I am trying to login remotely into Domino with standalone Java program. I have ncso.jar (and TrustedCerts.class) in classpath.

The DIIOP_IOR.TXT file is generated by the diiop task. If I copy the file contents directly into my program and try creating the session like this:

String ior = "IOR:....." // 404 bytes
Session session = NotesFactory.createSessionWithIOR(ior, "username", "password");

the result is:

org.omg.CORBA.COMM_FAILURE: java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine Host: poseidon.heeros.com Port: 0  vmcid: 0x0  minor code: 1  completed: No

The server name is valid but port 0 seems odd. I tried an online decoder at http://www2.parc.com/istl/projects/ILU/parseIOR/ and here is the result:

object key is <#048525651a-ec68-106c-eee0-007e2d2233b5#00LotusNOI#01#00#01>;
no trustworthy most-specific-type info; unrecognized ORB type;
reachable with IIOP 1.1 at host "poseidon.heeros.com", port 0

...which seems to confirm that the port is incorrect. I have specified the server URL in Internet Sites with an IIOP Site document but there is no field for port there.

Questions:

1. Where do I set the port that appears in diiop_ior.txt?
2. Which port should I specify? (I'm guessing 1352)

EDIT

Here is the result of tell diiop show config on server:

Dump of Domino IIOP (DIIOP) Configuration Settings

Full Server Name:  CN=Afrodite/O=Heeros
Common Server Name:  Afrodite/Heeros
Refresh Interval:  3 minutes

Host Full Name:  poseidon.heeros.com
Host Short Name:  poseidon
Host Address:  10.163.0.146
Public Host Name/Address:  poseidon.heeros.com

TCP Port:  0      Disabled
SSL Port:  63149  Enabled
Initial Net Timeout: 120 seconds
Session Timeout:  60 minutes
Client Session Timeout:  62 minutes

Allow Ambiguous Names:  True
Web Name Authentic:  False
User Lookup View:  ($Users)
Allow Database Browsing:  False

Internet Sites:  Enabled

Internet Site Name:  Heeros
Site Config Loaded from:  Domino IIOP and Web Internet Site documents
Site is Default:  False
Site Public Host Name/Address:  poseidon.heeros.com
Site IOR File:  D:\Lotus\Domino\data\domino\html\diiop_ior.txt
Site SSL Key File:  D:\Lotus\Domino\data\heeros.kyr
Site Java Key File:  D:\Lotus\Domino\data\domino\java\TrustedCerts.class
Site TCP Name/Password Allowed:  False
Site TCP Anonymous Allowed:  False
Site SSL Name/Password Allowed:  True
Site SSL Anonymous Allowed:  True
Site Multi-Server Session Authentication:  Enabled
Site Multi-Server Session Configuration:  LtpaToken

Single Server Cookies:  Disabled

It seems that the correct port number is 63148. It must be specified in Server Document at Ports --> Internet Ports --> DIIOP as "TCP/IP port number".

Additionally, in the IIOP Site document, the TCP Authentication must be allowed.

In my experience DIIOP doesn't use SSL/TLS at all. Only the DIIOP_IOR.TXT is downloaded via SSL/TLS. Capture your network traffic with Wireshark or something similar and monitor: port 63148 or port 63149. @lauri-laanti : Could you please test in your environment if the connection is encrypted with wireshark?

Wireshark Ourput: GIOP createSession with Username and Password (Blanked with X)

0000   00 50 56 69 f5 2b 00 50 56 c0 00 02 08 00 45 00  .PVi.+.PV.....E.
0010   00 c0 0d 06 40 00 80 06 bb ca c0 a8 58 01 c0 a8  ....@.......X...
0020   58 15 d2 e0 f6 ac ef b6 47 e8 13 10 53 10 50 18  X.......G...S.P.
0030   01 00 29 bb 00 00 47 49 4f 50 01 00 00 00 00 00  ..)...GIOP......
0040   00 8c 00 00 00 00 00 00 00 05 01 00 00 00 00 00  ................
0050   00 31 04 38 35 32 35 36 35 31 61 2d 65 63 36 38  .1.8525651a-ec68
0060   2d 31 30 36 63 2d 65 65 65 30 2d 30 30 37 65 32  -106c-eee0-007e2
0070   64 32 32 33 33 62 35 00 4c 6f 74 75 73 4e 4f 49  d2233b5.LotusNOI
0080   01 00 01 00 00 00 00 00 00 0e 63 72 65 61 74 65  ..........create
0090   53 65 73 73 69 6f 6e 00 00 00 00 00 00 00 00 00  Session.........
00a0   00 01 00 00 00 00 00 00 00 01 00 00 00 0f 00 00  ................
00b0   00 06 00 61 00 64 00 6d 00 69 00 6e 00 00 00 00  ...a.d.m.i.n....
00c0   00 06 00 XX XX XX XX XX XX XX XX XX XX 00        ...XXXXXXXXXX.

Java Code used:

_diiop_args = new String[]{"-ORBEnableSSLSecurity", "-HTTPEnableSSLSecurity"}; 
String ior = NotesFactory.getIOR(_diiop_host + ":" + _diiop_port, 
    _diiop_args, _user_name, _user_pass);
_session = NotesFactory.createSessionWithIOR(ior, _user_name, _user_pass);