Solved

Groupwise 6.5 - Logging in to post office

Posted on 2003-11-07
43
796 Views
Last Modified: 2007-12-19
Hi,

I've been asked to build a test Netware/Groupwise system, with damn all information on how to do this (typical). I've read the manual, and followed through the installation. I now have the Post Office Agent and Mail Transport Agent running on my server. On the client, I have installed GroupWise 6.5, but whenever I double click on the icon on the desktop, it won't connect correctly.

When I first did this, trying to log into the account 'admin' it told be that the password was incorrect. This happened repeatedly, so I reset the 'admin' user's password. Still didn't work. I reset the 'admin' user's Groupwise password. Again, this didn't work.

So, instead I created a new user, 'Andy', which is identical to 'admin' in everything I can see. It resides in the same context, and it is visible as part of the same Post Office in ConsoleOne.

When I try to log in using this user, I am told that 'Andy' does not exist. As mentioned above, it appears to be identical to 'admin', so I am at a loss. It is in the same post office, so how can 'Andy' not exist? Why can I not open Groupwise successfully.

Like I say, the POA does appear to be running - it's log shows the failed login attempts.

Any help would be greatly appreciated (hence all the points)

Thanks, Andy



0
Comment
Question by:Andy_Neodynium
  • 18
  • 14
  • 9
  • +1
43 Comments
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Hey, Andy. I recently built a test GroupWise system as well, in preparation for a 1200 mailbox deployment across an entire state. Let's see if we can't figger this out.

First, I'm not sure if you realize that GroupWise and NDS passwords are separate creatures. GroupWise maintains its own username/password database, one that it will synch with NDS if NDS is available (GroupWise is designed to be able to run in a non-NDS environment, with higher administration costs). So when you say you're changing the password, do be sure that you're changing the GroupWise password, and not the NDS password. They are two different tabs in the object screen of ConsoleOne (unless you're using the GroupWise view, in which case the GW password is the only one you can change). Note that NWADMIN cannot be used to administrate GroupWise v6.5.

The fact that the POA logging screen is showing the failed attempts tells me that the GroupWise client is, in fact, connecting with the POA. Even if the user resides in a different POA than the one contacted, the POA should be able to connect the client with the proper POA.

Do be sure that timesync is operating correctly in the NDS tree and on the server(s) where GroupWise resides. I had some administration difficulties with my test GW environment traced back to timesync being out of whack.

Are you running the POA in High Security mode? At its highest level of security, GroupWise will not permit someone to login to GroupWise unless they are also authenticated to the workstation with the corresponding user name.
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
In addition to what PsiCop has said, a little more detail on how you set up your test GW system would be nice to know in helping you work through this.

In creating your test environment, did you establish a test tree or at least a test container within your tree?  Are all TEST objects (GW domain, PO, users, etc) part of the test tree/OU? What NetWare and DS versions are you running?  What is the client OS?  Are you using the NetWare client?  If yes, what version/SP?  What protocol(s) are running?


0
 
LVL 2

Author Comment

by:Andy_Neodynium
Comment Utility
Hey guys, thanks for the response.

Okay, extra information.

2 Machines - 1 Netware Server, for both Netware and GroupWise. I created a test tree, and test container, and the GWDomain and Post Office, users, etc. are all part of the same tree. Shown in screenshots (see below)

1 Window 2000 Server Virtual Machine client. This is running in VMWare 4.0. It is using the netware client, and is the only client. Netware Client Version is 4.90.

Not sure how to determine NDS Version, or Netware version. The CD says 6.5.

I haven't applyied any Service packs to the client - and again, I'm not sure to find out what it has.

Protocols - again, don't know how to determine this. I did have to install SNMP on the client, prior to installing groupwise. Otherwise, I think it is just using TCP/IP. (Can you guess that I don't know much about Netware?)

Actually, just thinking - I didn't really have to do much configuration with Netware. I installed the server, which was pretty easy, and then I installed the client on the client machine, which was pretty easy too. Should there have been more configuration? Or am I too suspicious of easy to install software?

Um, what else? I have assigned the Novell Server an IP address of 192.168.1.198 on our network, though most of the network runs on DHCP. As a company we use Windows networking normally.

Regarding Timesyncing - well, given that there is only the one server for Netware and Groupwise, presumably this wouldn't be a problem? Or do I misunderstand? Oh, and there only is the one Post Office.

Re Passwords - I did know that Netware and Groupwise had different passwords, although I'm not sure if they are synching. To be sure, I set the both to be the same (that highly secure 'password').

Regarding the POA security - I didn't even know that it had different security levels? How do I find out about those?

Hmm, screenshots might make this easier. I've put some <a href="http://www.neodynium.com/Novell/">Here (.png)</a> if that helps.

Thanks again...
0
 
LVL 2

Author Comment

by:Andy_Neodynium
Comment Utility
Further info - on the DELTANOVELL server item in the container I created, it's properties for General-Server information say:

Server Version: Novell Netware 5.70[DS]
NDS Version: 1051064
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
Go to http://www.novell.com/documentation/ and double-check what you have done in the planning and implementation of GroupWise.

Also, pay special attention to http://www.novell.com/documentation/lg/consol13/index.html so you can become more familiar with ConsoleOne, before paying the same special attention to the section in the GroupWise manual where it discusses the GroupWise management tools.

Novell products are definitely easier to install and configure than they used to be, but successful design and deployment is still more complex than those only familiar with Microsoft's way of doing things might imagine.

The extra effort up front pays off, though, in better security, more uptime and less ongoing administrative issues.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
"1 Netware Server, for both Netware and GroupWise. I created a test tree, and test container, and the GWDomain and Post Office, users, etc. are all part of the same tree."

OK, so far, so good. Sounds a lot like my test environment.

"1 Window 2000 Server Virtual Machine client. This is running in VMWare 4.0. It is using the netware client, and is the only client. Netware Client Version is 4.90."

This really doesn't matter. Its the GroupWise Client that logs into the Post Office. The NetWare Client is completely uninvolved (unless you're in that high security mode I mentioned).

"Not sure how to determine NDS Version, or Netware version. The CD says 6.5."

Sounds like you're running NetWare v6.5. To confirm, at the server's console prompt, type "VERSION" and hit ENTER. But based on the eDirectory build # you give below (which corresponds to eDirectory v8.7.1) you're running NetWare v6.5.

Just FYI (I don't think it has anything to do with your Question), Support Pack 1 was just released for GroupWise v6.5.

"I haven't applyied any Service packs to the client - and again, I'm not sure to find out what it has."

Since the client isn't really involved in the equation I don't think this matters.

"Protocols - again, don't know how to determine this. I did have to install SNMP on the client, prior to installing groupwise. Otherwise, I think it is just using TCP/IP. (Can you guess that I don't know much about Netware?)"

NetWare, and indeed all Novell products, prefer TCP/IP. Many products, NetWare included, continue to support IPX in a legacy fashion. GroupWise is designed to work best via a TCP/IP-based Client/Server connection.

"I didn't really have to do much configuration with Netware. I installed the server, which was pretty easy, and then I installed the client on the client machine, which was pretty easy too. Should there have been more configuration? Or am I too suspicious of easy to install software?"

You CAN tweak NetWare considerably. Whether or not its worth the time and effort to do that is a different question. That depends on what you're using it for, and for how many clients, and how the environment is put together. For what you're doing (a test GroupWise environment) the defaults should be fine.

"I have assigned the Novell Server an IP address of 192.168.1.198 on our network, though most of the network runs on DHCP."

Yes, the NetWare server really needs a fixed IP address. It should not be a DHCP client, altho it is a highly manageable DHCP (and DNS) server. This functionality ships with the OS.

"As a company we use Windows networking normally."

Sorry.

"Regarding Timesyncing - well, given that there is only the one server for Netware and Groupwise, presumably this wouldn't be a problem? Or do I misunderstand?"

Nope, you understand just fine. Timesync only comes into play when there are multiple NetWare servers. When there's just one in the tree, the time can be anything he wants.

"Oh, and there only is the one Post Office."

Simple is good when testing.

"I did know that Netware and Groupwise had different passwords, although I'm not sure if they are synching. To be sure, I set the both to be the same (that highly secure 'password')."

They don't "synch", and when I'm testing I often use the exact same password. The NDS password is completely separate from the GroupWise password, altho GroupWise can be configured to not bother with its own password and use the NDS authentication instead.

"Regarding the POA security - I didn't even know that it had different security levels? How do I find out about those?"

Look in the Novell GroupWise Administration Guide to read up on the various modes. These are set in ConsoleOne in either the POA or Post Office properties (can't recall which one offhand, and I don't have a GroupWise-enabled ConsoleOne in front of me to check).

"Hmm, screenshots might make this easier."

Generally, when dealing with GroupWise, it is easier to use the GroupWise View portion of the ConsoleOne window. When you change the user's GroupWise password, where do you do that from? Do you browse to the user object in the tree and open the properties and go to the GroupWise tab, or do you access the account via the GroupWise view?
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
One thing to note, if you enable single sign-on, then the GroupWise password doesn't come into play; your NDS authentication handles both.  For that you need the NetWare client, AFAIK.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
"One thing to note, if you enable single sign-on, then the GroupWise password doesn't come into play; your NDS authentication handles both.  For that you need the NetWare client, AFAIK. "

I'm not so sure about that. As late as GroupWise v5.5, GroupWise used the WNetGetUser function in Windoze to determine who was logged onto the computer in order to select the proper GroupWise account. In Windoze 9x, this function was buggy and did not reliably return the proper information - which should be no surprise since "buggy" and "not reliable" are pretty much synonyms for "Micro$oft software".

Unless Novell has altered how this function works, simply logging into Windoze as the corresponding user name should work. However, there is an "NDS Authentication" mode for the Post Office that requires authentication to the Novell Client 32. Depends on if you turn that on or not.
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
I don't have GroupWise installed in my home tree, or I'd let you know exactly what I'm talking about, but there is an option, *besides* the insecure caching of Windoze login info, to allow GroupWise authentication automatically along with NDS authentication.  That's what I'm talking about - It's something like "single sign-on with NDS" or some such...

The "cached password" thing with native Windoze is not a secure option, and I would NEVER recommend it to anyone.  If you are not authenticating to NDS first, you should ALWAYS do SSL authentication to GroupWise, IMHO.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Yes, there is that option, which is part of the "NDS Authentication" in the High Security mode, I think. Its also a check-box option in the Environment tab under Tools - Options in the GroupWise Client.
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
Yeah -

The Windoze caching mode always made me feel ill, or itchy all over... uncomfortable at best... hehe.  I have too much of a foundation in high-security environments - mainframe, banking, insurance, etc. - to have *any* comfort level at all with the Windoze caching mode.  That's like trusting a fox with the care of your chickens...
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Caching mode in GroupWise is something completely different.

Caching Mode is a lot like Remote Mode. A subset of the GroupWise databases are created locally, and the client works against the local copy and then syncs periodically with the server.
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
I wasn't talking about Caching vs Online vs Remote.  I was talking about password caching...
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
I know, just didn't want anyone else reading it to get confused.
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
k. :-)  I should've specified "Windoze password caching mode" as opposed to simply "caching mode"
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
We're kinda getting away from the Question.

Andy, how are you managing the user accounts in ConsoleOne? Via the user object or using the GroupWise View?
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
Also, have you located where the security levels are set?  Like PsiCop said, it's probably in the PostOffice properties...
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
You should also, on the top pull-down menu options, check your GroupWise System settings to make sure user synch is on, and other such-like properties at the GroupWise domain level...
0
 
LVL 10

Expert Comment

by:DSPoole
Comment Utility
Verify the connection to the Post Office is Client/Server vs. Direct - this is done at the Post Office Agent config in ConsoleOne - you want it to be Client/Server Only - which means the GroupWise client has to connected via TCP/IP and allow the GroupWise agents do the work, instead of the GroupWise client connecting to the Post Office database via NCP (over TCP or IPX) and manipulating the database files like it would any file on a file server.

You want the agents to do the work to minimize potential database corruption - which could happen if you have too many Direct Connect clients with their hands in the database files.

also - GroupWise passwords are case-sensitive, just in case you were typing in one password in lowercase and the other in upper case.

0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
Whereas if using the NDS single sign-on method, it is not case-sensitive... ;)
0
 
LVL 2

Author Comment

by:Andy_Neodynium
Comment Utility
Hey guys,

Sorry, I was out of the office yesterday (had some leave and went and visited some neolithic stone circles).

Checked the POA security, it was exactly where you said, and it was set to LOW.

As for which view I'm using to access users, well, I haven't used one in particular. I think I've used them both.

Access mode is Client/Server only.

Yep, knew about the case sensitivity - and ALL passwords should be that way!

Made a discovery, though, which might be part of a clue. I went into the iManager tool, and took a dig around for anything that might not be working correctly. I found that the 'Replica Synchronisation' agent was having a problem. Could it be that the password changes, etc., that I've made are not being replicated to another place in the tree? Although, why this would be necessary I don't understand - after all, I have one tree, one server.

Screenshot:
http://www.neodynium.com/Novell/iManagerview.png
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Well, like you noted, you just have one tree on one server. This is NOT a replica synch problem because there's just one replica, the Master of [Root], and its on the server where GroupWise is located.

Do you have the same problem with both user accounts you've created?
0
 
LVL 2

Author Comment

by:Andy_Neodynium
Comment Utility
Not quite.

I try and login as 'admin' and it tells me that the password is wrong. I try logging in as 'Andy' and tells me that that user does not exist. I've now created a third user, but it too does not exist, apparently.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
OK, looking at the MTA screen, is the Post Office connection open?

I am thinking that there is a configuration problem and the logical link between the MTA (which hadles admin tasks such as password changes and user add/delete) and the POA (to which you are trying to login) is down. That would explain your problem.
0
 
LVL 2

Author Comment

by:Andy_Neodynium
Comment Utility
Okay, at Server Console, MTA screen:

Status        Total     Closed
Domains        1            0
Post Offices   1             1
Gateways      0             0

If I open 'Options' - 'Configuration Status' - 'Test-PO' - 'Details'  then I get a window of the details for my post office. It reads:

Current status: Closed
Last closed: 11-11-03 13:56:08
Last Opened: 11-11-03 13:56:03
Last closure reason: Link or Transport down


I don't know how to bring the link or transport up! I tried just restarting the MTA service - the post office was open then for about 5 seconds, and closed.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Aha! OK, this is probably the source of the problem. Since the link is down, the PO doesn't know about the changes. The PO and the MTA have to talk.

You need to review your POA and MTA settings, especially those that relate to connectivity. Try posting the info here or getting some screen shots for us to view. There's lotsa places there could be a problem. I assume you set everything for TCP/IP links, not UNC paths. When you installed, did you accept default ports for the agents?
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
If the PO and MTA reside on the same server, I thought it was recommended to use the UNC path method to connect them.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
I tend to stick with TCP/IP because it makes clustering a lot easier, but yeah, using UNC when everything is on the same box is fine. I'm kinda the TCP/IP bigot in this.
0
 
LVL 2

Author Comment

by:Andy_Neodynium
Comment Utility
Hi again,

Okay, screen shots for the POA and MTA in ConsoleOne are at :

http://www.neodynium.com/Novell/

I just grabbed the screen for each page of their settings.

During install I used default ports for everything, and I think I used the UNC paths - that was what was recommended in the installation guide, right?
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
It looks like you're configured for TCP/IP connections between the POA and MTA. Everything looks kosher, you're not using SSL. What happens if you go to the MTA and manually try to open the connection to the POA?
0
 
LVL 2

Author Comment

by:Andy_Neodynium
Comment Utility
Erm, how do I do that then? I went to the MTA screen in the server console, and told it to restart. It changed the post office to open for about 5 seconds, and then closed itself.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
On the MTA screen, press F10. Select Configuration Status, then select the PO. Once you select the PO, you have 3 options: Details, Resume, Suspend. Select Resume to manually try to open the link.

If that fails, select Details to see why.
0
 
LVL 2

Author Comment

by:Andy_Neodynium
Comment Utility
Okay, tried Resume, and it asked me to confirm. I did. Nothing appeared to happen. I went to details.

Current status : Closed
Last Closure Reason : Link or Transport down

0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Hmmm...OK, all I can think of is some sort of IP misconfiguration. Your server's IP address is 192.168.1.198, right? You don't have anything like BorderManager running on this box, do you?

0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
Can you do screen shots of your domain's properties?  That's where the link configuration is, and that's what's broken here...
0
 
LVL 10

Expert Comment

by:DSPoole
Comment Utility
If the MTA and the POA are on the same server, UNC is going to happen regardless of what you do.  But if the MTA and POA are on separate servers (or you want to communicate to other GroupWise domains/post offices) then TCP/IP is the way to go.

0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
The domain should still show a link, shouldn't it?
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Yes, it should. I'm kinda perplexed by this.
0
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
That's why I want to see the domain's properties...  especially the link configuration.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
I was thinking about this over the weekend - you said you restarted the MTA and it didn't appear to do anything.

Did you hit the "F6" button to restart it, or did you exit the MTA and then reload it?

I recall from GroupWise class that sometimes the agents will not re-read their config when you hit Restart. Instead, you should unload and re-load the agents.
0
 
LVL 2

Author Comment

by:Andy_Neodynium
Comment Utility
Sorry about the delay - we've borrowed a box from our customer, so I'm developing now and don't have much time to try and debug this problem - though I'd like to, as I expect we'll see more groupwise work. Of course, now I'm behind trying to catch up, therefore it's also a good idea to send me to a site for 3 days...

Right, I restarted the MTA using "F6", but I have restarted the entire server a couple of times. How do I unload and reload just one module?

As for the domain properties screenshot - um, which screen is that? Is it in consoleOne or on the server console. Come to that, I don't actually know how to get a screenshot on the server. Hmm.

I don't know if bordermanager is running - certainly I didn't pick it out as something I wanted to install or run, but that's not to say that I didn't.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
To unload and reload the MTA, follow this procedure (unlike Windoze, you can generally unload and reload OS modules at will; you can even unload ones used re-entrantly if they have been loaded into different address spaces):

1) At the MTA screen, press F7
2) Answer "Yes" at the confirmation screen
3) The MTA now unloads. Should take less than 1 minute. You are returned to the NetWare console prompt
4) Reload the MTA by typing --> LOAD GWMTA @<domainnamehere>.MTA

For example, if you had named the GroupWise Domain where the MTA resides as "FIRST", then your load line would look like this --> LOAD GWMTA @FIRST.MTA

You can also see the proper syntax by viewing the file GRPWISE.NCF. Use the command --> EDIT GRPWISE.NCF

.NCF files are roughly equivalent to the DOS .BAT files - a list of commands to be executed in sequence when the .NCF (short for NetWare Control File) is called.
0
 
LVL 34

Accepted Solution

by:
PsiCop earned 500 total points
Comment Utility
Hello?
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
In this article, I will show you HOW TO: Create your first Windows Virtual Machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, the Windows OS we will install is Windows Server 2016.
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now