
Controls encryption of outgoing emails by the Notes Client.
Controls the encryption of saved emails (Sent / Drafts) in the Notes Client.
Path / name of the Notes user's mail file (relative to the data directory of the mail server).
Name of the Notes user's mail server (home server of the mail file).
Sets a hard limit on the shared memory a Notes process (especially the 32-bit Notes Client) is allowed to allocate.
Enables strict Content-ID resolution for MIME inline images; prevents incorrectly referenced attachments from being shown in mails.
Enforces Notes Federated Login (NFL) for all Notes Clients. Notes client logon is then only possible via the configured IdP.
Disables the certificate revocation list (CRL) check for SSL/TLS connections – useful when CRL servers are unreachable, but security-critical.
Maximum number of simultaneously open file handles for the Notes / Domino process.
Sets the size of the NSF buffer pool (cache for database pages) in megabytes – the most important tuning parameter for server performance.
Maximum number of databases kept open simultaneously in the NSF database cache.
List of enabled network ports used by Notes / Domino (order = priority).
Controls the stacking of application icons in the Workspace (multiple replicas of a database).
Defines the default font family for the Notes Client; from 14.5.1 onward, 'Inter Medium' is the new default font (part of the UI refresh).
Configuration of the TCP/IP port (bound IP address / hostname and port number for NRPC, default 1352).
Temporary working directory for Notes / Domino processes (e.g. for installation and compact operations).
Suppresses console messages from the HCL Volt task in the server console.
Custom title for the server console window – useful for distinguishing multiple instances.